PDA

View Full Version : In desparate need of help- jipse


jipse
2014-03-10, 20:30
My computer has been taken over by the S-1-5-9 type account to the point where it has blocked me from doing most anything. I cannot update with windows, it also took over the HP critical update that would allow windows updates. It has taken over my spybot teatimer which I have disabled. I was able to gain the two information files for you as instructed in the before you post thread.
Computer life for me is at a standstill without your help.
Now most my restore points are gone but I did have backup on an external G drive but this think has taken admin rights on that too.
I did reinstall/backup my system several times before I realized what was happening. My sincere apologies if this becomes a hinderance. I see no happy ending at this point, only request for mercy and justice.


DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.21.2
Run by Kim at 13:17:13 on 2014-03-10
#Option MBR scan is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.779 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\spybot - search & destroy\SpybotSD.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Opera\18.0.1284.63\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://s17-us2.startpage.com/do/mypage.pl?prfh=sslEEE1N1Nfont_sizeEEEmediumN1Ndisable_open_in_new_windowEEE0N1Nnum_of_resultsEEE10N1N
uSearch Bar = about:blank
uSearch Page = about:blank
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:49248;https=127.0.0.1:49248
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
BHO: <No Name>: {02478D38-C3F9-4efb-9B51-7695ECA05670} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart /waitmore
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
StartupFolder: c:\users\kim\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{45B92B1C-5EB6-4F63-910D-235D9D70E117} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{AA1B8839-BB67-4B20-857F-20287593E2F8} : DHCPNameServer = 192.168.15.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kim\appdata\roaming\mozilla\firefox\profiles\h6rwaysc.default\
FF - prefs.js: browser.startup.homepage - hxxps://s17-us2.startpage.com/do/mypage.pl?prfh=sslEEE1N1Nfont_sizeEEEmediumN1Ndisable_open_in_new_windowEEE0N1Nnum_of_resultsEEE10N1N
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\kim\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-10-29 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2013-8-22 35256]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2009-8-10 251264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-9 1343400]
S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\nti\nti backup now ez\BackupNowEZSvr.exe [2013-2-5 46072]
S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-10 04:37:27 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c651b31-d9d3-4542-b51e-e37af8dc0d9d}\mpengine.dll
2014-03-10 04:35:47 -------- d-----w- c:\windows\system32\Wat
2014-03-09 22:53:19 154624 ----a-w- c:\windows\system32\iisRtl.dll
2014-03-09 22:53:18 50688 ----a-w- c:\windows\system32\admwprox.dll
2014-03-09 22:53:18 15360 ----a-w- c:\windows\system32\iisreset.exe
2014-03-09 22:53:17 8192 ----a-w- c:\windows\system32\iisrstap.dll
2014-03-09 22:53:17 26624 ----a-w- c:\windows\system32\ahadmin.dll
2014-03-09 22:53:17 10752 ----a-w- c:\windows\system32\wamregps.dll
2014-03-09 21:25:29 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{656ee378-71a0-4b62-abcd-5672e85b06aa}\gapaengine.dll
2014-03-09 21:24:44 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-09 21:10:19 -------- d-----w- c:\windows\system32\BestPractices
2014-03-09 21:10:16 -------- d-----w- C:\inetpub
2014-03-09 21:03:20 -------- d-----w- c:\users\kim\appdata\roaming\HpUpdate
2014-03-09 21:03:13 -------- d-----w- c:\windows\Hewlett-Packard
2014-03-09 20:52:35 -------- d-----w- c:\users\kim\appdata\local\ElevatedDiagnostics
2014-03-07 20:22:21 -------- d-----w- c:\program files\Roxio Creator 2011
2014-03-07 19:34:10 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-07 19:34:10 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
.
==================== Find3M ====================
.
2014-03-07 20:34:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-07 20:34:42 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:19:09.44 ===============

for ERUNT my access was denied and I could garnish nothing

Please please help.

Thank You,
Jipse

I get thru this in one piece I promise my continuous donation to your network
shelf life
2014-03-11, 23:27
Hi jipse,

We will get two downloads to start with and go from there. One is called Malwarebytes AntiMalware (MBAM) which you can keep and use as a antimalware app. The other is Roguekiller which we may use once or twice. Download and run MBAM first:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Next:

Download & SAVE to RogueKiller (http://www.adlice.com/softwares/roguekiller/) to your desktop. Not the X64 version, the other one
Double click to start
For Vista or Windows 7, right-click and select run as Admin
A prescan will start--Once the Prescan has finished click the Scan button
Once the scan is done a report.txt will be generated on your desktop.
Exit Rougekiller by going to File>Quit.
copy/paste the RKreport saved to your DeskTop in your reply.
jipse
2014-03-12, 06:05
Thank You so much for your reply.

I installed and ran the Malwarbytes program. Log is below. This process with my external drive takes 4+ hours.
However, I cannot get the Rogue Killer to Run, I run as administrator and as soon as I agree to license to run it goes away.
This thing is still in here with me as my public internet access keeps getting turned on and I still cannot update windows. Also I ran the defender offline scan and it found nothing!

I will keep trying to run rogue from another account. If I get a result I will post it.


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Kim :: COMPADRE [administrator]

Protection: Enabled

3/11/2014 4:57:53 PM
mbam-log-2014-03-11 (16-57-53).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 619229
Time elapsed: 4 hour(s), 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Kim\AppData\Roaming\AntiMalwareSuite (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.
C:\Users\Kim\AppData\Roaming\AntiMalwareSuite\Logs (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.

Files Detected: 8
C:\Users\Kari\Documents\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Kim\Downloads\downloads 2\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Kim\Music\seven nation army.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
G:\Knew Stockpile\W1\Downloads\downloads\aTube_Catcher.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
G:\Knew Stockpile\W1\Downloads\downloads\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Kari\Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Kari\Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Kim\AppData\Roaming\AntiMalwareSuite\Logs\scns.log (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully.

(end)
jipse
2014-03-12, 07:02
I got RogueKiller to run the first two entries for zip.exe are from my first attempts to download RogueKiller

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Kim [Admin rights]
Mode : Scan -- Date : 03/11/2014 23:55:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49248;hxxps=127.0.0.1:49248 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] {4E2CCE4E-F188-40F1-8FAF-13E2759D8159} : C:\Users\Kim\Desktop\ZipSetup.exe [-] -> FOUND
[V2][SUSP PATH] {F9042162-28A9-458C-8DCB-283B3A2C09DA} : C:\Users\Kim\Desktop\ZipSetup.exe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (ExitWindowsEx) : USER32.dll -> HOOKED (C:\Program Files\NTI\NTI Backup Now EZ\Pehook.DLL @ 0x10001940)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 webbrowser.tv
127.0.0.1 www.webbrowser.tv
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] b881d5145f86244c6b5f765817ce096e
[BSP] 10c2bb9d012386fb99a850a73404f73d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228408 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467780670 | Size: 10064 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_03112014_235539.txt >>
shelf life
2014-03-12, 23:11
ok thanks for the info. We will get another download and rerun rougekiller.

Do you see this .exe on your desktop C:\Users\Kim\Desktop\------->ZipSetup.exe
I would bet its malware thats scheduled to install itself, Since its registered as a scheduled task. You can delete it from the desktop Some malware may use Windows task scheduler.


Please download AdwCleaner to your desktop. http://www.bleepingcomputer.com/download/adwcleaner/
Double click on AdwCleaner.exe, select OK, then Run. Accept Terms of Use
Click on SCAN. Once the scan completes, click the Clean button.
Machine will reboot and on restart will display a log file that you can copy/paste in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well.

Next:

Rerun Roguekiller like before:
Double click Rougekiller icon to start
For Vista or Windows 7, right-click and select run as Admin
A prescan will start--Once the Prescan has finished click the Scan button.
Once the scan has finished click on the Fix Proxy button and then also the Delete button once it becomes available
Finally click the report button. Copy/paste the contents in your reply
File>Quit to Exit Rougekiller then reboot your machine.
jipse
2014-03-13, 04:49
Okay, So I do see the .exe on my desktop C:\Users\Kim\Desktop\------->ZipSetup.exe
It will not allow me to delete it without permission from myself and no option to do that.
I have been unable to delete it. Please help with that.

Ran AdwCleaner/Rebooted and log file below.

Then Reran Roguekiller like before:clicked Fix Proxy button and then also the Delete button once it became available
Report below/Rebooted. Had to reboot twice.
On first reboot the firewall was disabled and I could not enable it or restore to default so I rebooted again. seems okay so far.
_________________________
ADWCLEANER LOG FILE
_________________________
# AdwCleaner v3.021 - Report created 12/03/2014 at 20:08:17
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Kim - COMPADRE
# Running from : C:\Users\Kim\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Kim\AppData\Roaming\dvdvideosoftiehelpers
File Deleted : C:\Users\Kari\AppData\Roaming\Mozilla\Firefox\Profiles\yrtaa5si.default\searchplugins\search.xml
File Deleted : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\h6rwaysc.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13FE3D3-FDF0-43BA-BDC9-002517B9A6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\h6rwaysc.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{54670371-c611-4b45-b047-ee7f70121046}");
Line Deleted : user_pref("plugin.state.npviewpoint", 0);

[ File : C:\Users\Kari\AppData\Roaming\Mozilla\Firefox\Profiles\yrtaa5si.default\prefs.js ]


[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fm6r9jy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4980 octets] - [12/03/2014 19:57:37]
AdwCleaner[S0].txt - [4880 octets] - [12/03/2014 20:08:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4940 octets] ##########
_____________________
ROGUE KILLER REPORT
_____________________
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Kim [Admin rights]
Mode : Remove -- Date : 03/12/2014 20:40:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][SUSP PATH] {4E2CCE4E-F188-40F1-8FAF-13E2759D8159} : C:\Users\Kim\Desktop\ZipSetup.exe [-] -> DELETED
[V2][SUSP PATH] {F9042162-28A9-458C-8DCB-283B3A2C09DA} : C:\Users\Kim\Desktop\ZipSetup.exe [-] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 webbrowser.tv
127.0.0.1 www.webbrowser.tv
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] b881d5145f86244c6b5f765817ce096e
[BSP] 10c2bb9d012386fb99a850a73404f73d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228408 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467780670 | Size: 10064 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 0b939978dcaf59ace1963eba7bd22f60
[BSP] dd7c339f4eca6474db601c948a5f994f : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_03122014_204051.txt >>
RKreport[0]_S_03122014_203902.txt

I will wait for your next advised move.
I will also mention that my computer crashed this afternoon and I had to use startup repair to set it right again. UGH :0(

Thank You for your time and help! :0)
jipse
2014-03-13, 22:15
I think I may have posted the wrong RK report (I had three) so I redid it
here is most recent report

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Kim [Admin rights]
Mode : Remove -- Date : 03/13/2014 15:07:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (ExitWindowsEx) : USER32.dll -> HOOKED (C:\Program Files\NTI\NTI Backup Now EZ\Pehook.DLL @ 0x10001940)
[Address] IAT @explorer.exe (ExitWindowsEx) : USER32.dll -> HOOKED (C:\Program Files\NTI\NTI Backup Now EZ\Pehook.DLL @ 0x10001940)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 webbrowser.tv
127.0.0.1 www.webbrowser.tv
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT725025VLA SCSI Disk Device +++++
--- User ---
[MBR] b881d5145f86244c6b5f765817ce096e
[BSP] 10c2bb9d012386fb99a850a73404f73d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228408 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467780670 | Size: 10064 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 0b939978dcaf59ace1963eba7bd22f60
[BSP] dd7c339f4eca6474db601c948a5f994f : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_03132014_150739.txt >>
RKreport[0]_D_03122014_204051.txt;RKreport[0]_S_03122014_203902.txt;RKreport[0]_S_03122014_220207.txt
RKreport[0]_S_03132014_150201.txt
shelf life
2014-03-14, 02:13
ok thanks for the info. Looks like the desktop file was deleted by RK: C:\Users\Kim\Desktop\ZipSetup.exe [-] -> DELETED. Is it gone from the desktop?

Can you rerun DDS and copy/paste in both the logs. In the settings panel when you start it please make sure that under SCAN that dds txt and attach txt is checked and under options for dds txt: ensure that check MBR is checked.
Then click the start button to run. Copy/paste the logs in your reply. thanks
jipse
2014-03-14, 03:10
The Zip.Exe file is still on the desktop
dds txt here.
dds attach will be in new thread... too big



DDS TXT
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.51.2
Run by Kim at 20:03:58 on 2014-03-13
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.857 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\20.0.1387.77\opera.exe
C:\Program Files\Opera\20.0.1387.77\opera.exe
C:\Program Files\Opera\20.0.1387.77\opera.exe
C:\Program Files\Opera\20.0.1387.77\opera.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\20.0.1387.77\opera.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://s17-us2.startpage.com/do/mypage.pl?prfh=sslEEE1N1Nfont_sizeEEEmediumN1Ndisable_open_in_new_windowEEE0N1Nnum_of_resultsEEE10N1N
uSearch Bar = about:blank
uSearch Page = about:blank
mStart Page = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart /waitmore
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CPMonitor] "c:\program files\roxio\cineplayer\5.0\CPMonitor.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{45B92B1C-5EB6-4F63-910D-235D9D70E117} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{AA1B8839-BB67-4B20-857F-20287593E2F8} : DHCPNameServer = 192.168.15.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.149\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kim\appdata\roaming\mozilla\firefox\profiles\h6rwaysc.default\
FF - prefs.js: browser.startup.homepage - hxxps://s17-us2.startpage.com/do/mypage.pl?prfh=sslEEE1N1Nfont_sizeEEEmediumN1Ndisable_open_in_new_windowEEE0N1Nnum_of_resultsEEE10N1N
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\kim\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2014-3-13 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2014-3-13 15856]
R1 MpKslfc5582ca;MpKslfc5582ca;c:\programdata\microsoft\microsoft antimalware\definition updates\{549c8f01-fda3-4785-8b84-71c3690f28f0}\MpKslfc5582ca.sys [2014-3-13 39464]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-10-29 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-2-10 155704]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-2-10 228888]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2014-3-13 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-30 39408]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-11 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-11 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-11 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\nti\nti backup now ez\BackupNowEZSvr.exe [2013-2-5 46072]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2013-8-22 35256]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-2-10 107256]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\drivers\V0500Vid.sys [2009-8-10 251264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-9 1343400]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
SUnknown MpKsl9ea580df;MpKsl9ea580df; [x]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-03-13 22:37:05 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{549c8f01-fda3-4785-8b84-71c3690f28f0}\MpKslfc5582ca.sys
2014-03-13 22:34:06 -------- d-----w- c:\users\kim\appdata\roaming\Roxio Burn
2014-03-13 22:21:25 25584 ------w- c:\windows\system32\drivers\SaibVd32.sys
2014-03-13 22:21:24 21488 ------w- c:\windows\system32\drivers\SahdIa32.sys
2014-03-13 22:21:24 15856 ------w- c:\windows\system32\drivers\SaibIa32.sys
2014-03-13 22:07:18 -------- d-----w- c:\program files\common files\Sonic Shared
2014-03-13 21:58:59 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2014-03-13 21:58:58 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2014-03-13 21:58:57 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2014-03-13 21:58:56 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2014-03-13 21:58:54 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2014-03-13 21:58:54 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2014-03-13 21:58:53 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2014-03-13 02:06:27 49940480 ----a-w- c:\program files\GUT6682.tmp
2014-03-13 02:06:27 -------- d-----w- c:\program files\GUM6681.tmp
2014-03-13 01:57:32 -------- d-----w- C:\AdwCleaner
2014-03-13 00:09:34 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{549c8f01-fda3-4785-8b84-71c3690f28f0}\mpengine.dll
2014-03-12 23:12:07 -------- d-----w- c:\programdata\Uninstall
2014-03-12 23:10:06 -------- d-----w- c:\programdata\eSellerate
2014-03-12 22:51:51 -------- d-----w- c:\users\kim\appdata\roaming\Simple Star
2014-03-12 22:51:35 -------- d-----w- c:\programdata\PhotoShow Shared Assets
2014-03-12 22:51:23 -------- d-----w- c:\program files\Roxio
2014-03-12 22:50:50 -------- d-----w- c:\program files\common files\PX Storage Engine
2014-03-12 22:50:07 -------- d-----w- c:\program files\SmartSound Software
2014-03-12 22:50:02 -------- d-----w- c:\programdata\SmartSound Software Inc
2014-03-12 22:48:09 -------- d-----w- c:\program files\Roxio 2011
2014-03-12 22:44:46 -------- d-----w- c:\windows\system32\directx
2014-03-12 22:37:43 -------- d-----w- c:\users\kim\appdata\roaming\Roxio Log Files
2014-03-12 22:06:39 -------- d-----w- c:\users\kim\appdata\local\Secunia PSI
2014-03-12 22:06:10 -------- d-----w- c:\program files\Secunia
2014-03-12 15:04:49 -------- d-----w- c:\users\kim\appdata\local\CrashDumps
2014-03-11 22:54:35 -------- d-----w- c:\users\kim\appdata\roaming\Malwarebytes
2014-03-11 22:54:14 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 22:54:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 22:54:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-11 21:55:50 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-11 21:23:07 -------- d-----w- c:\windows\Microsoft Antimalware
2014-03-11 13:32:19 0 ----a-w- c:\windows\system32\RENBEE1.tmp
2014-03-11 13:32:19 0 ----a-w- c:\windows\system32\RENBEE0.tmp
2014-03-11 13:32:19 0 ----a-w- c:\windows\system32\RENBECF.tmp
2014-03-11 13:31:01 0 ----a-w- c:\windows\system32\REN90EE.tmp
2014-03-11 13:31:01 0 ----a-w- c:\windows\system32\REN90DE.tmp
2014-03-11 13:31:01 0 ----a-w- c:\windows\system32\REN90DD.tmp
2014-03-11 13:26:54 0 ----a-w- c:\windows\system32\RENCB5F.tmp
2014-03-11 13:26:54 0 ----a-w- c:\windows\system32\RENCB5E.tmp
2014-03-11 13:26:54 0 ----a-w- c:\windows\system32\RENCB5D.tmp
2014-03-11 13:26:04 0 ----a-w- c:\windows\system32\REN64C.tmp
2014-03-11 13:26:04 0 ----a-w- c:\windows\system32\REN63B.tmp
2014-03-11 13:26:04 0 ----a-w- c:\windows\system32\REN62B.tmp
2014-03-11 13:06:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-11 09:00:52 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-11 09:00:52 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-10 04:35:47 -------- d-----w- c:\windows\system32\Wat
2014-03-09 22:53:19 154624 ----a-w- c:\windows\system32\iisRtl.dll
2014-03-09 22:53:18 50688 ----a-w- c:\windows\system32\admwprox.dll
2014-03-09 22:53:18 15360 ----a-w- c:\windows\system32\iisreset.exe
2014-03-09 22:53:17 8192 ----a-w- c:\windows\system32\iisrstap.dll
2014-03-09 22:53:17 26624 ----a-w- c:\windows\system32\ahadmin.dll
2014-03-09 22:53:17 10752 ----a-w- c:\windows\system32\wamregps.dll
2014-03-09 21:25:29 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{656ee378-71a0-4b62-abcd-5672e85b06aa}\gapaengine.dll
2014-03-09 21:10:19 -------- d-----w- c:\windows\system32\BestPractices
2014-03-09 21:10:16 -------- d-----w- C:\inetpub
2014-03-09 21:03:20 -------- d-----w- c:\users\kim\appdata\roaming\HpUpdate
2014-03-09 21:03:13 -------- d-----w- c:\windows\Hewlett-Packard
2014-03-07 20:22:21 -------- d-----w- c:\program files\Roxio Creator 2011
2014-03-07 19:36:10 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-07 19:36:08 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-07 19:36:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-07 19:36:06 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-03-07 19:36:06 141824 ----a-w- c:\windows\system32\wscript.exe
2014-03-07 19:36:06 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-03-07 19:36:05 126976 ----a-w- c:\windows\system32\cscript.exe
2014-03-07 19:35:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-07 19:35:01 428032 ----a-w- c:\windows\system32\vbscript.dll
2014-03-07 19:34:33 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-03-07 19:34:33 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-03-07 19:34:10 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-07 19:34:10 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-10 17:35:40 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find6M ====================
.
2014-03-12 06:34:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 06:34:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-04 02:03:20 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- c:\windows\system32\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- c:\windows\system32\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- c:\windows\system32\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-09-27 16:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 16:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
.
============= FINISH: 20:04:55.46 ===============
jipse
2014-03-14, 03:11
DDS ATTACH POST

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/6/2010 9:50:35 PM
System Uptime: 3/13/2014 4:30:29 PM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 58.804 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.623 GiB free.
E: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 199.587 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9ea580df
Device ID: ROOT\LEGACY_MPKSL9EA580DF\0000
Manufacturer:
Name: MpKsl9ea580df
PNP Device ID: ROOT\LEGACY_MPKSL9EA580DF\0000
Service: MpKsl9ea580df
.
==== System Restore Points ===================
.
RP749: 3/12/2014 7:40:30 PM - after crash 3_12
RP750: 3/12/2014 8:43:18 PM - Windows Update
RP752: 3/13/2014 3:58:06 PM - Installed DirectX
RP754: 3/13/2014 4:00:37 PM - Installed SmartSound Common Data
RP756: 3/13/2014 4:22:27 PM - Installed SmartSound Quicktracks 5
RP757: 3/13/2014 4:45:29 PM - after roxio install
RP758: 3/13/2014 5:52:58 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Action Replay DSi Code Manager
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.6)
Adobe Shockwave Player 12.1
Adobe Stock Photos 1.0
AIO_Scan
Any Audio Converter 4.0.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aTube Catcher
Audacity 2.0.5
Blaze Media Pro
Bonjour
BufferChm
c4200_Help
CCleaner
Coby Media Manager
CyberLink DVD Suite Deluxe
D3DX10
DA DVD Ripper
dBpoweramp Music Converter
dBpowerAMP WMA V9.1 Codec
DC-Bass Source 1.1.1
Defraggler
DIRECTV Player
DotNET35SP1Setup1
Dropbox
Dynex 1.3MP Webcam Driver (1.00.03.0000)
Dynex Webcam User's Guide
Enhanced Multimedia Keyboard Solution
ffdshow [rev 2527] [2008-12-19]
Fishdom
Fishdom 2 Premium Edition
Fishdom H2O - Hidden Odyssey
Free YouTube Download version 3.2.12.827
Google Chrome
Google Update Helper
HandBrake 0.9.9.1
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HP Active Support Library
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Picasso Media Center Add-In
HP Product Assistant
HP Product Detection
HP Total Care Advisor
HP Update
HPProductAssistant
InFlac 1.1.1
Jasc Paint Shop Pro 8
Java 7 Update 51
Java Auto Updater
LabelPrint
LightScribe System Software
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NTI Backup Now EZ
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
OpenOffice.org 2.4
Opera Stable 20.0.1387.77
Photo Common
Photo Gallery
Power2Go
PowerDirector
PVSonyDll
Python 2.5
QuickTime
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Reg Tool
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2011
Roxio PhotoShow
Roxio Video Capture USB
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SmartSound Common Data
SmartSound Quicktracks 5
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spotify
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Super Word Games 10,000
swMSM
Toolbox
UnloadSupport
Vegas Movie Studio HD 11.0
WeatherBug Gadget
Winamp
Windows Driver Package - Datel Design & Development (dsiarhwprog) USBIOControlledDevices (04/21/2009 2.40.0.0)
Windows Driver Package - Datel Design & Development USBIOControlledDevices (04/21/2009 2.40.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WordPerfect MAIL
WordPerfect Office X3
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2913431).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2847077).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2574819).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2912390).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2862330).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2901112).
3/9/2014 4:47:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2898857).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB971033).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2919469).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2913152).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2904266).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2891804).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2830477).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2916036).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2913602).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2909210).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2893294).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2892074).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2887069).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2862973).
3/9/2014 4:47:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2911501).
3/9/2014 4:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {F087771F-D74F-4C1A-BB8A-E16ACA9124EA}
3/9/2014 4:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {6D18AD12-BDE3-4393-B311-099C346E6DF9}
3/9/2014 4:34:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/9/2014 4:28:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/9/2014 4:23:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/9/2014 4:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/9/2014 4:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/9/2014 4:23:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/9/2014 4:23:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/9/2014 4:20:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr sptd Wanarpv6
3/9/2014 4:20:25 PM, Error: Service Control Manager [7001] - The Application Identity service depends on the AppID Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/9/2014 4:20:25 PM, Error: Service Control Manager [7001] - The AppID Driver service depends on the System Attribute Cache service which failed to start because of the following error: A device attached to the system is not functioning.
3/9/2014 3:22:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/9/2014 3:22:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/9/2014 3:22:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/9/2014 3:10:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/9/2014 3:10:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/9/2014 3:02:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB971033).
3/9/2014 3:02:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2847077).
3/9/2014 3:02:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2912390).
3/9/2014 2:56:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1426.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
3/9/2014 2:56:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.1.8904.0&sig=17.36.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.1.8904.0&sig=17.36.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.1.8904.0&sig=17.36.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.1.8904.0&sig=17.36.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10100.0&avdelta=1.163.1511.0&asdelta=1.163.1511.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10100.0&avdelta=1.163.1511.0&asdelta=1.163.1511.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10100.0&avdelta=1.163.1511.0&asdelta=1.163.1511.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:41:34 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10100.0&avdelta=1.163.1511.0&asdelta=1.163.1511.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
3/7/2014 11:33:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/7/2014 1:21:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/7/2014 1:21:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/7/2014 1:21:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1511.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/13/2014 5:45:53 PM, Error: Service Control Manager [7034] - The NTI BackupNowEZSvr service terminated unexpectedly. It has done this 1 time(s).
3/13/2014 5:45:32 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/13/2014 4:49:17 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/13/2014 4:34:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14319] - Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.
3/13/2014 4:32:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
3/13/2014 4:32:10 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
3/13/2014 4:32:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
3/13/2014 4:30:31 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/13/2014 4:16:26 PM, Error: Service Control Manager [7030] - The Roxio Hard Drive Watcher 12 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/13/2014 4:16:25 PM, Error: Service Control Manager [7030] - The RoxMediaDB13 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/12/2014 8:58:48 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2014 8:58:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 8:58:18 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
3/12/2014 8:57:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 8:57:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2014 8:57:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/12/2014 8:52:55 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 8:52:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/12/2014 8:51:43 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: There are no more endpoints available from the endpoint mapper.
3/12/2014 8:51:40 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024882
3/12/2014 8:51:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 8:51:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 8:51:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/12/2014 6:04:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2929961).
3/12/2014 6:00:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2918077).
3/12/2014 6:00:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2930275).
3/12/2014 5:59:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2929755).
3/12/2014 5:59:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2929733).
3/12/2014 5:48:47 PM, Error: volmgr [46] - Crash dump initialization failed!
3/12/2014 5:02:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/12/2014 1:01:49 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/12/2014 1:01:39 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
3/11/2014 9:43:07 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/11/2014 8:37:56 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2913431).
3/11/2014 8:37:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2919469).
3/11/2014 8:37:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2913152).
3/11/2014 8:37:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2904266).
3/11/2014 8:37:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2891804).
3/11/2014 4:14:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/11/2014 2:50:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/11/2014 2:37:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/11/2014 2:17:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/11/2014 10:24:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2916036).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2913602).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2909210).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2893294).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2892074).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2887069).
3/11/2014 10:22:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862973).
3/11/2014 10:16:43 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
3/11/2014 10:16:09 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/10/2014 9:54:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2862330).
3/10/2014 7:41:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
3/10/2014 7:41:58 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2014 6:23:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2893294).
3/10/2014 6:23:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2862973).
3/10/2014 6:22:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2916036).
3/10/2014 6:22:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2913602).
3/10/2014 6:22:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2909210).
3/10/2014 6:22:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2892074).
3/10/2014 6:22:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2887069).
3/10/2014 6:21:28 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
3/10/2014 6:14:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/10/2014 6:10:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2891804).
3/10/2014 6:10:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2919469).
3/10/2014 6:10:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2913431).
3/10/2014 6:10:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2913152).
3/10/2014 6:10:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2904266).
3/10/2014 6:10:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2847077).
3/10/2014 5:26:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Live ID Sign-in Assistant service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/10/2014 12:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2898857).
3/10/2014 12:50:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2719033).
3/10/2014 12:50:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2911501).
3/10/2014 12:50:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2901112).
3/10/2014 11:49:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.1528.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/10/2014 11:26:14 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
3/10/2014 11:11:20 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/10/2014 11:11:20 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service or group failed to start.
3/10/2014 11:11:06 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/10/2014 11:11:06 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
shelf life
2014-03-15, 01:16
Thanks for all the info. For the .exe on your desktop: Boot your machine into safe mode. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list: Safe Mode. Once at the safe mode desktop. Try deleting the .exe. To exit safe mode simply reboot your machine normally.
You appeared to have alot of adware/toolbar stuff on board. Other than the Windows update problem are we making any progress to you?
jipse
2014-03-15, 06:34
Hi.
I don't know a lot. Fact is I'm in this position which makes me pretty dumb probly.
But I don't know of adware/toolbars, and if I have too much or any at all I am unaware of it
neither do I know how to get rid of it.
And the zip.exe file lives. no safe mode will get rid of the danged thing and it is still on my desktop and tells me I have
to have Kim/COMPADRE (my own acct) permission to delete it or do anything with it.

To top it off in system configurations it will not go to normal start up but loads only certain services with a particular boot.
now I guess I could wipe this computer, but won't I just reinfect my system again because all the backups have this user issue?

Here is what I see about the users issue

When I go to file properties... any file really I see that I have 15 users accounts associated to my computer name
and 19 users associated with God knows what I think is that I have a major problem.

USERS ARE THESE

USER NAME/FOLDER (*DENOTES ACTUAL USER ACCOUNTS)(**DENOTES WITHIN LAST 48 HOURS NEW ACCT)
*Kim/COMPADRE
*Kari/COMPADRE
*Admin/COMPADRE
*Guest/COMPADRE
Guests/COMPADRE
Administrator/COMPADRE
Administrators/COMPADRE
Distributed Com Users/COMPADRE
Event Log Readers/COMPADRE
HelpServicesGroup/COMPADRE
IIS_IUSRS**/COMPADRE
Performance Log Users/COMPADRE
Performance Monitor Users/COMPADRE
Updatus User/COMPADRE
Users/COMPADRE
THEN WITH NO FOLDER ASSOCIATION WHATSOEVER:
ANONYMOUS LOGON
Authenticated Users
BATCH
CONSOLE LOGON
CREATOR GROUP
CREATOR OWNER
DIALUP
Everyone
INTERACTIVE
IUSR**
LOCAL SERVICE
NETWORK
NETWORK SERVICE
OWNER RIGHTS
REMOTE INTERACTIVE LOGON
SERVICE
SYSTEM
TERMINAL SERVICE USER
This Organization Certificate

AND THEN THESE GUYS TO WHICH THERE IS ONE MORE WITH A 1009 ENDING - THEY ARE THE USERS PRIMARILY IN EVERYTHING AND
THEY OWN AND DENY ME MANY RIGHTS ESPECIALLY THAT ZIP.EXE FILE. SO I DON'T KNOW WHAT TO DO WITH ANY OF THIS

THEY ARE EITHER UNKNOWN USER OR JUST USER WITH THIS NAME ATTACHED:
S-1-5-21-364143782-3310643102-2883859610-1001
S-1-5-21-1390067357-1060284298-1202660629-1006

I'm not yelling, just forgot to turn off the caps and too tired to retype it all.
Any advice or help you can give is more appreciated than you could ever know.
I do a lot of work on this computer and I would like to restore it to serenity if at all possible.
As quickly as possible too :0)
jipse
2014-03-15, 09:53
Let me ask you this if I may: currently I have win7 home premium. If I upgrade to say, Win7 Professional, will that
cure it? Is the anytime upgrade on this computer, compromised as it is, safe to conduct a purchase thru?
I do not know how to wipe my computer. It was an HP purchase with Vista that I had upgraded to 7 home premium,
so I suspect a complete reinstall would be complex. Please recommend my best case scenario if you can.
shelf life
2014-03-15, 23:14
Pretty sure any backup/restore or upgrade would preserve what you have now. Those numbers you see:
S-1-5-21-36414... are Windows security identifiers and are harmless. (http://support.microsoft.com/kb/243330) There no actual live account that somebody is logged into.

The others I assume are from Windows local Security policy and how it manages accounts. Dosnt mean your machine has been compromised. Dont really know how it all works. I checked a few of my folders and I have different Group or user names listed under the security tab also.
Have you tried to delete any other accounts other than your own: Start>control panel> User Accounts

For the file on your desktop: go to this link. (http://www.bleepingcomputer.com/submit-malware.php?channel=67) Browse for the file on your machine the upload it using the send file button. I will see if it is malware. We will go from there.
jipse
2014-03-17, 01:01
Hello Shelf Life :0),
You have been so helpful. I am so grateful for your attention and assistance. I have definitely seen much improvement. I did try to send that zip.exe file to you but it said that I don't have permission to open this file and to check with my administrator to resolve the issue. I tried from the administrator account and it needs permission too o_0

The reason I say crazy things like something is in here with me is that each time I turn on my computer I go first to the firewall... I have learned to do this as the settings there will change from my last log on.
For example today when I turned it on first time in two days and it shows I am connected to a public unidentified network. I had to reconfigure the LAN and reset the modem. I do not have wireless, it is a motorola wired modem that I unplug from when the computer is not being used.
But I also have to go and turn off Public Sharing as this seems to be turned on everytime I start the computer.
Often Network Access Protection is off or the Firewall itself is off which is why I always check it first. Sometimes I try to reset the firewall to deafult settings and it will not let me do it. I reboot and I am able to reset the firewall to default and then have to deal with the public sharing.
This is a constant problem and though I am making progress on the Windows updates there seem to be 7 important ones that I can't install and configure successfully.

You asked about removing users. About four years ago my daughter had an account that she removed when she moved, the jessalyn account. It was only since late last year that she started showing up again in the users list. I have deleted any private contents from those files and recently removed the kari account to make room on the hard drive. So those are gone. I added one new user which I have not even accessed yet, just created it.

Thank You again you are so helpful! I have sent my startup entry report from Spybot in the file sender so that you can see that it shows two worms on startup.
shelf life
2014-03-18, 00:38
Ok your welcome.

"turn off Public Sharing as this seems to be turned on everytime I start the computer"

Public folder sharing (C:\Users\Public folder) are files that can be shared with other people using the same machine or other people using other computers on your local network, behind a router.

The folder isnt assessable from the other side of your modem, ie: the internet. I believe this is turned off by default except if your on a homegroup. MS thinks computers on the same router would want to share things. No harm if its on.
If you go to start>control panel>network and interent>homegroup theres some info there about it also.
http://www.7tutorials.com/what-public-folder-how-use-it

Network Access Protection, this is a Windows service that would only be on if your connected to another network that uses NAP, like work. Its off by default. Not needed for a home computer.

If you right click on the network icon by the clock and select: Open network and sharing center. Does it show your active Network as a Home network?

Do you know if this computer was connected to like access a work computer from home or on the road at one time?
jipse
2014-03-18, 17:58
Okay, so you are telling me the public folders thing is okay. my network sharing is on homegroup.
Now then, I have good news: I was finally able to update Windows and by creating a new acct and making it administrator, then taking ownership of the zip.exe file I was able to delete it. I feel whole again. Thank You so much for your help. It was the tools in Spybot and this communication with you that made a bad situation better. I have and will continue to support Safter Networking.
Only just one more question and I think we can consider my thread successful and closed:
Is there a program you can recommend to beef up or replace my Windows Firewall?
shelf life
2014-03-20, 00:39
hi,

Ok your welcome. Yes the public folder sharing is fine, its not assessable from the internet. If you go to C:\Users\Public folder right click>share with>advanced setting you will see the option to turn public folder sharing off. Click Save changes at the bottom if you make a change.

Actually your ahead of me because creating a new admin account for yourself was going to be my next suggestion.

You will get several different answers about firewalls. Really W7 firewall is very good compared to earlier versions and it was designed to be unintrusive. I prefer a inexpensive NAT hardware router along with Windows firewall. If you have more than one computer sharing your internet connection than you probably already have a NAT router. I really dont recommend third party software firewalls because they can put up lots of complicated options. A lot of people just may start clicking ok to everything or just disable it.

If you want to try a firewall, here are some free ones that I know of: Disable Windows firewall if the install dosnt do it for you. Try one at a time, dont care for it then unistall it via the add/remove programs panel.

Private Firewall 7.0 (http://www.privatefirewall.com/) look under the products tab
Comodo Firewall (http://www.comodo.com/) Products>firewall
OutPost (http://free.agnitum.com/)
Zone Alarm (http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm) Dont install there optional toolbar

You can download and use the free version of Malwarebytes (http://www.malwarebytes.org/) as another antimalware app to have on your machine. The free version must be updated manually and a scan started manually, it dosnt run in the background Good practice to check for updates every few days even if you dont do a scan with it at that time.
jipse
2014-03-21, 03:56
Thanks for all your help. I appreciate your suggestions as well.
~jipse
jipse
2014-03-24, 14:32
Hello Shelf Life,

I just thought I would let you know that this issue I have been having came back and is known by Spybot.
I do have an image I can send/post. Let me know if you would like me to do that.
Persistent thing. Spybot says it is a low threat, but if you are me, and you are doing production work on a PC, the
threat is HUGE. It gets into everything, takes over my desktop, my files, Users, If you take the S12921 user out it creates more.
It takes Spybot Pro 10 hours to find this in a full scan and malwarebytes does not find it and windows security does not find it.
So you can see with the amount of time involved in fixing it how I can be so convinced someone is in here with me.
The status of this issue should be elevated in Spybot as it does get into everything eventually.
I wish I could say that I think Spybot has taken care of this, but since it keeps coming back there must be a source I cannot find.
I think after all of this experience, I hate computers. Mostly because I have to have 10 programs to find and fight attacks, and such.
Very disenchanting.
shelf life
2014-03-26, 01:01
hi,

Sure, post the image you have from Spybot.