I am running windows 7 with ie9 (just upped from ie8). Things seem fine for the most part, but when I log onto my PNC web banking, something weird happens. I enter my user id, I get the correct security image and phrase, then I enter my password. That is when something unusual happens. Before going to the account info, a screen pops up with PNC's logo and asks me for a whole bunch of personal info they already have. I just kept cancelling the screen and it goes back to the log in screen all over again. I called PNC and they confirmed that it is not them. What ever thing is on my computer is able to insert a fake screen during my login procedure to steal my identity info. I did as much research as I could and came up with the Zeus virus. I tried the following things to get rid of it:
1. I installed and ran Kaspersky TDSSKiller
2. I installed and ran Malwarebytes Chameleon
3. I used RogueKiller to try and get anything bad out of the registry
4. I installed and ran HitmanPro
I restarted each time when prompted and it was still doing it. I then installed Microsoft Safety Scanner. It said I have Backdoor:Win32/Vawtrak.A
The micrsoft scanner said it removed it, but it still does it. I was looking in my registry here:
H_KEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run
and I find this entry:
vmxuajn REG_SZ regsvr32.exe/s "C:\Program Data\vmxuajn.dat"
And at that location it is keeping a data file. Here are my logs:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:04:10 PM, on 6/7/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
FIREFOX: 21.0 (en-US)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Ilium Software\eWallet\eWallet.exe
C:\Users\Dad\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] "C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe" startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [gSyncit] "C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
O4 - HKCU\..\Run: [vmxuajn] regsvr32.exe /s "C:\ProgramData\vmxuajn.dat"
O4 - Startup: Dropbox.lnk = Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
O4 - Global Startup: Toodledo Sync Tool.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 11127 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2010 10:20:03 AM
System Uptime: 6/7/2013 8:07:06 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 1.022 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 98 GiB total, 12.525 GiB free.
G: is FIXED (NTFS) - 56 GiB total, 0.33 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 9.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader XI (11.0.03)
Adobe SVG Viewer 3.0
AnyBizSoft PDF to Word (Build 3.0.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
Avery Wizard 4.0
Bonjour
Bonjour Print Services
CDDRV_Installer
Coupon Printer for Windows
DivX Setup
Dropbox
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
Evernote
eWallet 7.0
File Type Assistant
Free DWG Viewer 7.0
Free File Viewer 2011
Google Chrome
Google Desktop
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
gSyncit
HomeWorks Interactive 5.493
iCloud
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 35
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Model 8825 System Controller Demo
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MWSnap 3
Nuance PDF Reader
Paymee V3
Pdf995
PixelToolbox 1.1
QuickBooks
QuickBooks Pro 2012
QuickTime
Radioshack USB-to-Serial Cable Driver Installer
RAIDar 4.1.6
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
REScheck 4.4.4.2 (Current User)
RPDAnalyzer v3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sentinel Protection Installer 7.6.1
Sentinel System Driver
SoftPlan version 11 [c:\program files\softplan11]
SoftPlan version 14 [C:\Program Files\SoftPlan14]
Spotify
Spy Sweeper Core
Toodledo Sync Application
TuneUp 2.4.6.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
Upromise TurboSaver (remove only)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.11
Webroot AntiVirus with AntiSpyware
WinRAR 4.20 (32-bit)
WOW Slider
.
==== Event Viewer Messages From Past Week ========
.
6/7/2013 9:06:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
6/7/2013 9:06:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
6/7/2013 9:02:08 AM, Error: Service Control Manager [7023] -
6/7/2013 8:26:47 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
6/7/2013 7:32:32 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
6/7/2013 6:47:33 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
6/7/2013 6:45:22 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
6/7/2013 6:11:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 1271254803SsTR service to connect.
6/7/2013 6:11:03 PM, Error: Service Control Manager [7000] - The 1271254803SsTR service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/7/2013 11:25:28 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/6/2013 9:58:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB980408).
6/6/2013 9:58:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: NVIDIA driver update for NVIDIA GeForce 9800 GT.
6/6/2013 9:58:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB978542).
6/6/2013 9:58:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
6/6/2013 9:57:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2655992).
6/6/2013 9:56:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2719985).
6/6/2013 9:56:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2536276).
6/6/2013 9:56:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2564958).
6/6/2013 9:56:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2761217).
6/6/2013 9:56:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2419640).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB980846).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2813347).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2660649).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2535512).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687311).
6/6/2013 9:55:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2736418).
6/6/2013 9:54:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2757638).
6/6/2013 9:53:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2544893).
6/6/2013 9:53:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2659262).
6/6/2013 9:53:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656410).
6/6/2013 9:53:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB979482).
6/6/2013 9:52:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2296011).
6/6/2013 9:52:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2729094).
6/6/2013 9:52:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2387149).
6/6/2013 9:51:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2790655).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2584146).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687439).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2378111).
6/6/2013 9:51:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2726535).
6/6/2013 9:51:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2547666).
6/6/2013 9:50:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656355).
6/6/2013 9:49:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2676562).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2732500).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2007 suites (KB2596660).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2491683).
6/6/2013 9:48:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687441).
6/6/2013 9:47:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB977165).
6/6/2013 9:47:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2621440).
6/6/2013 9:46:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Update for Windows 7 (KB2511250).
6/6/2013 9:46:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596672).
6/6/2013 9:46:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2817183).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2479943).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office PowerPoint 2007 (KB2596912).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596871).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596754).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598).
6/6/2013 9:45:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2631813).
6/6/2013 9:43:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2007 suites (KB2596848).
6/6/2013 9:43:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121).
6/6/2013 9:21:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
6/6/2013 10:30:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2647753).
6/6/2013 10:29:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB979687).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2786400).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2840149).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2753842).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2736428).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2600217).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2536275).
6/6/2013 10:07:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2503665).
6/6/2013 10:07:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2807986).
6/6/2013 10:06:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2644615).
6/6/2013 10:06:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2347290).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2749655).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2808735).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2758857).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2563227).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2770660).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019).
6/6/2013 10:05:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2506928).
6/6/2013 10:05:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2729451).
6/6/2013 10:05:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359).
6/6/2013 10:05:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2510531).
6/6/2013 10:04:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2769369).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2799926).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2003 (KB2543854).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2509553).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2718704).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2620704).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687499).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595).
6/6/2013 10:03:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2813170).
6/6/2013 10:02:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).
6/6/2013 10:02:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB982665).
6/6/2013 10:02:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2762895).
6/6/2013 10:02:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB982132).
6/6/2013 10:01:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2423089).
6/6/2013 10:01:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2661254).
6/6/2013 10:01:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596744).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2660075).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2545698).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2579686).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Update for Media Center for Windows 7 (KB2284742).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451).
6/6/2013 10:00:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2685939).
6/5/2013 9:48:47 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/5/2013 12:55:41 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
6/5/2013 11:39:15 AM, Error: cdrom [15] - The device, \Device\CdRom1, is not ready for access yet.
6/5/2013 11:39:15 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
6/5/2013 11:39:15 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/4/2013 10:22:31 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/4/2013 10:22:31 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_35
Run by Dad at 20:28:51 on 2013-06-07
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2111 [GMT -4:00]
.
AV: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe
C:\Windows\regedit.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Ilium Software\eWallet\eWallet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - c:\program files\upromise\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [gSyncit] "c:\program files\fieldston software\gsyncit\gsyncit.exe"
uRun: [EPLTarget\P0000000000000000] "c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe" /ept "epltarget\P0000000000000000" /M "WorkForce 845"
uRun: [vmxuajn] regsvr32.exe /s "c:\programdata\vmxuajn.dat"
mRun: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [Intuit SyncManager] "c:\program files\common files\intuit\sync\IntuitSyncManager.exe" startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\dro pbox.lnk - c:\users\dad\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\toodle~1.lnk - c:\windows\installer\{9afa4423-d0e3-4f92-908e-d4c9ceeb3da3}\_4EBBCD3A645B53E3579F1E.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E3DB57A0-F01A-465D-B4C3-AC5914B6104F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F5F5B872-7A32-460F-8757-C1B670FA4698} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\ddbuxyyg.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2013-1-11 130944]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-4-16 1205760]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-4-14 30192]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-6-7 30464]
S3 kbfilter;kbfilter;c:\windows\system32\drivers\kbfilter.sys [2012-12-26 60216]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2005-12-31 1343400]
.
=============== Created Last 30 ================
.
2013-06-07 22:47:02 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-07 22:30:24 -------- d-----w- c:\programdata\HitmanPro
2013-06-07 22:18:52 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-06-07 17:48:13 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2013-06-07 17:47:58 -------- d-----w- c:\programdata\Malwarebytes
2013-06-07 17:47:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-07 17:47:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-07 01:41:59 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-07 01:41:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-07 01:41:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-07 01:39:27 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-07 01:39:27 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-07 01:39:25 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-07 01:39:25 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-07 01:39:21 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-07 01:39:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-07 01:39:20 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-07 01:36:57 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-07 01:36:56 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-07 01:36:56 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-06-07 01:36:56 158720 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-07 01:05:12 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2013-06-07 00:53:56 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2013-06-07 00:49:28 2048 ----a-w- c:\windows\system32\tzres.dll
2013-06-07 00:45:31 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-06-07 00:44:30 224768 ----a-w- c:\windows\system32\schannel.dll
2013-06-07 00:44:29 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-06-07 00:44:29 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2013-06-07 00:44:29 314368 ----a-w- c:\windows\system32\webio.dll
2013-06-07 00:44:29 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-06-07 00:44:29 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2013-06-07 00:44:28 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-06-07 00:44:28 22528 ----a-w- c:\windows\system32\lsass.exe
2013-06-07 00:44:28 22016 ----a-w- c:\windows\system32\secur32.dll
2013-06-07 00:44:28 15360 ----a-w- c:\windows\system32\sspisrv.dll
2013-06-07 00:42:16 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-06-07 00:42:05 749056 ----a-w- c:\windows\system32\schedsvc.dll
2013-06-07 00:42:05 496128 ----a-w- c:\windows\system32\taskschd.dll
2013-06-07 00:42:05 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-06-07 00:42:05 305152 ----a-w- c:\windows\system32\taskcomp.dll
2013-06-07 00:42:05 192000 ----a-w- c:\windows\system32\taskeng.exe
2013-06-07 00:42:05 179712 ----a-w- c:\windows\system32\schtasks.exe
2013-06-07 00:40:52 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-06-07 00:40:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-06-07 00:40:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2013-06-07 00:40:19 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-06-07 00:40:07 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-06-07 00:40:05 2690560 ----a-w- c:\windows\system32\mstscax.dll
2013-06-07 00:40:04 1034240 ----a-w- c:\windows\system32\mstsc.exe
2013-06-07 00:40:01 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-06-07 00:39:44 78336 ----a-w- c:\windows\system32\synceng.dll
2013-06-07 00:39:38 163328 ----a-w- c:\windows\system32\profsvc.dll
2013-06-07 00:39:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-06-07 00:39:30 41472 ----a-w- c:\windows\system32\browcli.dll
2013-06-07 00:39:30 102912 ----a-w- c:\windows\system32\browser.dll
2013-06-07 00:37:58 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-06-07 00:37:55 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-06-07 00:37:54 101760 ----a-w- c:\windows\system32\consent.exe
2013-06-07 00:37:53 738816 ----a-w- c:\windows\system32\wmpmde.dll
2013-06-07 00:37:50 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-06-07 00:37:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-06-07 00:37:50 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-06-07 00:37:50 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-06-07 00:37:48 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-06-07 00:37:05 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2013-06-07 00:20:00 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-06-07 00:12:07 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-07 00:12:07 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-07 00:12:07 107520 ----a-w- c:\windows\system32\cdd.dll
2013-06-04 17:52:54 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c99c854f-12bf-470c-b5ac-91aab02a5997}\mpengine.dll
2013-06-03 13:45:09 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-06-08 00:21:38 199680 ----a-w- c:\programdata\vmxuajn.dat
2013-06-06 12:15:37 60 ----a-w- c:\windows\wpd99.drv
2013-05-15 14:42:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:42:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:29:59.14 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-07 21:05:43
Windows 6.1.7600 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 ST380013AS rev.8.12 74.50GB
Running: zw16139j.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxlcifow.sys
---- System - GMER 2.1 ----
SSDT 8664CBE8 ZwAllocateVirtualMemory
SSDT 86622450 ZwCreateProcess
SSDT 86622248 ZwCreateProcessEx
SSDT 8664CEB8 ZwCreateThread
SSDT 8664CA08 ZwCreateThreadEx
SSDT 8664CA80 ZwCreateUserProcess
SSDT 8664CC60 ZwQueueApcThread
SSDT 8664CAF8 ZwReadVirtualMemory
SSDT 8664CD50 ZwSetContextThread
SSDT 87E50CE0 ZwSetDefaultHardErrorPort
SSDT 8664CFA8 ZwSetInformationProcess
SSDT 8664CDC8 ZwSetInformationThread
SSDT 8664CF30 ZwSuspendProcess
SSDT 8664CCD8 ZwSuspendThread
SSDT 866221D0 ZwTerminateProcess
SSDT 8664CE40 ZwTerminateThread
SSDT 8664CB70 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8D589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB984C 4 Bytes [E8, CB, 64, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82EB993C 8 Bytes [50, 24, 62, 86, 48, 22, 62, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EB995C 8 Bytes [B8, CE, 64, 86, 08, CA, 64, ...] {MOV EAX, 0x88664ce; RETF 0x8664}
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82EB9974 4 Bytes [80, CA, 64, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 624 82EB9C34 4 Bytes [60, CC, 64, 86]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] KERNEL32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00258A7C
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] KERNEL32.dll!CreateProcessA 75D52062 5 Bytes JMP 00258AD1
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00258B26
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00258B7E
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 008D8A7C
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 008D8AD1
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 008D8B26
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 008D8B7E
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] KERNEL32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00238A7C
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] KERNEL32.dll!CreateProcessA 75D52062 5 Bytes JMP 00238AD1
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00238B26
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00238B7E
.text C:\Windows\system32\Dwm.exe[2488] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 012B8A7C
.text C:\Windows\system32\Dwm.exe[2488] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 012B8AD1
.text C:\Windows\system32\Dwm.exe[2488] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 012B8B26
.text C:\Windows\system32\Dwm.exe[2488] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 012B8B7E
.text C:\Windows\system32\taskhost.exe[2496] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00AC8A7C
.text C:\Windows\system32\taskhost.exe[2496] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00AC8AD1
.text C:\Windows\system32\taskhost.exe[2496] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00AC8B26
.text C:\Windows\system32\taskhost.exe[2496] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00AC8B7E
.text C:\Windows\Explorer.EXE[2696] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 034E8A7C
.text C:\Windows\Explorer.EXE[2696] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 034E8AD1
.text C:\Windows\Explorer.EXE[2696] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 034E8B26
.text C:\Windows\Explorer.EXE[2696] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 034E8B7E
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 023F8A7C
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 023F8AD1
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 023F8B26
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 023F8B7E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 015A8A7C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 015A8AD1
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 015A8B26
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 015A8B7E
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00178A7C
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00178AD1
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00178B26
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00178B7E
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 023D8A7C
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 023D8AD1
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 023D8B26
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 023D8B7E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessW 75D5202D 3 Bytes JMP 00608A7C
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessW + 4 75D52031 1 Byte [8A]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessA 75D52062 3 Bytes JMP 00608AD1
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessA + 4 75D52066 1 Byte [8A]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00608B26
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00608B7E
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 029B8A7C
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 029B8AD1
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 029B8B26
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 029B8B7E
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00648A7C
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00648AD1
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00648B26
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00648B7E
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 002D8A7C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 002D8AD1
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 002D8B26
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 002D8B7E
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 01918A7C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 01918AD1
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 01918B26
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 01918B7E
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00658A7C
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00658AD1
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00658B26
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00658B7E
.text C:\Program Files\MWSnap\MWSnap.exe[4512] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 003D8A7C
.text C:\Program Files\MWSnap\MWSnap.exe[4512] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 003D8AD1
.text C:\Program Files\MWSnap\MWSnap.exe[4512] advapi32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 003D8B26
.text C:\Program Files\MWSnap\MWSnap.exe[4512] advapi32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 003D8B7E
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4888] kernel32.dll!SetUnhandledExceptionFilter 75DA3122 5 Bytes JMP 54A150B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4888] ole32.dll!OleLoadFromStream 76395B88 5 Bytes JMP 554DE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00308A7C
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00308AD1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateThread 75DA27DD 5 Bytes JMP 738275E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00308B26
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00308B7E
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DefWindowProcA 75FEE0E4 7 Bytes JMP 7382980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!CreateWindowExW 75FF0E51 5 Bytes JMP 738903DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DefWindowProcW 75FF724B 7 Bytes JMP 73888054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryOptionA 7766702D 5 Bytes JMP 00303F4F
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetSetOptionA 776697DF 5 Bytes JMP 0030402D
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetCloseHandle 7766C664 5 Bytes JMP 00307F95
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpQueryInfoA 7766E13A 5 Bytes JMP 003034E3
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetReadFile 7766F8D8 5 Bytes JMP 0030820B
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryDataAvailable 77673184 5 Bytes JMP 00308097
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetSetOptionW 7769528A 5 Bytes JMP 0030405C
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryOptionW 776953BE 5 Bytes JMP 00303F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetConnectA 7769567E 5 Bytes JMP 00308009
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpOpenRequestA 77695761 5 Bytes JMP 00303DB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetConnectW 77695CFA 5 Bytes JMP 00308050
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpOpenRequestW 77695FEF 5 Bytes JMP 00303E1B
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestW 7769632D 5 Bytes JMP 00308463
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetReadFileExA 7769FA49 5 Bytes JMP 00308256
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestExW 776AF564 5 Bytes JMP 0030857F
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpEndRequestA 776AF639 5 Bytes JMP 00303C65
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetWriteFile 776AF6C6 5 Bytes JMP 003035C1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestA 776C525A 5 Bytes JMP 003083F1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestExA 7770ECE5 5 Bytes JMP 003084D5
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpEndRequestW 7770EDB7 5 Bytes JMP 00303C92
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00128A7C
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00128AD1
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00128B26
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00128B7E
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00198A7C
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00198AD1
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00198B26
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00198B7E
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [75835D3D] C:\Windows\system32\apphelp.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74252494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74235624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7425250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74248573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74244D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74248819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7424907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74244C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys
AttachedDevice \FileSystem\fastfat \Fat ssfs0bbc.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{EA804DC2-47E7-11DF-B461-806E6F6E6963} 4395207424
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C01488A5-E6FA-5A30-0D97-DB5A8B6B179F}
---- EOF - GMER 2.1 ----
THANKS FOR ANY HELP YOU CAN PROVIDE!
1. I installed and ran Kaspersky TDSSKiller
2. I installed and ran Malwarebytes Chameleon
3. I used RogueKiller to try and get anything bad out of the registry
4. I installed and ran HitmanPro
I restarted each time when prompted and it was still doing it. I then installed Microsoft Safety Scanner. It said I have Backdoor:Win32/Vawtrak.A
The micrsoft scanner said it removed it, but it still does it. I was looking in my registry here:
H_KEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run
and I find this entry:
vmxuajn REG_SZ regsvr32.exe/s "C:\Program Data\vmxuajn.dat"
And at that location it is keeping a data file. Here are my logs:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:04:10 PM, on 6/7/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
FIREFOX: 21.0 (en-US)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Ilium Software\eWallet\eWallet.exe
C:\Users\Dad\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] "C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe" startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [gSyncit] "C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] "C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
O4 - HKCU\..\Run: [vmxuajn] regsvr32.exe /s "C:\ProgramData\vmxuajn.dat"
O4 - Startup: Dropbox.lnk = Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
O4 - Global Startup: Toodledo Sync Tool.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
--
End of file - 11127 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2010 10:20:03 AM
System Uptime: 6/7/2013 8:07:06 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 1.022 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 98 GiB total, 12.525 GiB free.
G: is FIXED (NTFS) - 56 GiB total, 0.33 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 9.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader XI (11.0.03)
Adobe SVG Viewer 3.0
AnyBizSoft PDF to Word (Build 3.0.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
Avery Wizard 4.0
Bonjour
Bonjour Print Services
CDDRV_Installer
Coupon Printer for Windows
DivX Setup
Dropbox
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
Evernote
eWallet 7.0
File Type Assistant
Free DWG Viewer 7.0
Free File Viewer 2011
Google Chrome
Google Desktop
Google Earth
Google Earth Pro
Google Toolbar for Internet Explorer
Google Update Helper
gSyncit
HomeWorks Interactive 5.493
iCloud
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 35
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Model 8825 System Controller Demo
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MWSnap 3
Nuance PDF Reader
Paymee V3
Pdf995
PixelToolbox 1.1
QuickBooks
QuickBooks Pro 2012
QuickTime
Radioshack USB-to-Serial Cable Driver Installer
RAIDar 4.1.6
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
REScheck 4.4.4.2 (Current User)
RPDAnalyzer v3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sentinel Protection Installer 7.6.1
Sentinel System Driver
SoftPlan version 11 [c:\program files\softplan11]
SoftPlan version 14 [C:\Program Files\SoftPlan14]
Spotify
Spy Sweeper Core
Toodledo Sync Application
TuneUp 2.4.6.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
Upromise TurboSaver (remove only)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.11
Webroot AntiVirus with AntiSpyware
WinRAR 4.20 (32-bit)
WOW Slider
.
==== Event Viewer Messages From Past Week ========
.
6/7/2013 9:06:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
6/7/2013 9:06:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
6/7/2013 9:02:08 AM, Error: Service Control Manager [7023] -
6/7/2013 8:26:47 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
6/7/2013 7:32:32 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
6/7/2013 6:47:33 PM, Error: Service Control Manager [7024] - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
6/7/2013 6:45:22 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
6/7/2013 6:11:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 1271254803SsTR service to connect.
6/7/2013 6:11:03 PM, Error: Service Control Manager [7000] - The 1271254803SsTR service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/7/2013 11:25:28 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/6/2013 9:58:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB980408).
6/6/2013 9:58:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: NVIDIA driver update for NVIDIA GeForce 9800 GT.
6/6/2013 9:58:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB978542).
6/6/2013 9:58:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
6/6/2013 9:57:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2655992).
6/6/2013 9:56:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2719985).
6/6/2013 9:56:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2536276).
6/6/2013 9:56:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2564958).
6/6/2013 9:56:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2761217).
6/6/2013 9:56:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2419640).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB980846).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2813347).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2660649).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2535512).
6/6/2013 9:55:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687311).
6/6/2013 9:55:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2736418).
6/6/2013 9:54:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2757638).
6/6/2013 9:53:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2544893).
6/6/2013 9:53:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2659262).
6/6/2013 9:53:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656410).
6/6/2013 9:53:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB979482).
6/6/2013 9:52:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2296011).
6/6/2013 9:52:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2729094).
6/6/2013 9:52:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2387149).
6/6/2013 9:51:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2790655).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2584146).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687439).
6/6/2013 9:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2378111).
6/6/2013 9:51:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2726535).
6/6/2013 9:51:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2547666).
6/6/2013 9:50:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656355).
6/6/2013 9:49:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2676562).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2732500).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2007 suites (KB2596660).
6/6/2013 9:49:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2491683).
6/6/2013 9:48:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687441).
6/6/2013 9:47:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB977165).
6/6/2013 9:47:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2621440).
6/6/2013 9:46:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Update for Windows 7 (KB2511250).
6/6/2013 9:46:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596672).
6/6/2013 9:46:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2817183).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2479943).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office PowerPoint 2007 (KB2596912).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596871).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596754).
6/6/2013 9:46:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598).
6/6/2013 9:45:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2631813).
6/6/2013 9:43:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2007 suites (KB2596848).
6/6/2013 9:43:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121).
6/6/2013 9:21:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
6/6/2013 10:30:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2647753).
6/6/2013 10:29:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB979687).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2786400).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2840149).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2753842).
6/6/2013 10:07:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2736428).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2600217).
6/6/2013 10:07:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2536275).
6/6/2013 10:07:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2503665).
6/6/2013 10:07:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2807986).
6/6/2013 10:06:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2644615).
6/6/2013 10:06:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2347290).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2749655).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2808735).
6/6/2013 10:05:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2758857).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2563227).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2770660).
6/6/2013 10:05:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019).
6/6/2013 10:05:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2506928).
6/6/2013 10:05:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2729451).
6/6/2013 10:05:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359).
6/6/2013 10:05:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2510531).
6/6/2013 10:04:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2769369).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2799926).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2003 (KB2543854).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2509553).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
6/6/2013 10:04:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2718704).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2620704).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2687499).
6/6/2013 10:04:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595).
6/6/2013 10:03:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2813170).
6/6/2013 10:02:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).
6/6/2013 10:02:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB982665).
6/6/2013 10:02:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2762895).
6/6/2013 10:02:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB982132).
6/6/2013 10:01:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2423089).
6/6/2013 10:01:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2661254).
6/6/2013 10:01:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft Office 2007 suites (KB2596744).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2660075).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 (KB2545698).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 (KB2579686).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Update for Media Center for Windows 7 (KB2284742).
6/6/2013 10:01:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451).
6/6/2013 10:00:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows 7 (KB2685939).
6/5/2013 9:48:47 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/5/2013 12:55:41 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
6/5/2013 11:39:15 AM, Error: cdrom [15] - The device, \Device\CdRom1, is not ready for access yet.
6/5/2013 11:39:15 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
6/5/2013 11:39:15 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/4/2013 10:22:31 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
6/4/2013 10:22:31 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_35
Run by Dad at 20:28:51 on 2013-06-07
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2111 [GMT -4:00]
.
AV: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with AntiSpyware *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe
C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe
C:\Windows\regedit.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Ilium Software\eWallet\eWallet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - c:\program files\upromise\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [gSyncit] "c:\program files\fieldston software\gsyncit\gsyncit.exe"
uRun: [EPLTarget\P0000000000000000] "c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe" /ept "epltarget\P0000000000000000" /M "WorkForce 845"
uRun: [vmxuajn] regsvr32.exe /s "c:\programdata\vmxuajn.dat"
mRun: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [Intuit SyncManager] "c:\program files\common files\intuit\sync\IntuitSyncManager.exe" startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\dro pbox.lnk - c:\users\dad\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\toodle~1.lnk - c:\windows\installer\{9afa4423-d0e3-4f92-908e-d4c9ceeb3da3}\_4EBBCD3A645B53E3579F1E.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E3DB57A0-F01A-465D-B4C3-AC5914B6104F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F5F5B872-7A32-460F-8757-C1B670FA4698} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\ddbuxyyg.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2013-1-11 130944]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-4-16 1205760]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-4-14 30192]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-6-7 30464]
S3 kbfilter;kbfilter;c:\windows\system32\drivers\kbfilter.sys [2012-12-26 60216]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2005-12-31 1343400]
.
=============== Created Last 30 ================
.
2013-06-07 22:47:02 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-06-07 22:30:24 -------- d-----w- c:\programdata\HitmanPro
2013-06-07 22:18:52 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-06-07 17:48:13 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2013-06-07 17:47:58 -------- d-----w- c:\programdata\Malwarebytes
2013-06-07 17:47:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-07 17:47:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-07 01:41:59 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-07 01:41:59 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-07 01:41:59 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-07 01:39:27 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-07 01:39:27 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-07 01:39:25 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-07 01:39:25 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-07 01:39:21 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-07 01:39:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-07 01:39:20 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-07 01:36:57 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-07 01:36:56 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-07 01:36:56 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-06-07 01:36:56 158720 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-07 01:05:12 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2013-06-07 00:53:56 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2013-06-07 00:49:28 2048 ----a-w- c:\windows\system32\tzres.dll
2013-06-07 00:45:31 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-06-07 00:44:30 224768 ----a-w- c:\windows\system32\schannel.dll
2013-06-07 00:44:29 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-06-07 00:44:29 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2013-06-07 00:44:29 314368 ----a-w- c:\windows\system32\webio.dll
2013-06-07 00:44:29 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-06-07 00:44:29 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2013-06-07 00:44:28 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-06-07 00:44:28 22528 ----a-w- c:\windows\system32\lsass.exe
2013-06-07 00:44:28 22016 ----a-w- c:\windows\system32\secur32.dll
2013-06-07 00:44:28 15360 ----a-w- c:\windows\system32\sspisrv.dll
2013-06-07 00:42:16 442880 ----a-w- c:\windows\system32\ntshrui.dll
2013-06-07 00:42:05 749056 ----a-w- c:\windows\system32\schedsvc.dll
2013-06-07 00:42:05 496128 ----a-w- c:\windows\system32\taskschd.dll
2013-06-07 00:42:05 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-06-07 00:42:05 305152 ----a-w- c:\windows\system32\taskcomp.dll
2013-06-07 00:42:05 192000 ----a-w- c:\windows\system32\taskeng.exe
2013-06-07 00:42:05 179712 ----a-w- c:\windows\system32\schtasks.exe
2013-06-07 00:40:52 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-06-07 00:40:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-06-07 00:40:51 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2013-06-07 00:40:19 219136 ----a-w- c:\windows\system32\ncrypt.dll
2013-06-07 00:40:07 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-06-07 00:40:05 2690560 ----a-w- c:\windows\system32\mstscax.dll
2013-06-07 00:40:04 1034240 ----a-w- c:\windows\system32\mstsc.exe
2013-06-07 00:40:01 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-06-07 00:39:44 78336 ----a-w- c:\windows\system32\synceng.dll
2013-06-07 00:39:38 163328 ----a-w- c:\windows\system32\profsvc.dll
2013-06-07 00:39:33 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-06-07 00:39:30 41472 ----a-w- c:\windows\system32\browcli.dll
2013-06-07 00:39:30 102912 ----a-w- c:\windows\system32\browser.dll
2013-06-07 00:37:58 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-06-07 00:37:55 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-06-07 00:37:54 101760 ----a-w- c:\windows\system32\consent.exe
2013-06-07 00:37:53 738816 ----a-w- c:\windows\system32\wmpmde.dll
2013-06-07 00:37:50 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-06-07 00:37:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-06-07 00:37:50 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-06-07 00:37:50 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-06-07 00:37:48 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-06-07 00:37:05 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2013-06-07 00:20:00 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-06-07 00:12:07 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-07 00:12:07 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-07 00:12:07 107520 ----a-w- c:\windows\system32\cdd.dll
2013-06-04 17:52:54 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c99c854f-12bf-470c-b5ac-91aab02a5997}\mpengine.dll
2013-06-03 13:45:09 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-06-08 00:21:38 199680 ----a-w- c:\programdata\vmxuajn.dat
2013-06-06 12:15:37 60 ----a-w- c:\windows\wpd99.drv
2013-05-15 14:42:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:42:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:29:59.14 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-07 21:05:43
Windows 6.1.7600 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 ST380013AS rev.8.12 74.50GB
Running: zw16139j.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxlcifow.sys
---- System - GMER 2.1 ----
SSDT 8664CBE8 ZwAllocateVirtualMemory
SSDT 86622450 ZwCreateProcess
SSDT 86622248 ZwCreateProcessEx
SSDT 8664CEB8 ZwCreateThread
SSDT 8664CA08 ZwCreateThreadEx
SSDT 8664CA80 ZwCreateUserProcess
SSDT 8664CC60 ZwQueueApcThread
SSDT 8664CAF8 ZwReadVirtualMemory
SSDT 8664CD50 ZwSetContextThread
SSDT 87E50CE0 ZwSetDefaultHardErrorPort
SSDT 8664CFA8 ZwSetInformationProcess
SSDT 8664CDC8 ZwSetInformationThread
SSDT 8664CF30 ZwSuspendProcess
SSDT 8664CCD8 ZwSuspendThread
SSDT 866221D0 ZwTerminateProcess
SSDT 8664CE40 ZwTerminateThread
SSDT 8664CB70 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E8D589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EB984C 4 Bytes [E8, CB, 64, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82EB993C 8 Bytes [50, 24, 62, 86, 48, 22, 62, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EB995C 8 Bytes [B8, CE, 64, 86, 08, CA, 64, ...] {MOV EAX, 0x88664ce; RETF 0x8664}
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82EB9974 4 Bytes [80, CA, 64, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 624 82EB9C34 4 Bytes [60, CC, 64, 86]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] KERNEL32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00258A7C
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] KERNEL32.dll!CreateProcessA 75D52062 5 Bytes JMP 00258AD1
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00258B26
.text C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00258B7E
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 008D8A7C
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 008D8AD1
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 008D8B26
.text C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE[1276] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 008D8B7E
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] KERNEL32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00238A7C
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] KERNEL32.dll!CreateProcessA 75D52062 5 Bytes JMP 00238AD1
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00238B26
.text C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00238B7E
.text C:\Windows\system32\Dwm.exe[2488] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 012B8A7C
.text C:\Windows\system32\Dwm.exe[2488] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 012B8AD1
.text C:\Windows\system32\Dwm.exe[2488] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 012B8B26
.text C:\Windows\system32\Dwm.exe[2488] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 012B8B7E
.text C:\Windows\system32\taskhost.exe[2496] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00AC8A7C
.text C:\Windows\system32\taskhost.exe[2496] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00AC8AD1
.text C:\Windows\system32\taskhost.exe[2496] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00AC8B26
.text C:\Windows\system32\taskhost.exe[2496] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00AC8B7E
.text C:\Windows\Explorer.EXE[2696] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 034E8A7C
.text C:\Windows\Explorer.EXE[2696] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 034E8AD1
.text C:\Windows\Explorer.EXE[2696] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 034E8B26
.text C:\Windows\Explorer.EXE[2696] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 034E8B7E
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 023F8A7C
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 023F8AD1
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 023F8B26
.text C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 023F8B7E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 015A8A7C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 015A8AD1
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 015A8B26
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3484] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 015A8B7E
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00178A7C
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00178AD1
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00178B26
.text C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe[3524] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00178B7E
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 023D8A7C
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 023D8AD1
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 023D8B26
.text C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe[3656] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 023D8B7E
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessW 75D5202D 3 Bytes JMP 00608A7C
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessW + 4 75D52031 1 Byte [8A]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessA 75D52062 3 Bytes JMP 00608AD1
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] kernel32.dll!CreateProcessA + 4 75D52066 1 Byte [8A]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00608B26
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3684] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00608B7E
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 029B8A7C
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 029B8AD1
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 029B8B26
.text C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE[3740] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 029B8B7E
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00648A7C
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00648AD1
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00648B26
.text C:\Program Files\Epson Software\Event Manager\EEventManager.exe[3756] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00648B7E
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 002D8A7C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 002D8AD1
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 002D8B26
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3788] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 002D8B7E
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 01918A7C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 01918AD1
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 01918B26
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3872] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 01918B7E
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00658A7C
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00658AD1
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00658B26
.text C:\Program Files\iTunes\iTunesHelper.exe[3900] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00658B7E
.text C:\Program Files\MWSnap\MWSnap.exe[4512] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 003D8A7C
.text C:\Program Files\MWSnap\MWSnap.exe[4512] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 003D8AD1
.text C:\Program Files\MWSnap\MWSnap.exe[4512] advapi32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 003D8B26
.text C:\Program Files\MWSnap\MWSnap.exe[4512] advapi32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 003D8B7E
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4888] kernel32.dll!SetUnhandledExceptionFilter 75DA3122 5 Bytes JMP 54A150B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4888] ole32.dll!OleLoadFromStream 76395B88 5 Bytes JMP 554DE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00308A7C
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00308AD1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] kernel32.dll!CreateThread 75DA27DD 5 Bytes JMP 738275E3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00308B26
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00308B7E
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DefWindowProcA 75FEE0E4 7 Bytes JMP 7382980D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!CreateWindowExW 75FF0E51 5 Bytes JMP 738903DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DefWindowProcW 75FF724B 7 Bytes JMP 73888054 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryOptionA 7766702D 5 Bytes JMP 00303F4F
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetSetOptionA 776697DF 5 Bytes JMP 0030402D
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetCloseHandle 7766C664 5 Bytes JMP 00307F95
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpQueryInfoA 7766E13A 5 Bytes JMP 003034E3
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetReadFile 7766F8D8 5 Bytes JMP 0030820B
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryDataAvailable 77673184 5 Bytes JMP 00308097
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetSetOptionW 7769528A 5 Bytes JMP 0030405C
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetQueryOptionW 776953BE 5 Bytes JMP 00303F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetConnectA 7769567E 5 Bytes JMP 00308009
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpOpenRequestA 77695761 5 Bytes JMP 00303DB9
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetConnectW 77695CFA 5 Bytes JMP 00308050
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpOpenRequestW 77695FEF 5 Bytes JMP 00303E1B
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestW 7769632D 5 Bytes JMP 00308463
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetReadFileExA 7769FA49 5 Bytes JMP 00308256
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestExW 776AF564 5 Bytes JMP 0030857F
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpEndRequestA 776AF639 5 Bytes JMP 00303C65
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!InternetWriteFile 776AF6C6 5 Bytes JMP 003035C1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestA 776C525A 5 Bytes JMP 003083F1
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpSendRequestExA 7770ECE5 5 Bytes JMP 003084D5
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] WININET.dll!HttpEndRequestW 7770EDB7 5 Bytes JMP 00303C92
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00128A7C
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00128AD1
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00128B26
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[5896] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00128B7E
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] kernel32.dll!CreateProcessW 75D5202D 5 Bytes JMP 00198A7C
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] kernel32.dll!CreateProcessA 75D52062 5 Bytes JMP 00198AD1
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] ADVAPI32.dll!CreateProcessAsUserW 7660BBDB 5 Bytes JMP 00198B26
.text C:\Users\Dad\Downloads\Process Explorer\ProcessExplorer\procexp.exe[5916] ADVAPI32.dll!CreateProcessAsUserA 766414FD 5 Bytes JMP 00198B7E
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [75835D3D] C:\Windows\system32\apphelp.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74252494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74235624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7425250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74248573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74244D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74248819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7424907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74244C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.1 6385_none_72fc7cbf861225ca\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys
AttachedDevice \FileSystem\fastfat \Fat ssfs0bbc.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{EA804DC2-47E7-11DF-B461-806E6F6E6963} 4395207424
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C01488A5-E6FA-5A30-0D97-DB5A8B6B179F}
---- EOF - GMER 2.1 ----
THANKS FOR ANY HELP YOU CAN PROVIDE!