omegatoo

Members
  • Content count

    19
  • Joined

  • Last visited

About omegatoo

  • Rank
    New Member
  1. C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Adobe\Microsoft Corporation\zsuspv.dll.vir Win32/Kryptik.AUUE.Gen trojan C:\Users\Adrienne Pierce\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbdagggdgfdbgcggdagfdedigegb\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Users\Adrienne Pierce\AppData\LocalLow\ConservativeTalkNow_4nEI\Installr\Cache\02686CD2.exe a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\Adrienne Pierce\Desktop\Downloads\LuckyLettersDeluxeSetup-dm.exe a variant of Win32/Adware.Trymedia.A application Heading home now....should be back Sunday, Thanks, Diane
  2. Here's hijack: Computer is still doing fine. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:22:32 PM, on 3/1/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Adrienne Pierce\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 4018 bytes
  3. Hi Gringo, Here is the mb log, I'm going to do Hijack now. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.02.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Adrienne Pierce :: MAWMAWPC [administrator] 3/1/2013 8:08:24 PM mbam-log-2013-03-01 (20-08-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227137 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. It said: Internet explorer is running without add-ons. Computer is running MUCH better as soon as I signed on today. I am able to post through the Adrienne account with minimal delay and no hang ups. Did some web surfing and no problems. I may not have rebooted after the CFScript ran last time I was here, so that might be why it was still slow.
  5. I didn't realize before that I had left combofix running in Administrator when I left the other day, so the first log file I posted was from Administrator. Today I ran Combofix in Adrienne, and it ran ok. Unfortunately, the power went out for a second during a hail storm here (!), and the computer rebooted. I didn't know if it completed the scan or not, so I ran it again. Those would be the ComboFix3 and ComboFix2 files. Then I got your next message and did the CFScript in Adrienne. This log file is from that. I hope switching back and forth didn't confuse things too much. Administrator is running ok. Adrienne is still really slow, especially IE. I had to switch to Administrator to post this because loading pages in Adrienne was taking forever. I have to get home now. I'll keep a lookout for the next steps. Thanks again, Diane ComboFix 13-02-24.01 - Adrienne Pierce 02/24/2013 22:06:10.4.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3325.1982 [GMT -6:00] Running from: c:\users\Adrienne Pierce\Desktop\ComboFix.exe Command switches used :: c:\users\Adrienne Pierce\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 ))))))))))))))))))))))))))))))) . . 2013-02-25 04:15 . 2013-02-25 04:16 -------- d-----w- c:\users\Adrienne Pierce\AppData\Local\temp 2013-02-25 04:15 . 2013-02-25 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-25 04:15 . 2013-02-25 04:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-25 03:24 . 2013-02-25 03:24 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4320D21-5B84-4661-BC73-75E661B437EC}\offreg.dll 2013-02-25 03:23 . 2013-02-25 03:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4320D21-5B84-4661-BC73-75E661B437EC}\MpKsl9c4ed11f.sys 2013-02-24 19:00 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4320D21-5B84-4661-BC73-75E661B437EC}\mpengine.dll 2013-02-24 15:29 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-18 04:03 . 2013-02-18 04:03 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-02-16 23:39 . 2013-02-16 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-16 23:39 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-16 23:03 . 2013-02-16 23:03 -------- d-----w- c:\users\Adrienne Pierce\AppData\Local\Windows Live 2013-02-16 23:03 . 2013-02-16 23:03 -------- d-----w- c:\program files\Common Files\Windows Live 2013-02-16 23:03 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2013-02-16 23:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-02-16 23:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-02-16 23:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-02-16 23:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-02-16 23:01 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-02-16 23:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-02-16 23:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-02-16 23:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-02-16 23:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-02-16 23:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-02-16 23:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-02-14 16:14 . 2013-02-14 16:14 5263088 ----a-w- c:\windows\uninst.exe 2013-02-13 12:34 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 12:34 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 12:34 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-08 22:18 . 2008-01-21 02:32 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F62A9EBE-4C18-495D-9C48-49C78251D888}\mpengine.dll 2013-01-31 06:17 . 2013-01-31 06:17 -------- d-----w- C:\e2dc902992b7518d5b53aa . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 04:04 . 2012-04-22 12:56 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 04:04 . 2011-08-23 11:45 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2009-10-03 07:11 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 21:59 . 2013-01-20 21:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 21:59 . 2012-08-31 04:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-07 03:55 . 2009-07-12 13:13 279552 ----a-w- c:\windows\system32\services.exe 2012-12-16 13:12 . 2013-01-14 21:28 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2013-01-14 21:28 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-02-21 02:28 . 2012-06-03 02:22 456552 ----a-w- c:\program files\SQLite3.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-08 28739] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk backup=c:\windows\pss\Forget Me Not.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Adrienne Pierce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\Adrienne Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Adrienne Pierce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Adrienne Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-12-14 22:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] 2007-11-28 10:33 1099104 ------w- c:\program files\Microsoft Works\WksSb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] 2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-10-22 20:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] 2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9C4ED11F . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache LPDService REG_MULTI_SZ LPDSVC . Contents of the 'Scheduled Tasks' folder . 2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 04:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyServer = 192.168.1.1:80 TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-24 22:16 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34, 9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0 "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb "{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70, ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63 "{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9, ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6 "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:07,97,b1,49,4c,35,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,19,e1,4d,9a,b6,5c,49,b8,78,4f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,19,e1,4d,9a,b6,5c,49,b8,78,4f,\ . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,06,74, db,88,6b,75,0b,be,13,e3,3c,3e,f3,ba,6a . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:e3,b3,e4,ca,a5,b2,cc,01 . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,3a,20,90,46,72,ce,48,aa,b8,a0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,3a,20,90,46,72,ce,48,aa,b8,a0,\ . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-02-24 22:19:29 ComboFix-quarantined-files.txt 2013-02-25 04:19 ComboFix2.txt 2013-02-25 03:45 ComboFix3.txt 2013-02-25 03:13 ComboFix4.txt 2013-02-22 06:15 . Pre-Run: 176,024,125,440 bytes free Post-Run: 175,820,689,408 bytes free . - - End Of File - - BBC8D2F3BA71283DF4ADCFDB2C6ED8A1
  6. Hi gringo, The scan did finally generate a file. Mom says the computer seems to be doing better. I'll wait to do anything else until I hear from you. Thanks, Diane ComboFix 13-02-21.02 - Adrienne Pierce 02/21/2013 21:24:20.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3325.1959 [GMT -6:00] Running from: c:\users\Adrienne Pierce\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\AppData\Local\Adobe\Microsoft Corporation\zsuspv.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 ))))))))))))))))))))))))))))))) . . 2013-02-22 03:40 . 2013-02-22 03:40 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B928135E-B47A-4EE9-BFC3-98F83D5BE876}\offreg.dll 2013-02-22 03:35 . 2013-02-22 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-22 03:35 . 2013-02-22 03:35 -------- d-----w- c:\users\Adrienne Pierce\AppData\Local\temp 2013-02-22 03:35 . 2013-02-22 06:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-21 19:11 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B928135E-B47A-4EE9-BFC3-98F83D5BE876}\mpengine.dll 2013-02-20 14:31 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-18 04:03 . 2013-02-18 04:03 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-02-16 23:39 . 2013-02-16 23:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-16 23:39 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-16 23:03 . 2013-02-16 23:03 -------- d-----w- c:\users\Adrienne Pierce\AppData\Local\Windows Live 2013-02-16 23:03 . 2013-02-16 23:03 -------- d-----w- c:\program files\Common Files\Windows Live 2013-02-16 23:03 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2013-02-16 23:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-02-16 23:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-02-16 23:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-02-16 23:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-02-16 23:01 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-02-16 23:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-02-16 23:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-02-16 23:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-02-16 23:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-02-16 23:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-02-16 23:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-02-14 16:14 . 2013-02-14 16:14 5263088 ----a-w- c:\windows\uninst.exe 2013-02-13 12:34 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 12:34 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 12:34 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-08 22:18 . 2008-01-21 02:32 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F62A9EBE-4C18-495D-9C48-49C78251D888}\mpengine.dll 2013-01-31 06:17 . 2013-01-31 06:17 -------- d-----w- C:\e2dc902992b7518d5b53aa . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 04:04 . 2012-04-22 12:56 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 04:04 . 2011-08-23 11:45 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2009-10-03 07:11 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 21:59 . 2013-01-20 21:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 21:59 . 2012-08-31 04:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-07 03:55 . 2009-07-12 13:13 279552 ----a-w- c:\windows\system32\services.exe 2012-12-16 13:12 . 2013-01-14 21:28 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2013-01-14 21:28 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-02-21 02:28 . 2012-06-03 02:22 456552 ----a-w- c:\program files\SQLite3.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Forget Me Not.lnk backup=c:\windows\pss\Forget Me Not.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Adrienne Pierce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\Adrienne Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Adrienne Pierce^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Adrienne Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-12-14 22:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] 2007-11-28 10:33 1099104 ------w- c:\program files\Microsoft Works\WksSb.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] 2000-08-08 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-10-22 20:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] 2000-08-08 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache LPDService REG_MULTI_SZ LPDSVC . Contents of the 'Scheduled Tasks' folder . 2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 04:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - c:\program files\ReferenceBoss_1p\bar\1.bin\1pSrcAs.dll URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Toolbar-Locked - (no file) HKCU-Run-Microsoft Corporation - c:\users\Administrator\AppData\Local\Adobe\Microsoft Corporation\zsuspv.dll HKU-Default-Run-Microsoft Corporation - c:\users\Administrator\AppData\Local\Adobe\Microsoft Corporation\zsuspv.dll HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe MSConfigStartUp-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe MSConfigStartUp-Google Update - c:\users\Adrienne Pierce\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe MSConfigStartUp-ponthc - c:\users\ADRIEN~1\AppData\Local\Temp\ponthc.dll MSConfigStartUp-ReferenceBoss Search Scope Monitor - c:\progra~1\REFERE~3\bar\1.bin\1psrchmn.exe MSConfigStartUp-ruird - c:\users\ADRIEN~1\AppData\Local\Temp\ruird.dll MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe MSConfigStartUp-UpdReg - c:\windows\UpdReg.EXE MSConfigStartUp-VolPanel - c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-22 00:11 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34, 9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0 "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb "{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70, ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63 "{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9, ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6 "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:07,97,b1,49,4c,35,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,19,e1,4d,9a,b6,5c,49,b8,78,4f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,19,e1,4d,9a,b6,5c,49,b8,78,4f,\ . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,06,74, db,88,6b,75,0b,be,13,e3,3c,3e,f3,ba,6a . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:e3,b3,e4,ca,a5,b2,cc,01 . [HKEY_USERS\S-1-5-21-1588946701-3881551191-2734931700-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,3a,20,90,46,72,ce,48,aa,b8,a0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,3a,20,90,46,72,ce,48,aa,b8,a0,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\atiesrxx.exe c:\windows\system32\atieclxx.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\windows\System32\snmp.exe . ************************************************************************** . Completion time: 2013-02-22 00:15:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-22 06:15 . Pre-Run: 175,547,883,520 bytes free Post-Run: 176,165,740,544 bytes free . - - End Of File - - 04E1A90CEA2EBB71E28CDE27C78CDDA3
  7. Was at mom's this evening...having trouble with combofix, too. Got an "unable to write file" error, chose retry a couple of times, then ignore and it ran through to the end but no log file. Rebooted and re-ran a couple of times, same thing. Ran it in the Admin account, got some registry errors, but not the "marked for deletion" one. I rebooted and re-ran, got all the way through and still no log file. Went back to adrienne, ran all the way through without errors, but still no log file. Can't tell if it is crashed or really slow, so I left it maybe running and mom will copy a log file if one pops up, but I waited at least 5 minutes several times and no files popped up. It never rebooted itself during any of the runs. Computer function hasn't changed. I'm working this weekend :-( but should be able to get back Sunday evening to try again. Thanks, Diane
  8. Hey gringo, In the Adrienne account (which was already listed as admin), RogueKiller crashes and reboots after checking for faked stuff. It looks like it gets all the way through faked and reboots when it tries to do the next section. Prescan was clear, but I ran scan a couple of times and it rebooted at the same place. I hadn't read your e-mail yet, so I tried it in the Administrator account (which is also admin), and prescan there found and killed a couple of 'term proc' rundll32's but would still crash on full scan. I didn't get a chance to run it again after a reboot after the last term proc was killed because I had to get home. I may be able to get back to mom's house tomorrow afternoon, otherwise I'll try to help her do the next steps over the phone. Thanks again for your help. Diane
  9. OK, I will try to change it to an admin account if it is not already. So far tools are working. SecurityCheck wouldn't run in the administrator account, but ran fine in the 'adrienne' account. I didn't try AdwCleaner under admin, but it ran ok in 'adrienne'. Here is the file: # AdwCleaner v2.112 - Logfile created 02/17/2013 at 21:09:20 # Updated 10/02/2013 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : Adrienne Pierce - MAWMAWPC # Boot Mode : Normal # Running from : C:\Users\Adrienne Pierce\Desktop\adwcleaner0.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\user.js Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\Adrienne Pierce\AppData\Local\APN Folder Deleted : C:\Users\Adrienne Pierce\AppData\Local\Conduit Folder Deleted : C:\Users\Adrienne Pierce\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Adrienne Pierce\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Adrienne Pierce\AppData\LocalLow\MyFunCards_5m Folder Deleted : C:\Users\Adrienne Pierce\AppData\LocalLow\MyWebSearch ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\Blabbers Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355 Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start Key Deleted : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14Installer.Start.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin Key Deleted : HKLM\Software\TotalRecipeSearch_14EI Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Adrienne Pierce\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [5075 octets] - [17/02/2013 21:09:20] ########## EOF - C:\AdwCleaner[s1].txt - [5135 octets] ##########
  10. Dear Gringo, Thank you for your help. I noticed tonight when running the programs you requested that the computer is acting differently depending on whether I sign in under the administrator account or the 'Adrienne' account. I don't know if it matters, but I don't remember what I ran the dds and attach programs under, I am doing these next 3 programs on the 'adrienne' account, because that is where the problems are. If I need to do anything differently, please let me know. Here is Security Check: (next 2 coming soon) Results of screen317's Security Check version 0.99.58 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 22 Java 6 Update 29 Java 6 Update 5 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  11. Hello, Here are the attach and DDS files from my mom's Vista computer. Microsoft picked up the alureon.a trojan. The quick MB scan did not, but the computer is running so slow I didn't want to do a full scan unless necessary. Please forgive me if I am a little slow in answering as I am not here every day, but will try to walk Mom through the steps by phone between my visits. Thank you for your help. Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 7/21/2008 8:39:00 PM System Uptime: 2/16/2013 7:21:12 PM (0 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Celeron® CPU 440 @ 2.00GHz | Socket 775 | 1995/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 161.732 GiB free. D: is FIXED (NTFS) - 10 GiB total, 4.132 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1729: 7/7/2012 2:44:27 PM - Restore Operation RP2024: 11/15/2012 1:16:06 PM - maw RP2025: 11/15/2012 1:35:29 PM - Restore Operation . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 ATT-PRT22 att.net Internet Mail Browser Address Error Redirector Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish Cisco Connect Dell DataSafe Online Dell Support Center (Support Software) EDocs Family Tree Maker 2006 FamilySearch Indexing 3.12.1 FTMVistaUpdater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® PRO Network Connections 12.1.11.0 Java Auto Updater Java™ 6 Update 22 Java™ 6 Update 29 Java™ 6 Update 5 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Fix it Center Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Web Publishing Wizard 1.52 Microsoft Works Microsoft Works 2001 Setup Launcher Microsoft Works 6.0 Nancy Drew: The Phantom of Venice OGA Notifier 2.0.0048.0 OpenOffice.org 3.3 Photodex Presenter PowerDVD QuickTime Readiris Pro 8 RealPlayer Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) ShareIns Skins Spybot - Search & Destroy swMSM Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Driver Package - Hewlett-Packard Image (02/08/2007 9.0.0.83) Windows Driver Package - Logitech HIDClass (10/16/2006 1.0) Works Suite OS Pack Works Synchronization . ==== Event Viewer Messages From Past Week ======== . 2/9/2013 9:59:23 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/9/2013 9:59:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/9/2013 9:59:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.1943.0). 2/9/2013 9:59:03 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1943.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/9/2013 9:59:02 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/9/2013 9:59:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 8:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 2/16/2013 7:27:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.143.2457.0, AS: 1.143.2457.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0 2/16/2013 7:26:45 PM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting. 2/16/2013 7:25:08 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 5 (0x5). 2/16/2013 7:25:00 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1057] - The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state. . 2/16/2013 7:21:29 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 2/16/2013 7:19:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB2799494). 2/16/2013 7:19:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB2676562). 2/16/2013 7:06:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 7:06:57 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 7:06:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 7:06:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2457.0). 2/16/2013 7:06:18 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 7:06:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2457.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/16/2013 7:06:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/16/2013 6:57:23 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.143.2364.0, AS: 1.143.2364.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0 2/16/2013 2:53:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.143.2457.0, AS: 1.143.2457.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0 2/16/2013 2:50:07 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Family Tree Maker Printer with shared resource name Family Tree Maker Printer. Error 2114. The printer cannot be used by others on the network. 2/16/2013 2:49:27 PM, Error: EventLog [6008] - The previous system shutdown at 2:44:50 PM on 2/16/2013 was unexpected. 2/15/2013 7:49:19 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.143.2364.0, AS: 1.143.2364.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0 2/15/2013 7:28:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147636949 Name: Trojan:DOS/Alureon.A ID: 2147636949 Severity: Severe Category: Trojan Path: rootkit:_Alureon->Mbr::Alureon Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.143.2364.0, AS: 1.143.2364.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0 2/15/2013 7:26:19 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting. 2/15/2013 7:04:55 PM, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/15/2013 7:04:55 PM, Error: Service Control Manager [7031] - The Net.Tcp Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/15/2013 7:04:55 PM, Error: Service Control Manager [7031] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 2/15/2013 7:04:55 PM, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.tcp' protocol disconnected unexpectedly. 2/15/2013 7:04:54 PM, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly. 2/15/2013 6:35:06 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/15/2013 6:35:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/15/2013 6:35:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2364.0). 2/15/2013 6:34:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2364.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/15/2013 6:34:50 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/15/2013 6:34:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/14/2013 6:06:47 PM, Error: EventLog [6008] - The previous system shutdown at 5:58:40 PM on 2/14/2013 was unexpected. 2/14/2013 5:46:36 PM, Error: EventLog [6008] - The previous system shutdown at 5:43:14 PM on 2/14/2013 was unexpected. 2/14/2013 10:39:04 AM, Error: EventLog [6008] - The previous system shutdown at 10:24:13 AM on 2/14/2013 was unexpected. 2/13/2013 7:06:02 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/13/2013 7:06:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/13/2013 7:06:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2233.0). 2/13/2013 7:05:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2233.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/13/2013 7:05:36 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/13/2013 7:05:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/13/2013 1:45:58 PM, Error: EventLog [6008] - The previous system shutdown at 12:31:45 PM on 2/13/2013 was unexpected. 2/12/2013 2:51:02 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/12/2013 2:51:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/12/2013 2:50:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2136.0). 2/12/2013 2:50:26 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/12/2013 2:50:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2136.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/12/2013 2:50:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/11/2013 8:09:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows Vista (KB2724197). 2/11/2013 1:03:31 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/11/2013 1:03:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/11/2013 1:03:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2049.0). 2/11/2013 1:02:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2049.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/11/2013 1:02:41 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/11/2013 1:02:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/10/2013 12:32:30 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/10/2013 12:32:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. 2/10/2013 12:32:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.1988.0). 2/10/2013 12:32:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1988.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation. 2/10/2013 12:32:05 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start. 2/10/2013 12:32:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start. . ==== End Of File =========================== DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 Run by Administrator at 19:30:29 on 2013-02-16 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3325.2012 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\AERTSrv.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\System32\snmp.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\vssvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Windows\System32\svchost.exe -k LPDService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080722 uURLSearchHooks: <No Name>: {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned> BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - <orphaned> mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{C23D5DE2-663D-4E26-8277-5D71467F81E7} : DHCPNameServer = 192.168.1.254 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 MpKsl09e100ce;MpKsl09e100ce;c:\programdata\microsoft\microsoft antimalware\definition updates\{8bcc6b44-f47b-4b6e-a758-1eebb314af41}\MpKsl09e100ce.sys [2013-2-16 29904] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] . =============== Created Last 30 ================ . 2013-02-17 01:26:50 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8bcc6b44-f47b-4b6e-a758-1eebb314af41}\offreg.dll 2013-02-17 01:24:45 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8bcc6b44-f47b-4b6e-a758-1eebb314af41}\MpKsl09e100ce.sys 2013-02-16 23:39:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-16 23:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-16 23:03:55 -------- d-----w- c:\program files\common files\Windows Live 2013-02-16 23:03:13 754688 ----a-w- c:\windows\system32\webservices.dll 2013-02-16 23:01:54 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-02-16 23:01:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-02-16 23:01:50 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-02-16 23:01:49 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-02-16 23:01:49 16896 ----a-w- c:\windows\system32\winusb.dll 2013-02-16 23:01:48 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-02-16 23:01:48 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-02-16 23:01:47 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-02-16 23:01:45 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-02-16 23:01:44 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-02-16 23:01:44 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-02-16 13:05:58 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8bcc6b44-f47b-4b6e-a758-1eebb314af41}\mpengine.dll 2013-02-15 12:34:29 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-02-14 16:14:43 5263088 ----a-w- c:\windows\uninst.exe 2013-02-13 12:34:57 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 12:34:56 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 12:34:55 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-08 22:18:05 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f62a9ebe-4c18-495d-9c48-49c78251d888}\mpengine.dll 2013-01-31 06:17:40 -------- d-----w- C:\e2dc902992b7518d5b53aa 2013-01-20 21:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ==================== Find3M ==================== . 2013-02-08 04:04:54 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-08 04:04:54 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 21:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-07 03:55:37 279552 ----a-w- c:\windows\system32\services.exe 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-02-21 02:28:46 456552 ----a-w- c:\program files\SQLite3.dll . ============= FINISH: 19:33:38.93 ===============
  12. Everything seems to be working, no more pop-ups or security alerts. Thank you so much! Diane
  13. ESET: C:\Users\Di\Downloads\cbsidlm-tr1_9-RogueKiller-SEO2-75764640.exe Win32/DownloadAdmin.F application
  14. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Di :: NEWLAPTOP [administrator] Protection: Disabled 12/19/2012 7:29:34 AM mbam-log-2012-12-19 (07-29-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212412 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  15. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.8 (12.17.2012:1) OS: Windows 7 Home Premium x64 Ran by Di on Wed 12/19/2012 at 7:06:05.96 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 12/19/2012 at 7:13:37.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.101 - Logfile created 12/19/2012 at 07:15:17 # Updated 16/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Di - NEWLAPTOP # Boot Mode : Normal # Running from : C:\Users\Di\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\wecarereminder ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [840 octets] - [18/12/2012 17:27:21] AdwCleaner[s2].txt - [613 octets] - [19/12/2012 07:15:17] ########## EOF - C:\AdwCleaner[s2].txt - [672 octets] ##########