Inactive Strongvault

boutells · 2013/02/09

[Inactive] Strongvault

I seem to have picked up some sort of virus called Strongvault. It did have an icon in my toolbar and was an installed program which I have now uninstalled. However, periodically when I click on a desktop icon, it starts installing again.

I can stop the installation but would like to get rid of the malware completely. A search for Strongvault yields no results.

Diagnostics

MBAM Log
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.09.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: BOUTELLS [administrator]

09/02/2013 11:55:12
mbam-log-2013-02-09 (11-55-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269841
Time elapsed: 24 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswmbr

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-09 12:23:55
-----------------------------
12:23:55.095 OS Version: Windows 6.1.7601 Service Pack 1
12:23:55.095 Number of processors: 2 586 0x605
12:23:55.098 ComputerName: BOUTELLS UserName: Mark
12:24:05.867 Initialize success
12:24:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:24:16.306 Disk 0 Vendor: ST3320620AS 3.AAD Size: 305245MB BusType: 3
12:24:16.338 Disk 0 MBR read successfully
12:24:16.341 Disk 0 MBR scan
12:24:16.345 Disk 0 Windows 7 default MBR code
12:24:16.349 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
12:24:16.388 Disk 0 scanning sectors +625121280
12:24:16.499 Disk 0 scanning C:\Windows\system32\drivers
12:24:38.036 Service scanning
12:24:58.447 Modules scanning
12:25:10.215 Disk 0 trace - called modules:
12:25:10.238 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
12:25:10.239 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864ccac8]
12:25:10.239 3 CLASSPNP.SYS[89a8f59e] -> nt!IofCallDriver -> [0x8639a758]
12:25:10.240 5 ACPI.sys[892bb3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8638d908]
12:25:10.241 Scan finished successfully
13:22:58.785 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat "
13:22:58.876 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt "

DDS(1)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Mark at 13:51:52 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.322 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\BroadCam\broadcam.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Snappy Fax Version 4\sfpagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mark\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ONENOTE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Mark\AppData\Local\Temp\nscC44A.tmp\nsDB15.tmp
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Ask.com\UpdateTask.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Users\Mark\AppData\Local\Temp\nscC44A.tmp\PEV.DAT
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=ad6ed92d-b2fc-47c0-8241-802855b29f8d&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=ad6ed92d-b2fc-47c0-8241-802855b29f8d&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=ad6ed92d-b2fc-47c0-8241-802855b29f8d&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=ad6ed92d-b2fc-47c0-8241-802855b29f8d&searchtype=ds&q={searchTerms}
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe "
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\users\mark\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\mark\appdata\local\programs\google\musicmanager\MusicManager.exe "
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Snappy Fax Printer virtual printer agent] "c:\program files\snappy fax version 4\sfpagent.exe "
mRun: [Snappy Fax Printer Agent] "c:\program files\snappy fax version 4\sfpagent.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SMessaging] c:\users\mark\appdata\local\strongvault online backup\SMessaging.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\bankin~1.lnk - c:\users\mark\documents\office\excel\Banking.xlsm
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\chrome\application\chrome.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\itunes.lnk - c:\program files\itunes\iTunes.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\users\mark\appdata\roaming\microsoft\windows\start menu\programs\startup\ONENOTE.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2CC6174E-07F8-415D-A90A-E756C56E0D80} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2CC6174E-07F8-415D-A90A-E756C56E0D80}\24F6574756C6C637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{58D70F54-9C80-42A6-9B37-DDD631A387D8} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9584427E-5223-4E45-83FD-9B4CA5FE798F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F477F461-ACD3-4564-BA2C-57F769B8CF00} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F477F461-ACD3-4564-BA2C-57F769B8CF00}\B69647368656E6 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\
FF - prefs.js: browser.search.selectedEngine - Google UK
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en-GB&source=mpes#t_0
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=ad6ed92d-b2fc-47c0-8241-802855b29f8d&searchtype=ds&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\mark\appdata\local\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-12-29 12:06; mcciwbch@motive.com; c:\program files\mozilla firefox\extensions\mcciwbch@motive.com.xpi
FF - ExtSQL: 2013-01-24 12:29; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2013-02-01 11:21; extension21804@extension21804.com; c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\extensions\extension21804@extension21804.com
FF - ExtSQL: 2013-02-02 10:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF - ExtSQL: 2013-02-03 10:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-05 10:11; gaurangnshah@gmail.com; c:\users\mark\appdata\roaming\mozilla\firefox\profiles\xg1o2rwg.default\extensions\gaurangnshah@gmail.com.xpi
FF - ExtSQL: 2013-02-07 15:20; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
.
---- FIREFOX POLICIES ----
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565416]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210168]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-2-7 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-2-7 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-2-7 362640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-28 904192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-2-7 146872]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-2-7 65488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-2-7 92192]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2011-9-30 1228864]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-7-14 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2011-7-14 53312]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-5-14 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-5-14 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-5-14 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-5-14 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-5-14 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-5-14 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-5-14 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-5-14 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-5-14 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-5-14 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-5-14 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-5-14 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-5-14 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-5-14 109864]
S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [2010-5-14 83080]
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [2010-5-14 15112]
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [2010-5-14 108552]
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [2010-5-14 100360]
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [2010-5-14 98568]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-27 52224]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== Created Last 30 ================
.
2013-02-09 11:58:00 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2aceb4bb-eba4-46de-942d-cba6d03f64d0}\offreg.dll
2013-02-09 11:53:21 -------- d-----w- c:\users\mark\appdata\roaming\Malwarebytes
2013-02-09 11:52:49 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 11:52:44 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-09 11:52:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-09 08:52:54 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2aceb4bb-eba4-46de-942d-cba6d03f64d0}\mpengine.dll
2013-02-08 09:09:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-07 12:16:34 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-02-07 12:15:24 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-07 12:15:09 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-07 12:15:07 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-02-07 12:15:07 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-07 12:15:07 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-07 12:15:06 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-07 12:14:37 -------- d-----w- c:\program files\common files\Mcafee
2013-02-07 12:13:54 -------- d-----w- c:\program files\McAfee.com
2013-02-07 12:13:48 -------- d-----w- c:\program files\McAfee
2013-02-07 11:45:42 171976 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-07 08:53:22 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2013-02-01 11:23:33 -------- d-----w- c:\program files\common files\MSSoap
2013-02-01 11:22:52 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-02-01 11:21:54 -------- d-----w- c:\users\mark\appdata\local\Coupon Companion Plugin
2013-02-01 11:21:42 -------- d-----w- c:\users\mark\appdata\local\Updater21804
2013-02-01 11:21:36 -------- d-----w- c:\program files\Coupon Companion Plugin
2013-01-24 12:07:19 -------- d-----w- c:\users\mark\appdata\local\Amazon
2013-01-11 08:59:37 -------- d-----w- c:\users\mark\appdata\local\Pinnacle
.
==================== Find3M ====================
.
2013-02-08 16:10:18 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 16:10:18 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 09:09:28 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-08 09:09:28 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-26 10:09:16 210168 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-12-26 10:06:54 565416 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 10:04:34 132976 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:09:47.53 ===============
DDS (2)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/05/2010 13:15:56
System Uptime: 09/02/2013 13:43:13 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5VD2-VM
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 2400/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 181.357 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP604: 17/01/2013 10:01:59 - Installed Java 7 Update 11
RP605: 18/01/2013 09:11:09 - Windows Update
RP606: 22/01/2013 09:01:04 - Windows Update
RP607: 24/01/2013 12:14:22 - Restore Operation
RP608: 24/01/2013 12:30:23 - Windows Update
RP609: 29/01/2013 08:52:15 - Windows Update
RP610: 30/01/2013 09:51:05 - Installed iSyncr
RP611: 01/02/2013 10:14:51 - Installed iSyncr
RP612: 01/02/2013 10:18:35 - Restore Operation
RP613: 01/02/2013 10:44:03 - Windows Update
RP614: 02/02/2013 11:46:54 - Installed iSyncr
RP615: 05/02/2013 08:59:19 - Windows Update
RP616: 07/02/2013 12:24:26 - Removed F-PROT Antivirus for Windows
RP617: 07/02/2013 15:11:36 - Removed F-PROT Antivirus for Windows
RP618: 08/02/2013 09:07:43 - Installed Java 7 Update 13
RP619: 09/02/2013 08:51:58 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3Connect
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Audacity 1.3.13 (Unicode)
Avanquest update
Belkin Wireless USB Utility
Bonjour
BroadCam Video Streaming Server
BT Desktop Help
BT NetProtect Plus
BTHomeHub
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Companion Plugin
D3DX10
Debut Video Capture Software
DVD Suite
Encyclopaedia Britannica Deluxe Edition 2004 CD-ROM
Eusing Free Registry Cleaner
ffdshow [rev 2527] [2008-12-19]
FreeOCR 3.0
FrostWire 4.21.1
Google Chrome
Google Drive
Google Earth
Google Update Helper
GoToAssist Corporate
Handbrake 0.9.4
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
HTC BMP USB Driver
HTC Driver Installer
Huawei modem
HyperCam 2
iSyncr
iTunes
Java 7 Update 13
Java Auto Updater
Kobo
Logitech Webcam Software
Logitech Webcam Software Driver Package
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English
Malwarebytes Anti-Malware version 1.70.0.1100
MediaShow 3.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
Nitro Reader 2
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Opera 12.12
PCI SoftV92 Modem
Pdf995
PdfEdit995
PhotoNow! 1.0
Pinnacle Studio 14
Pinnacle Video Driver
Pixillion Image Converter
Power2Go 5.0
PowerBackup 2.5
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
Prism Video File Converter
PVSonyDll
QuickTime
Ralink RT2870 Wireless LAN Card
RealDownloader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 2 for SQL Server 2008 (KB2285068)
Shared C Run-time for x86
Skype Click to Call
Skypeâ„¢ 6.0
Snappy Fax Version 4
Sony PC Companion 2.10.053
Sql Server Customer Experience Improvement Program
Strongvault Online Backup
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoPad Video Editor
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip
.
==== Event Viewer Messages From Past Week ========
.
09/02/2013 13:48:44, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
09/02/2013 13:42:42, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
09/02/2013 13:42:42, Error: Service Control Manager [7023] - The Server service terminated with the following error: A system shutdown is in progress.
09/02/2013 13:42:35, Error: Service Control Manager [7023] - The Process Monitor service terminated with the following error: The system cannot open the device or file specified.
09/02/2013 13:35:08, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
09/02/2013 13:28:55, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
09/02/2013 13:28:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-29733-01.
07/02/2013 09:20:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
07/02/2013 09:20:36, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/02/2013 09:20:17, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/02/2013 09:20:17, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
07/02/2013 09:16:26, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
07/02/2013 09:16:26, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
07/02/2013 09:16:26, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
07/02/2013 09:16:26, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
07/02/2013 09:16:26, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
07/02/2013 09:16:15, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0xfe82000c, 0x00000002, 0x00000000, 0x82f357ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020713-29484-01.
02/02/2013 10:28:22, Error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error The specified resource name cannot be found in the image file..
02/02/2013 10:28:19, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
02/02/2013 10:28:19, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
02/02/2013 08:50:43, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
02/02/2013 08:49:48, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
.
==== End Of File ===========================

broni · 2013/02/09

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

boutells · 2013/02/11

It has now been two days without a recurrence so I am going to mark this as resolved, hopefully not prematurely. At least I would mark it as resolved but can't find the spot to do so.

broni · 2013/02/11

Thanks for posting back
Since we didn't resolve anything here I'll mark this topic as inactive.
Good luck

Log in or Sign up

Inactive Strongvault

boutells Well-Known Member Thread Starter

broni Moderator Malware Analyst

boutells Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Strongvault

boutells Well-Known Member Thread Starter

broni Moderator Malware Analyst

boutells Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches