Jump to content


Photo
- - - - -

I think I'm infected again...


  • This topic is locked This topic is locked
5 replies to this topic

#1 tlheyman

tlheyman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 24 February 2012 - 02:01 PM

My PC has been giving me trouble again all this week. It's freezing up on me constantly and I wasn't even able to run a simple Malwarebytes quick scan without it freezing partway through. Here are my logs...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Tracy at 13:54:00 on 2012-02-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6084 [GMT -5:00]
.
AV: Sophos Anti-Virus *Disabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Backblaze\bzbui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Backblaze\bzfilelist.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavMain.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\TEMP\sophos_autoupdate1.dir\alupdate.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F78A3A08-EC59-452C-93A9-F7239DBC2CB8} : DhcpNameServer = 68.87.75.198 68.87.64.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
AppInit_DLLs-X64: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tracy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2011-8-30 211240]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-23 652360]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664]
S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-02-24 14:10:50 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F387DAF-6A4D-4883-A618-8F67BF8C67CE}\mpengine.dll
2012-02-20 03:40:26 -------- d-----w- C:\Program Files\Common Files\Intuit
2012-02-19 20:59:39 -------- d-----w- C:\Users\Tracy\AppData\Local\Intuit
2012-02-19 20:56:26 -------- d-----w- C:\ProgramData\Nuance
2012-02-19 20:56:26 -------- d-----w- C:\ProgramData\Intuit
2012-02-19 20:56:26 -------- d-----w- C:\Program Files (x86)\Intuit
2012-02-19 20:56:26 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-02-19 20:56:10 -------- d-----w- C:\ProgramData\SQL Anywhere 11
2012-02-19 20:56:10 -------- d-----w- C:\ProgramData\COMMON FILES
2012-02-19 20:16:01 -------- d-----w- C:\Windows\Intuit
2012-02-15 08:01:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 08:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-14 18:57:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 18:57:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 18:57:37 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 18:57:37 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 18:57:35 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 18:57:34 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 18:57:30 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 18:57:30 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-11 16:14:05 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-10 21:28:02 -------- d-----w- C:\Windows\SysWow64\syncdb
2012-02-10 21:14:48 -------- d-----w- C:\ComboFix
2012-02-10 20:47:46 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-10 20:06:21 208896 ----a-w- C:\Windows\MBR.exe
2012-02-10 20:06:20 256000 ----a-w- C:\Windows\PEV.exe
2012-02-10 20:06:19 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-10 20:06:18 98816 ----a-w- C:\Windows\sed.exe
2012-02-10 19:48:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-10 03:56:08 -------- d-----w- C:\Users\Tracy\Print Labs
2012-02-10 02:52:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys
2012-02-10 02:52:13 142328 ----a-w- C:\Windows\System32\drivers\savonaccess.sys
2012-02-07 19:42:51 -------- d-----w- C:\Program Files\iPod
2012-02-07 19:42:50 -------- d-----w- C:\Program Files\iTunes
2012-02-07 19:42:50 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-31 08:25:20 -------- d-----w- C:\found.000
.
==================== Find3M ====================
.
2012-02-19 21:33:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-16 16:02:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 13:55:49.49 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/1/2009 10:09:40 PM
System Uptime: 2/24/2012 1:46:00 PM (0 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom™ II X4 910 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 408.379 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.231 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP351: 2/15/2012 3:00:24 AM - Windows Update
RP352: 2/16/2012 11:01:47 AM - Installed Java™ 6 Update 31
RP353: 2/20/2012 3:00:17 AM - Windows Update
RP354: 2/21/2012 3:00:32 AM - Windows Update
RP355: 2/24/2012 9:09:40 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ACDSee Photo Manager 2009
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Extension Manager CS5
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
AirPort
Amazon MP3 Downloader 1.0.9
AMD USB Filter Driver
Apple Application Support
Apple Software Update
AVS Image Converter 1.3.2.141
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Backblaze
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Eye-One Match 3.6.2
eZsuite
Facebook Plug-In
FileZilla Client 3.5.3
Google Chrome
Google SketchUp 7.1
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HydraVision
i1_driver_installer_utility_i1Match version 1.0
iPhone Backup Extractor
Java Auto Updater
Java™ 6 Update 31
LabelPrint
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Live Search Toolbar
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PDF Settings CS5
Photodex Presenter
PictureMover
Power2Go
PowerDirector
PowerRecover
QuickBooks
QuickBooks Pro 2012
QuickTime
RAIDXpert
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
Sophos Anti-Virus
Sophos AutoUpdate
StudioCloud 3.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
2/24/2012 8:30:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
2/24/2012 8:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
2/24/2012 8:29:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
2/24/2012 1:47:47 PM, Error: Service Control Manager [7000] - The PDIHWCTL service failed to start due to the following error: The system cannot find the file specified.
2/24/2012 1:47:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
2/24/2012 1:47:14 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/24/2012 1:30:08 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again
2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "Volume2\ProgramData\Backblaze\bzdata\bzfilelists\completefilelist.dat.future" by process bzfilelist.exe .
2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "aze\bzdata\bzfilelists\v000b000e2a408911fc0332c0417_c____filelist.dat.future" by process bzfilelist.exe .
2/24/2012 1:30:04 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\SysWOW64\NapaSet.txt" by process RAIDXpert.exe .
2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "iskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\filestats.xml.future.tmp" by process bzfilelist.exe .
2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "ddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\topdirs.xml.future.tmp" by process bzfilelist.exe .
2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "arddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\filestats.xml.future" by process bzfilelist.exe .
2/24/2012 1:30:00 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\HarddiskVolume2\ProgramData\Backblaze\bzdata\bzfilelists\topdirs.xml.future" by process bzfilelist.exe .
2/24/2012 1:17:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/24/2012 1:17:37 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/23/2012 9:59:08 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf29ee13339b5] did not complete in time: file was not scanned.
2/23/2012 9:59:03 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf29ede0daafa]) filename continues: "...efox\Profiles\stcifpvd.default\Cache\0\2A\B5101d01"
2/23/2012 9:59:03 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Users\Tracy\AppData\Local\Mozilla\Fir ..." of process firefox.exe, start check timestamp [ 1ccf29ede0daafa] did not complete in time: file was not scanned.
2/23/2012 9:57:49 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\mf.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf29eb1f13681] did not complete in time: file was not scanned.
2/23/2012 9:57:44 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\wuapp.exe ..." of process mbamservice.ex, start check timestamp [ 1ccf29eaf5f375e] did not complete in time: file was not scanned.
2/23/2012 9:57:44 PM, Error: SAVOnAccess [81] - The on-access scan of file "\Device\HarddiskVolume2\Windows\SysWOW64\samlib.dll ..." of process mbamservice.ex, start check timestamp [ 1ccf29eaf42d554] did not complete in time: file was not scanned.
2/23/2012 9:42:50 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
2/23/2012 9:11:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
2/23/2012 9:00:56 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process SearchFilterHo.
2/23/2012 9:00:56 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "diskVolume2\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm" by process svchost.exe .
2/23/2012 9:00:56 PM, Error: SAVOnAccess [566] - Communication error between on-access driver and service for a modification of file "\Device\HarddiskVolume2\Windows\Prefetch\AgCx_SC1.db" by process svchost.exe .
2/23/2012 9:00:55 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process SearchProtocol.
2/23/2012 8:59:58 PM, Error: SAVOnAccess [567] - Communication error between on-access driver and service for deletion of process mbam.exe.
2/23/2012 8:59:56 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [unt {7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Znyjnerolgrf' Nagv-Znyjner\zonz.rkr] by process explorer.exe.
2/23/2012 8:59:54 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [arameters\Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} DhcpDefaultGateway] by process svchost.exe.
2/23/2012 11:43:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Videos\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed441a2e3]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Pictures\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed4465de4]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Music\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44154c1]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Libraries\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44e9b63]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aed44154c1]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1ccf2aeb07b3eb9]).
2/23/2012 11:43:18 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [Nla\Cache\Intranet\hsd1.pa.comcast.net. {8AFC352A-3B53-4A5B-9257-7B0134F9DEEB}] by process svchost.exe.
2/23/2012 11:43:18 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [CPIP6\Parameters\Interfaces\{e2cd7987-a9c0-4b3c-a9f8-9e14be2152a5} Dhcpv6State] by process svchost.exe.
2/23/2012 11:42:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ccf2a17cee4349]).
2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SYSTEM32\sechost.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17cf59664]).
2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\rpcss.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d13a625]).
2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\IMM32.DLL]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d11aa4e]).
2/23/2012 10:07:48 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\CRYPTBASE.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process WSCClient.exe, (start check timestamp [ 1ccf2a17d15c90d]).
2/23/2012 10:07:45 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\mf.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a17a874c68]).
2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...Mozilla\Firefox\Profiles\stcifpvd.default\Cache\B\97\B0A5Dd01]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process firefox.exe, (start check timestamp [ 1ccf2a043ae7366]).
2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\wuapp.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a014ffffcb]).
2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a046d40222]).
2/23/2012 10:07:44 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\mf.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbamservice.ex, (start check timestamp [ 1ccf2a0179ad8ae]).
2/23/2012 10:07:44 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point.
2/23/2012 10:05:09 PM, Error: SAVOnAccess [82] - Scan failure (start check timestamp [ 1ccf29fb898eddd]) filename continues: "...r\Scans\History\Results\Quick\{0883C8F6-528F-46A1-BA8A-85D00BE77D85}"
2/23/2012 10:02:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
2/23/2012 10:00:21 PM, Error: SAVOnAccess [564] - Communication error between on-access driver and service for access of registry value [4079445-1791342672-1006\Software\CyberLink\Common\CLML\TouchSmart ITunesStatus] by process CLMLSvc.exe.
2/19/2012 3:58:05 PM, Error: Service Control Manager [7030] - The QBIDPService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 25 February 2012 - 12:29 PM

Hi, is this the same computer I helped you with earlier this month?

If so, did anything in particular happen preceding this?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 tlheyman

tlheyman

    New Member

  • Members
  • Pip
  • 16 posts

Posted 27 February 2012 - 08:54 PM

Hi Elise. Yes, same one. It was working great for a couple of days but then slowed WAY down. No, nothing happened that I know of, anyway.

#4 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 28 February 2012 - 03:33 AM

I see no malware here, but I see some strange errors, so I think a disk check would be a good start here.
Click Start > All Programs > Accessories, right click Command Prompt and select "run as administrator".

Type chkdsk /r and press enter.
Type Y and press enter when asked to schedule the scan for next reboot.
Restart your computer and let the disk check run unhindered. When done let me know if you notice any difference.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 20 April 2012 - 11:50 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 17 May 2012 - 12:55 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users