viewtopic.php?f=11&t=58703.
That PC(1) while infected passed all Antivirus cans with a trace of infection. After it was diagnosed here on Mlawareremoval.com, that box was reformatted and had Win XPpro reinstalled as recommended. A few days later we had a call from our bank and yes, our account was hacked and a new admin was added, new payees were added and payments set up to go out. Lots of them! Lucily we stopped it, thanks to your help! An impressive hack as that accont had two sets of 8 digits strong passwords where 3 random digits are chosen for access. 3 failed attempts before account is locked.
Anyway I need somemore information about that PC please. Can somepne please help me and tell me what entries refer to the rootkit and anything more about what can see from the DDS logs from that PC? I am working with Bank fraud IT foresenics team, but I do not have information to give them.
Another problem the PC above was on same network 2 other PCs.
Hi DDS Logs posted now are from another PC(2) (WIN7 ULT) on same Network and Workgroup as the compromised PC which had been compromised.
It runs clean on McAffee, Malwarebytes, awrMBR, Kasperspy TDSSKiller,
Here are the DDS LOGS from PC2. One states warning possible TDL3 Rootkit infection!
------------------------------------------------------------.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Medion at 22:56:15 on 2012-01-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3067.1458 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VoipCheapCom\voipcheapcom.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iobit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k HPHNDUService
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Medion\Desktop\BLEEDING\aswMBR.exe
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Users\Medion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.co.uk/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111220230225.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.9\iobitToolbarIE.dll
TB: The Pirate Bay Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b313} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [VoipCheapCom] "c:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized
uRun: [cdloader] "c:\users\medion\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\users\medion\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [784F1CD9974C91F5E55E6EF9914DD61C9F719E3A._service_run] "c:\users\medion\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [AuctionSentry] c:\program files\auction sentry 4\AuctionSentry.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\medion\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\medion\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} - hxxp://appserver.dca.broadvoice.com/com ... utlook.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 0573484478
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisco.webex.com/client/T27L10NS ... atgpc1.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A195CFF-53BE-4AC6-A6E6-A08D812FE459} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{48545A51-F61D-4502-A47A-AE3F806F20B8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{48545A51-F61D-4502-A47A-AE3F806F20B8}\75C414E4144435C4 : DhcpNameServer = 154.15.207.130 154.15.207.134
TCP: Interfaces\{48545A51-F61D-4502-A47A-AE3F806F20B8}\C696E6B6379737 : DhcpNameServer = 208.94.80.254 208.94.81.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-20 165680]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-11 15672]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-12-20 64880]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2009-5-29 13312]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-20 57600]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2011-7-23 42592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-12 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-20 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-20 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-20 338176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-1-28 66664]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2009-5-29 1363088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\drivers\ECS_Loader_220.sys [2005-10-31 15616]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-1-10 18768]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-30 39272]
S3 hugoio;hugoio;c:\windows\system32\drivers\hugoio.sys [2011-4-9 9760]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-20 87656]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-1-12 18432]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2006-11-3 92160]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2006-11-3 92160]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-23 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-1-10 19792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
.
=============== Created Last 30 ================
.
2012-01-12 16:59:48 -------- d-----w- c:\users\medion\appdata\roaming\Malwarebytes
2012-01-12 16:59:31 -------- d-----w- c:\programdata\Malwarebytes
2012-01-12 16:59:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 16:59:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 16:55:32 -------- d-----w- c:\windows\MATS
2012-01-12 16:55:32 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-01-12 16:53:02 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2012-01-12 14:58:44 -------- d-----w- c:\users\medion\appdata\roaming\OfficeRecovery
2012-01-12 14:37:50 -------- d-----w- c:\users\medion\appdata\local\{8ABEDF69-65AC-4373-948F-E8D2AB5D28FE}
2012-01-12 14:36:52 -------- d-----w- c:\users\medion\appdata\local\{589A3744-5A90-4BD7-8BF6-5AD795FA007A}
2012-01-12 13:25:15 -------- d-----w- c:\program files\common files\SWF Studio
2012-01-12 13:08:23 -------- d-----w- c:\users\medion\appdata\local\{1331E6B4-1D5F-4F45-8261-85BDD933A61C}
2012-01-12 01:26:11 -------- d-----w- c:\users\medion\appdata\local\{005DDE0A-4B60-41DC-8FD5-18A8341542AE}
2012-01-11 14:15:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-11 13:24:48 -------- d-----w- c:\users\medion\appdata\local\{6DBA7396-3234-499E-95A6-BE29F743A5E3}
2012-01-11 13:24:16 -------- d-----w- c:\users\medion\appdata\local\{C8B7C4E9-4E08-4DBD-BF1A-F3DC18E706D7}
2012-01-10 01:10:05 -------- d-----w- c:\program files\IObit Toolbar
2012-01-10 01:10:05 -------- d-----w- c:\program files\common files\Spigot
2012-01-10 01:10:05 -------- d-----w- c:\program files\Application Updater
2012-01-10 00:59:17 -------- d-----w- c:\users\medion\appdata\local\{72F1AB8B-4D17-4391-A6A3-41275DAEB30C}
2012-01-10 00:58:30 -------- d-----w- c:\users\medion\appdata\local\{1FD0DD62-D992-4BDD-B85B-E158DE2AB76E}
2012-01-09 21:54:55 -------- d-----w- c:\users\medion\appdata\roaming\HpUpdate
2012-01-09 21:54:50 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-28 14:23:49 -------- d-----w- c:\users\medion\appdata\local\{3C0D776D-047B-42F5-9D4A-CAA41AD29AD0}
2011-12-28 14:23:38 -------- d-----w- c:\users\medion\appdata\local\{EE4BDD4A-002C-4E17-9111-FF4A875C8295}
2011-12-28 02:23:23 -------- d-----w- c:\users\medion\appdata\local\{B271C9EA-F180-461F-868E-8D0033AFA5B6}
2011-12-28 02:23:12 -------- d-----w- c:\users\medion\appdata\local\{E6FB7199-0016-4EDA-AB6A-2E8AB932F480}
2011-12-27 14:22:57 -------- d-----w- c:\users\medion\appdata\local\{6A462480-2BF1-46DC-B374-AEC04356B31C}
2011-12-27 14:22:45 -------- d-----w- c:\users\medion\appdata\local\{7F72A6B5-9E06-4F38-8D3A-CF285408A756}
2011-12-27 02:22:31 -------- d-----w- c:\users\medion\appdata\local\{A60BC8B6-D183-4336-8048-33AD6BCF3738}
2011-12-27 02:22:19 -------- d-----w- c:\users\medion\appdata\local\{4BBA21AA-D165-43CE-B817-E24061BC04F6}
2011-12-26 14:22:04 -------- d-----w- c:\users\medion\appdata\local\{4EF95EA5-885E-412F-939B-0AAF7C308A30}
2011-12-26 14:21:52 -------- d-----w- c:\users\medion\appdata\local\{77765E9D-C40A-4321-981B-5F46E3CA4B4E}
2011-12-26 02:21:37 -------- d-----w- c:\users\medion\appdata\local\{B4DBC98F-E8F5-4341-9A89-D039B0A71C94}
2011-12-26 02:21:25 -------- d-----w- c:\users\medion\appdata\local\{3FFB65C5-EB14-4098-BF30-86C0700CA6F0}
2011-12-25 14:21:11 -------- d-----w- c:\users\medion\appdata\local\{A011A275-9E3A-4CEA-A82E-8002D975A1D4}
2011-12-25 14:20:59 -------- d-----w- c:\users\medion\appdata\local\{22F78A15-F9D5-4959-BFA0-06929B212A81}
2011-12-25 02:20:45 -------- d-----w- c:\users\medion\appdata\local\{97CB25C5-47A9-4699-931F-6636636EB0E3}
2011-12-25 02:20:33 -------- d-----w- c:\users\medion\appdata\local\{F49D0641-46E2-4E98-A049-8918398DEA6C}
2011-12-24 14:20:20 -------- d-----w- c:\users\medion\appdata\local\{151C5983-CE04-4DBA-94FB-A9530D36D2DB}
2011-12-24 14:20:09 -------- d-----w- c:\users\medion\appdata\local\{141AF401-06CE-4693-93FF-B517B34D7768}
2011-12-24 02:19:56 -------- d-----w- c:\users\medion\appdata\local\{BBAED728-C89A-4A36-94C3-3D45A8314B93}
2011-12-24 02:19:45 -------- d-----w- c:\users\medion\appdata\local\{439FA60A-A26B-4BC5-982C-B997DB65BDB4}
2011-12-23 14:19:30 -------- d-----w- c:\users\medion\appdata\local\{61C38024-1136-4DEA-9B5B-DD6F8FD52AFA}
2011-12-23 14:19:16 -------- d-----w- c:\users\medion\appdata\local\{8B030EB8-F5AC-4A3B-ACBA-534BA66E4B31}
2011-12-23 02:19:02 -------- d-----w- c:\users\medion\appdata\local\{B26D2ADF-B614-4EF1-9EED-13AE6637E78D}
2011-12-23 02:18:50 -------- d-----w- c:\users\medion\appdata\local\{1F0D8981-8702-4960-8B2B-C8B847BE09F7}
2011-12-22 14:18:34 -------- d-----w- c:\users\medion\appdata\local\{4B3ED264-86D7-4E7E-953D-6DFEF64BCE9B}
2011-12-22 14:18:22 -------- d-----w- c:\users\medion\appdata\local\{4A4E602F-C8AE-4A49-B9F5-69546EC222C2}
2011-12-22 02:18:05 -------- d-----w- c:\users\medion\appdata\local\{103DC480-3F91-439C-8CAE-7A2333B63F10}
2011-12-22 02:17:53 -------- d-----w- c:\users\medion\appdata\local\{00D48A2B-2143-44D7-97F7-4B918A41FDF5}
2011-12-21 14:17:27 -------- d-----w- c:\users\medion\appdata\local\{662233D5-EF79-4942-A622-F402B918D930}
2011-12-21 14:17:16 -------- d-----w- c:\users\medion\appdata\local\{D2AE6C51-7A14-4C15-9958-DEC7CA769C70}
2011-12-21 02:16:58 -------- d-----w- c:\users\medion\appdata\local\{C1CF4FC4-A06B-4B03-9831-42CE50D8BEBF}
2011-12-21 02:16:47 -------- d-----w- c:\users\medion\appdata\local\{C8FB0B19-6F2A-42D8-8F75-2748FC50E898}
2011-12-20 18:05:09 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-20 18:03:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-20 18:03:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-20 18:03:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-20 18:03:15 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-20 18:03:15 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-20 18:03:15 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-20 18:03:15 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-20 18:03:02 -------- d-----w- c:\program files\common files\Mcafee
2011-12-20 18:03:01 -------- d-----w- c:\program files\McAfee.com
2011-12-20 18:01:41 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-20 14:16:16 -------- d-----w- c:\users\medion\appdata\local\{7F4C3420-1D73-4897-B21D-C28930719E8C}
2011-12-20 14:16:04 -------- d-----w- c:\users\medion\appdata\local\{918E6C63-64ED-4947-B428-F517F7BDA447}
2011-12-20 02:15:47 -------- d-----w- c:\users\medion\appdata\local\{21DA5029-DA81-48E3-8DE3-B2EA1768107D}
2011-12-20 02:15:35 -------- d-----w- c:\users\medion\appdata\local\{7AE958BC-EEC4-45E5-BF46-7C0B1C480004}
2011-12-19 14:15:19 -------- d-----w- c:\users\medion\appdata\local\{84A8D585-0346-4F28-B469-7014D9CDB188}
2011-12-19 14:15:08 -------- d-----w- c:\users\medion\appdata\local\{77D75C52-51BC-4D28-A0F2-1D2A582D6F01}
2011-12-19 02:14:52 -------- d-----w- c:\users\medion\appdata\local\{D971AC74-53CF-4294-A398-D24BFF2C8E21}
2011-12-19 02:14:41 -------- d-----w- c:\users\medion\appdata\local\{6C9D3B99-0F10-4759-8EBC-19133C6459C9}
2011-12-18 14:14:28 -------- d-----w- c:\users\medion\appdata\local\{9B6715CE-193A-49A5-80C2-7F26B50B0519}
2011-12-18 14:14:17 -------- d-----w- c:\users\medion\appdata\local\{67F87DBD-252B-4432-8797-560CE5A9CBDA}
2011-12-18 02:14:01 -------- d-----w- c:\users\medion\appdata\local\{AF5220E9-EEFF-4063-A0FD-9C1DFE73659F}
2011-12-18 02:13:50 -------- d-----w- c:\users\medion\appdata\local\{0A2F5991-E2F8-4383-8D87-6D7365B7CA59}
2011-12-17 14:13:35 -------- d-----w- c:\users\medion\appdata\local\{037B11D1-C09B-47D6-9EF6-BCCAEA15D8C4}
2011-12-17 14:13:23 -------- d-----w- c:\users\medion\appdata\local\{9C58B9AD-DFA7-42F5-9276-F129BC031B63}
2011-12-17 02:13:06 -------- d-----w- c:\users\medion\appdata\local\{1FD8170A-4148-4EFF-9538-27D903CC5949}
2011-12-17 02:12:54 -------- d-----w- c:\users\medion\appdata\local\{168DDC1F-97BC-4105-816C-183886C808CC}
2011-12-16 14:12:34 -------- d-----w- c:\users\medion\appdata\local\{075DE090-AC9B-405F-A0F6-68C176C353F6}
2011-12-16 14:12:22 -------- d-----w- c:\users\medion\appdata\local\{A50F7B8D-D53B-4BD1-A4E6-969DB0D04D39}
2011-12-16 02:12:04 -------- d-----w- c:\users\medion\appdata\local\{E30E6471-24EF-4486-B4A6-16D6FE5837D3}
2011-12-16 02:11:52 -------- d-----w- c:\users\medion\appdata\local\{B905B699-9866-41F9-A156-D9F9FF25F9D3}
2011-12-15 21:16:17 -------- d-----w- c:\program files\QuickenUK
2011-12-15 14:11:36 -------- d-----w- c:\users\medion\appdata\local\{3B1C5FB6-3672-4D48-AE39-7A24F258AF76}
2011-12-15 14:11:25 -------- d-----w- c:\users\medion\appdata\local\{57D3D41B-49D8-4FB2-9615-A35CF7667467}
2011-12-15 12:46:05 4199768 ----a-w- c:\windows\system32\cdintf400.dll
2011-12-15 09:58:51 -------- d-----w- c:\users\medion\appdata\local\IsolatedStorage
2011-12-15 09:58:28 -------- d-----w- c:\program files\TurboTax
2011-12-15 02:11:10 -------- d-----w- c:\users\medion\appdata\local\{7C6044B2-8AC1-4A2F-ACCD-A7434AB16110}
2011-12-15 02:10:59 -------- d-----w- c:\users\medion\appdata\local\{372842E4-368F-40E4-84DF-91E5075DABAB}
2011-12-15 00:01:07 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:00:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 00:00:21 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:00:19 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:00:16 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:00:15 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 22:48:17 306 ----a-w- c:\windows\myClean.bat
2011-12-14 22:37:12 -------- d-----w- c:\program files\iPod
2011-12-14 22:37:09 -------- d-----w- c:\program files\iTunes
2011-12-14 21:01:23 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2011-12-14 21:01:23 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2011-12-14 20:53:12 -------- d-----w- c:\users\medion\appdata\roaming\McAfee
2011-12-14 20:50:07 -------- d-----w- c:\program files\McAfee
2011-12-14 14:10:45 -------- d-----w- c:\users\medion\appdata\local\{79C034D6-B134-47AC-81F2-26687CF68F40}
2011-12-14 14:10:34 -------- d-----w- c:\users\medion\appdata\local\{18DEDA00-65CB-426D-9326-CD595233F63C}
2011-12-14 02:10:20 -------- d-----w- c:\users\medion\appdata\local\{F1BBC2DE-0DEC-41E5-AD75-07FEDAA1758D}
2011-12-14 02:10:10 -------- d-----w- c:\users\medion\appdata\local\{AC6A1AA9-7B80-4642-9A5D-B8D9B2BC48D4}
.
==================== Find3M ====================
.
2011-11-21 14:02:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 13:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-19 22:15:50 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-15 13:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 13:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2005-07-25 06:41:49 110657 ----a-w- c:\program files\common files\UninstallDrv.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_HM320JI rev.2SS00_01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83850000]<< >>UNKNOWN [0x8D2B9000]<< >>UNKNOWN [0x8D2A8000]<< >>UNKNOWN [0x8CBB1000]<< >>UNKNOWN [0x83819000]<< >>UNKNOWN [0x8CAD3000]<< >>UNKNOWN [0x8CADA000]<< >>UNKNOWN [0x8CBA8000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x8387EFAE] -> \Device\Harddisk0\DR0[0x870B03B8]
\Driver\Disk[0x870AF030] -> IRP_MJ_CREATE -> 0x8D2BD39F
3 [0x8D2BD59E] -> nt!IofCallDriver[0x8387EFAE] -> \Device\Ide\IdeDeviceP0T0L0-0[0x86BD8030]
\Driver\atapi[0x86BD6D28] -> IRP_MJ_CREATE -> 0x8CBCB8CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; MOV DI, 0x600; MOV CX, 0x100; CLD ; REP MOVSW ; JMP FAR 0x60:0x1b; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !.
============= FINISH: 22:59:28.75 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 14/11/2009 04:48:32
System Uptime: 12/01/2012 20:36:20 (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | Q210
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 41.774 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 129.281 GiB free.
E: is CDROM (CDFS)
F: is FIXED (FAT32) - 98 GiB total, 91.835 GiB free.
G: is FIXED (FAT32) - 98 GiB total, 72.933 GiB free.
H: is FIXED (NTFS) - 173 GiB total, 0.008 GiB free.
I: is FIXED (FAT32) - 98 GiB total, 65.918 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&4B6D97C&0&00E0
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&4B6D97C&0&00E0
Service: athr
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP456: 01/12/2011 00:00:05 - Windows Update
RP457: 04/12/2011 19:00:32 - Windows Backup
RP458: 11/12/2011 19:00:44 - Windows Backup
RP459: 12/12/2011 16:35:55 - Removed HP Update
RP460: 12/12/2011 16:57:33 - Windows Update
RP461: 15/12/2011 09:59:16 - Installed TurboTax 2010 wrapper
RP462: 18/12/2011 19:00:47 - Windows Backup
RP464: 20/12/2011 16:15:38 - Windows Defender Checkpoint
RP465: 25/12/2011 19:00:54 - Windows Backup
RP466: 28/12/2011 14:35:25 - Installed Auction Sentry
RP467: 01/01/2012 19:00:29 - Windows Backup
RP468: 08/01/2012 19:00:51 - Windows Backup
RP469: 10/01/2012 00:31:31 - Windows Update
RP470: 10/01/2012 00:48:32 - Windows Update
RP472: 11/01/2012 14:04:11 - IObit Uninstaller restore point
RP473: 11/01/2012 14:28:22 - Windows Update
RP474: 12/01/2012 13:44:53 - Restore Operation
RP475: 12/01/2012 14:57:04 - Removed FreeUndelete
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acronis Disk Director 11 Home
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.4
Advanced SystemCare 5
Agere Systems HDA Modem
Amazon MP3 Downloader 1.0.9
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
Auction Sentry
Basic PAYE Tools
BBC iPlayer Desktop
BELKIN F5U109
Bonjour
BufferChm
Bullzip PDF Printer 7.1.0.1218
CCleaner
CDCheck
CDDRV_Installer
CyberLink DVD Suite
CyberLink Power2Go
D3DX10
Dell Mobile Broadband Card Utility
Destinations
DeviceDiscovery
DocMgr
DocProc
Dropbox
DVB-T USB 2.0
DYMO Label Software
e-Saver 1.0
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
erLT
Fax
ffdshow
Free HD Converter V 2.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
GPL Ghostscript Lite 8.70
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
imagine digital freedom - Samsung
IObit Malware Fighter
IObit Toolbar v4.9
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
KhalInstallWrapper
LabelPrint
LibUSB-Win32-0.1.12.2
LightScribe Applications
LightScribe System Software
LightScribe Template Labeler
Logitech SetPoint
magicJack
magicJack Outlook Add-In 1.0.3.521
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SOAP Toolkit 2.0 SP2
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
Palm Desktop
Play AVStation
Play Camera
PowerDirector
PowerDVD
PowerProducer
Quicken 2004
Quicken 2011
QuickTime
RapidShare Manager
Rapport
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Satellite Antenna Alignment v2.80.0
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shop for HP Supplies
Smart Defrag 2
SmartWebPrinting
SolutionCenter
Status
SureThing CD Labeler Deluxe Trial
Synaptics Pointing Device Driver
Toolbox
TouchCopy 11
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
USB2.0 UVC 1.3M WebCam
USB2.0 UVC WebCam
User Guide
Visual C++ 8.0 x86 Runtime Setup Package
VoipCheapCom
WebEx
WebReg
WIDCOMM Bluetooth Software 6.0.1.6300
WiFi Engine
Win7codecs
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
WinRAR archiver
X-Lite 2.0 release 1105x
.
==== Event Viewer Messages From Past Week ========
.
12/01/2012 22:52:21, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/01/2012 22:52:21, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 22:52:21, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 22:52:21, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 22:52:21, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 22:52:21, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 20:40:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
12/01/2012 20:40:04, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/01/2012 20:38:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/01/2012 20:37:01, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82094efc, 0x80dbeb30, 0x80dbe710). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011212-34991-01.
12/01/2012 14:37:32, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
12/01/2012 14:37:32, Error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/01/2012 14:37:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
12/01/2012 14:34:35, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/01/2012 14:28:53, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
12/01/2012 14:08:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/01/2012 14:08:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
12/01/2012 14:08:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
12/01/2012 14:07:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
12/01/2012 14:07:22, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
12/01/2012 14:06:22, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:06:22, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/01/2012 14:04:17, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
12/01/2012 13:17:38, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a03.
11/01/2012 20:44:26, Error: Service Control Manager [7030] - The EVFPUYDSK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/01/2012 20:07:33, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/01/2012 14:35:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000010d (0x0000000d, 0x8a93e500, 0x8adae368, 0x8a93cdd8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011112-32354-01.
11/01/2012 14:33:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: DYMO - printer - DYMO LabelWriter DUO Tape.
11/01/2012 13:18:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x95c75efc, 0x80dc2b30, 0x80dc2710). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011112-34741-01.
10/01/2012 01:35:34, Error: Service Control Manager [7030] - The YNEZZYWKD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/01/2012 01:31:23, Error: Service Control Manager [7030] - The UJP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/01/2012 01:30:01, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/01/2012 00:53:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x9548aefc, 0x80dbeb30, 0x80dbe710). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011012-84630-01.
10/01/2012 00:51:11, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
10/01/2012 00:49:28, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f024b: DYMO - printer - DYMO LabelWriter DUO Tape.
10/01/2012 00:33:39, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070012: DYMO - printer - DYMO LabelWriter DUO Label.
10/01/2012 00:20:24, Error: Service Control Manager [7030] - The XRQIXPCMMCS service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/01/2012 00:19:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QFNPWBKEOJ service to connect.
10/01/2012 00:19:41, Error: Service Control Manager [7000] - The QFNPWBKEOJ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/01/2012 00:19:11, Error: Service Control Manager [7030] - The QFNPWBKEOJ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/01/2012 00:18:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DIEMXLE service to connect.
10/01/2012 00:18:54, Error: Service Control Manager [7000] - The DIEMXLE service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/01/2012 00:18:24, Error: Service Control Manager [7030] - The DIEMXLE service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================