[Resolved] Fallout from "Smart Fortress 2012" cleanup.

  • 62 Replies
  • 11195 Views
*

Offline edw

  • Bronze Member
  • 38
[Resolved] Fallout from "Smart Fortress 2012" cleanup.
« on: March 09, 2012, 03:38:00 PM »
  My current situation is my machine has lost network connectivity.  The NIC shows as operating.

  There's a complicated history. I'll give you a summary version and I'll fill in any details requested.  My machine was acting normally until about 3/1 when I got a series of slow-downs and crashes that I traced (as I understood it), to the failure of the CPU heat sink fan.  

  On 3/5, I'd got the fan replaced.  I booted up and shortly thereafter I got a bunch of pop-ups from "Smart Fortress 2012" saying my computer was infested.  I was suspicious, so I shut down and googled on my Mac.   Sure enough, it was scareware.  I followed some instructions to get rid of it.

   The steps, I believe, were to boot up in safe mode with networking, run a "fixexe" script, then check that IE had not been redirected to a proxy server (it hadn't).  Then download malwarebytes and do a "quick scan".  It found several files of malware.

  I then re-booted in normal mode.  The computer appeared normal, including network connectivity. I fired up malwarebytes for a full scan and left for the day.  On return  the computer was frozen on the desktop - with the icons missing!
  I rebooted and ran Microsoft Security Essentials instead.  It found one more piece of malware and requested a reboot.
   This time after the reboot, the computer appears normal EXCEPT it has no network connectivity.  IPCONFIG /ALL just gives an error message.  THE NIC appears normal.  I tried rebooting in safe mode with networking, but it too has the same symptoms.

  I ran the requested scripts by downloading them on a Mac, transferring them on a USB stick and running them in safe mode.  Here are the results:

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by williams at 8:22:19 on 2012-03-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2659 [GMT
-8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated*
{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated*
{BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -
c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} -
c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff}
- c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9}
- c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -
c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program
files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program
files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Seattle Avionics Data Manager] c:\program files\seattle
avionics\data manager\DataManager.exe /HideAtStart
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program
files\common files\nero\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe"
-autorun
uRun: [Oops!Backup] c:\program files\altaro\oops!backup\OopsBackup.exe
AUTOSTART
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TrueImageMonitor.exe] c:\program
files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common
files\acronis\schedule2\schedhlp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft
shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe
-startup
mRun: [ISUSScheduler] "c:\program files\common
files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program
files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and
settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [HP Lamp] c:\scanjet\precisionscanpro\HPLamp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device
support\AppleSyncNotifier.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe"
/DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide
-runkey
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage
technology\IAStorIcon.exe
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java
update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application
support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe
/installquiet
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\williams\startm~1\programs\startup\dropbox.lnk -
c:\documents and settings\williams\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\williams\startm~1\programs\startup\shortc~1.lnk
- c:\program files\capture express\CAPEXP.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk
- c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynupd~1.lnk
- c:\program files\dyndns updater\DynTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\everno~1.lnk
- c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk
-
c:\windows\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ic
o
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk
- c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program
files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel -
c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program
files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -
{48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft
office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -
{FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft
office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://lumahai.dyndns.org/activex/AMC.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5BCB5AC2-47E7-4067-BB2B-3D43F96FC119} : DhcpNameServer =
192.168.1.1
TCP: Interfaces\{FC0D2F06-D88B-4C0E-AB2A-2C7298748C71} : NameServer =
206.13.28.12,206.13.31.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program
files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} -
c:\program files\eudora51\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd}
- c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager:
{56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop
search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\williams\application
data\mozilla\firefox\profiles\9g2mvweg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - 192.168.1.4
FF - prefs.js: network.proxy.http_port - 9999
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\williams\application
data\mozilla\firefox\profiles\9g2mvweg.default\extensions\{195a3098-0bd5-4e9
0-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla
firefox\plugins\npFoxitReaderPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys
[2009-8-30 66736]
S1 MpFilter;Microsoft Malware Protection
Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
S2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-5
12672]
S2 DeltaCopyService;DeltaCopy Server;c:\programs\deltacopy\DCServce.exe
[2009-11-23 683008]
S2 Dyn Updater;Dyn Updater;c:\program files\dyndns updater\DynUpSvc.exe
[2011-11-15 95608]
S2 emailrelay;E-MailRelay;c:\program
files\emailrelay\emailrelay-service.exe [2011-9-19 597281]
S2 gupdate;Google Update Service (gupdate);c:\program
files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program
files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe
[2011-3-25 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia
corporation\nvidia updatus\daemonu.exe [2011-10-23 2214504]
S2 OopsBackup.Service.exe;Oops!Backup Service;c:\program
files\altaro\oops!backup\OopsBackup.Service.exe [2011-9-29 22016]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys -->
c:\windows\system32\drivers\SSPORT.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\williams\locals~1\temp\alsysio.sys -->
c:\docume~1\williams\locals~1\temp\ALSysIO.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys
[2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program
files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 JEPPDRIVE;JeppDrive Service;c:\windows\system32\drivers\JeppDrive.sys
[2010-3-5 24344]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint
Workspace Audit Service;c:\program files\microsoft
office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys
[2010-6-25 35088]
S3 osppsvc;Office Software Protection Platform;c:\program files\common
files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE
[2010-1-9 4640000]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2009-4-13
16384]
.
=============== Created Last 30 ================
.
2012-03-09 16:01:36 -------- d-----w-
C:\be0b7b50ec5beb3701fcf77da2fd52
2012-03-09 02:48:45 -------- d-----w- c:\program
files\Core Temp
2012-03-08 17:58:49 29904 ----a-w- c:\documents and
settings\all
users\application data\microsoft\microsoft antimalware\definition
updates\{3ff63c55-b7a2-433b-a8c2-bc04fdb1a254}\MpKsl0a732e9c.sys
2012-03-08 17:32:58 6552120 ----a-w- c:\documents and
settings\all
users\application data\microsoft\microsoft antimalware\definition
updates\{3ff63c55-b7a2-433b-a8c2-bc04fdb1a254}\mpengine.dll
2012-03-08 17:15:38 -------- d-----w- c:\documents and
settings\williams\application data\Malwarebytes
2012-03-08 17:15:31 -------- d-----w- c:\documents and
settings\all
users\application data\Malwarebytes
2012-03-08 17:15:30 20464 ----a-w-
c:\windows\system32\drivers\mbam.sys
2012-03-08 17:15:30 -------- d-----w- c:\program
files\Malwarebytes'
Anti-Malware
2012-03-08 16:31:03 -------- d-----w- c:\documents and
settings\all
users\application data\99058D500033A0A4005FA5A6D151FC4E
2012-02-29 16:22:45 41680 ----a-w-
c:\windows\system32\drivers\haktfvqm.sys
2012-02-29 16:16:21 41680 ----a-w-
c:\windows\system32\drivers\svkrnvma.sys
2012-02-15 17:36:35 -------- d-----w- c:\documents and
settings\williams\application data\Dropbox
2012-02-15 11:42:51 3072 -c----w-
c:\windows\system32\dllcache\iacenc.dll
2012-02-15 11:42:51 3072 ------w-
c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-03-08
17:41:16 414368 ----a-w-
c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18:36 237072 ------w-
c:\windows\system32\MpSigStub.exe
2012-02-18 20:56:29 1480 ----a-w- c:\windows\AUTOLNCH.REG
2012-01-29 20:22:55 121208 ----a-w-
c:\windows\system32\drivers\AnyDVD.sys
2012-01-12 16:53:24 1859968 ----a-w-
c:\windows\system32\win32k.sys
2012-01-12 00:19:16 4448256 ----a-w-
c:\windows\system32\GPhotos.scr
2011-12-17 19:46:36 916992 ----a-w-
c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w-
c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w-
c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 8:23:56.43 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2009 8:00:00 PM
System Uptime: 3/9/2012 7:46:56 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel Pentium III Xeon processor | LGA1366 | 2672/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 635 GiB total, 417.17 GiB free.
D: is FIXED (NTFS) - 297 GiB total, 143.31 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
R: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1016: 12/10/2011 8:15:57 PM - Software Distribution Service 3.0
RP1017: 12/11/2011 2:05:38 AM - Software Distribution Service 3.0
RP1018: 12/11/2011 8:15:52 PM - Software Distribution Service 3.0
RP1019: 12/12/2011 8:15:39 PM - Software Distribution Service 3.0
RP1020: 12/13/2011 8:16:20 PM - Software Distribution Service 3.0
RP1021: 12/14/2011 8:16:46 PM - Software Distribution Service 3.0
RP1022: 12/15/2011 8:16:17 PM - Software Distribution Service 3.0
RP1023: 12/16/2011 3:00:24 AM - Software Distribution Service 3.0
RP1024: 12/17/2011 3:06:58 AM - System Checkpoint
RP1025: 12/17/2011 8:08:51 AM - Software Distribution Service 3.0
RP1026: 12/18/2011 2:03:35 AM - Software Distribution Service 3.0
RP1027: 12/18/2011 8:08:27 AM - Software Distribution Service 3.0
RP1028: 12/19/2011 8:08:42 AM - Software Distribution Service 3.0
RP1029: 12/20/2011 8:08:53 AM - Software Distribution Service 3.0
RP1030: 12/21/2011 8:08:39 AM - Software Distribution Service 3.0
RP1031: 12/21/2011 8:52:24 AM - Installed QuickTime
RP1032: 12/22/2011 8:08:40 AM - Software Distribution Service 3.0
RP1033: 12/23/2011 8:08:37 AM - Software Distribution Service 3.0
RP1034: 12/24/2011 8:08:24 AM - Software Distribution Service 3.0
RP1035: 12/25/2011 2:04:24 AM - Software Distribution Service 3.0
RP1036: 12/25/2011 8:08:37 AM - Software Distribution Service 3.0
RP1037: 12/26/2011 8:08:36 AM - Software Distribution Service 3.0
RP1038: 12/27/2011 8:08:36 AM - Software Distribution Service 3.0
RP1039: 12/28/2011 8:08:46 AM - Software Distribution Service 3.0
RP1040: 12/29/2011 8:08:41 AM - Software Distribution Service 3.0
RP1041: 12/30/2011 8:08:42 AM - Software Distribution Service 3.0
RP1042: 12/31/2011 8:08:41 AM - Software Distribution Service 3.0
RP1043: 1/1/2012 2:03:57 AM - Software Distribution Service 3.0
RP1044: 1/1/2012 8:08:44 AM - Software Distribution Service 3.0
RP1045: 1/2/2012 8:08:44 AM - Software Distribution Service 3.0
RP1046: 1/3/2012 8:08:41 AM - Software Distribution Service 3.0
RP1047: 1/4/2012 8:08:49 AM - Software Distribution Service 3.0
RP1048: 1/4/2012 7:56:48 PM - Paint.NET v3.5.10
RP1049: 1/5/2012 8:08:50 AM - Software Distribution Service 3.0
RP1050: 1/6/2012 8:09:09 AM - Software Distribution Service 3.0
RP1051: 1/7/2012 8:08:56 AM - Software Distribution Service 3.0
RP1052: 1/8/2012 2:04:03 AM - Software Distribution Service 3.0
RP1053: 1/8/2012 8:08:52 AM - Software Distribution Service 3.0
RP1054: 1/9/2012 8:08:37 AM - Software Distribution Service 3.0
RP1055: 1/10/2012 8:08:51 AM - Software Distribution Service 3.0
RP1056: 1/11/2012 8:32:23 AM - System Checkpoint
RP1057: 1/11/2012 7:43:00 PM - Software Distribution Service 3.0
RP1058: 1/12/2012 3:00:14 AM - Software Distribution Service 3.0
RP1059: 1/13/2012 3:08:05 AM - System Checkpoint
RP1060: 1/13/2012 7:57:56 AM - Software Distribution Service 3.0
RP1061: 1/14/2012 7:57:46 AM - Software Distribution Service 3.0
RP1062: 1/15/2012 2:09:34 AM - Software Distribution Service 3.0
RP1063: 1/15/2012 7:57:46 AM - Software Distribution Service 3.0
RP1064: 1/16/2012 7:58:01 AM - Software Distribution Service 3.0
RP1065: 1/17/2012 7:57:49 AM - Software Distribution Service 3.0
RP1066: 1/18/2012 7:58:13 AM - Software Distribution Service 3.0
RP1067: 1/19/2012 7:57:51 AM - Software Distribution Service 3.0
RP1068: 1/20/2012 7:58:04 AM - Software Distribution Service 3.0
RP1069: 1/21/2012 7:58:06 AM - Software Distribution Service 3.0
RP1070: 1/22/2012 2:10:02 AM - Software Distribution Service 3.0
RP1071: 1/22/2012 7:57:51 AM - Software Distribution Service 3.0
RP1072: 1/23/2012 7:58:07 AM - Software Distribution Service 3.0
RP1073: 1/24/2012 7:57:51 AM - Software Distribution Service 3.0
RP1074: 1/25/2012 7:58:02 AM - Software Distribution Service 3.0
RP1075: 1/26/2012 7:58:20 AM - Software Distribution Service 3.0
RP1076: 1/27/2012 8:03:17 AM - Software Distribution Service 3.0
RP1077: 1/28/2012 7:58:17 AM - Software Distribution Service 3.0
RP1078: 1/29/2012 2:10:09 AM - Software Distribution Service 3.0
RP1079: 1/29/2012 7:58:06 AM - Software Distribution Service 3.0
RP1080: 1/29/2012 2:29:00 PM - Installed SolarPathfinder Assistant 1.1
RP1081: 1/30/2012 7:58:15 AM - Software Distribution Service 3.0
RP1082: 1/31/2012 3:00:14 AM - Software Distribution Service 3.0
RP1083: 2/1/2012 4:07:12 AM - System Checkpoint
RP1084: 2/1/2012 7:45:09 AM - Software Distribution Service 3.0
RP1085: 2/2/2012 7:45:07 AM - Software Distribution Service 3.0
RP1086: 2/3/2012 7:45:12 AM - Software Distribution Service 3.0
RP1087: 2/4/2012 7:44:52 AM - Software Distribution Service 3.0
RP1088: 2/5/2012 2:26:54 AM - Software Distribution Service 3.0
RP1089: 2/5/2012 7:44:54 AM - Software Distribution Service 3.0
RP1090: 2/6/2012 7:44:52 AM - Software Distribution Service 3.0
RP1091: 2/7/2012 7:44:52 AM - Software Distribution Service 3.0
RP1092: 2/8/2012 7:45:00 AM - Software Distribution Service 3.0
RP1093: 2/9/2012 7:44:57 AM - Software Distribution Service 3.0
RP1094: 2/10/2012 7:45:14 AM - Software Distribution Service 3.0
RP1095: 2/11/2012 7:45:14 AM - Software Distribution Service 3.0
RP1096: 2/12/2012 2:26:54 AM - Software Distribution Service 3.0
RP1097: 2/12/2012 7:45:01 AM - Software Distribution Service 3.0
RP1098: 2/13/2012 7:45:18 AM - Software Distribution Service 3.0
RP1099: 2/14/2012 7:45:01 AM - Software Distribution Service 3.0
RP1100: 2/15/2012 7:45:09 AM - Software Distribution Service 3.0
RP1101: 2/16/2012 3:00:16 AM - Software Distribution Service 3.0
RP1102: 2/16/2012 8:06:09 AM - Software Distribution Service 3.0
RP1103: 2/17/2012 8:01:01 AM - Software Distribution Service 3.0
RP1104: 2/18/2012 8:01:07 AM - Software Distribution Service 3.0
RP1105: 2/19/2012 1:37:07 AM - Software Distribution Service 3.0
RP1106: 2/19/2012 8:00:40 AM - Software Distribution Service 3.0
RP1107: 2/20/2012 8:01:19 AM - Software Distribution Service 3.0
RP1108: 2/21/2012 8:01:09 AM - Software Distribution Service 3.0
RP1109: 2/22/2012 8:01:04 AM - Software Distribution Service 3.0
RP1110: 2/23/2012 8:01:09 AM - Software Distribution Service 3.0
RP1111: 2/24/2012 8:01:16 AM - Software Distribution Service 3.0
RP1112: 2/25/2012 8:21:01 AM - Software Distribution Service 3.0
RP1113: 2/26/2012 2:28:44 AM - Software Distribution Service 3.0
RP1114: 2/26/2012 8:15:37 AM - Software Distribution Service 3.0
RP1115: 2/27/2012 8:19:01 AM - Software Distribution Service 3.0
RP1116: 2/28/2012 8:11:15 AM - Software Distribution Service 3.0
RP1117: 2/29/2012 8:11:59 AM - Software Distribution Service 3.0
RP1118: 3/7/2012 8:29:00 PM - System Checkpoint
RP1119: 3/8/2012 10:37:26 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Acronis?True?Image
ADDS Flight Path Tool
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
AirPort
Amazon MP3 Downloader 1.0.12
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AXIS Media Control Embedded
Bonjour
Bonjour Print Services
calibre
Canon Camera Access Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cessna G1000 Trainer v6.01
Cisco Systems VPN Client 5.0.03.0530
CloneDVD2
Core Temp 1.0 RC3
CPUID CPU-Z 1.53.1
Crazy Machines II + Demo
DAEMON Tools Toolbar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeltaCopy
Digital Aviation Reference Library
DiskCheckup v3.0.1006
Dragon NaturallySpeaking 10
Dropbox
Dyn Updater
Eudora
Evernote v. 4.1
Express Gate
Fine Homebuilding Archive
Fine Woodworking Archive
FolderMatch v3.5.5
Foxit Creator
Foxit PDF IFilter
Foxit Reader
G600 Trainer
GA IFR Panel Demo Setup
GARMIN 400 Series Trainer
Garmin USB Drivers
Garmin WebUpdater
GIMP 2.6.8
GNS400W-500W Trainer
Google Chrome
Google Earth
Google SketchUp 7
Google SketchUp 8
Google Update Helper
GPSU version 5.05
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Digital Sender 9100C
HP iPAQ 31x Map Update (NAENG) (03/22/2008 map datum)
HP PrecisionScan Pro and Utilities
Hugin 2011.0.0
iGolf Neo Sync Application v3.0.2
Intel(R) Rapid Storage Technology
Investment Account Manager 2
IP Trainer
ISO Recorder
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Jeppesen Services
Jeppesen Services Update Manager
JMicron JMB36X Driver
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Lexmark Printer Software Uninstall
Malwarebytes Anti-Malware version 1.60.1.1000
marvell 61xx
Mechanic's Toolbox
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Milestone XProtect Smart Client 3.6f
MobileMe Control Panel
Mobipocket Creator 4.2
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Control Panel 275.33
NVIDIA Display Control Panel
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA Update 1.3.5
NVIDIA Update Components
OGA Notifier 2.0.0048.0
On Top 9.5 Demo
Oops!Backup
OpenAL
oZone3D.Net FurMark v1.6.5
Paint.NET v3.5.10
PC Probe II
Picasa 3
PL-2303 USB-to-Serial
QuickTime
RAIDar 4.1.3
Reality XP Garmin GNS WAAS for X-Plane 9
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Savings Bond Wizard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shipping Assistant 3.6
Sketchpad
SketchUp DWG Importer
SmartDraw VP
SolarPathfinder Assistant 1.1
Sony Sound Forge Audio Studio 9.0
System Requirements Lab for Intel
Tomvale Aviation Calculator
TrueCrypt
Tweak UI
Universal Document Converter (Demo)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Virtual Desktop Manager Powertoy for Windows XP
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.0.5
Voyager 4 Flight Software System
VST Bridge 1.1
WebFldrs XP
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009
2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
WinPcap 4.1.2
Yorick 2.1.05
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 9:33:14 AM, error: Microsoft Antimalware [2001] - Microsoft
Antimalware has encountered an error trying to update signatures. New
Signature Version: Previous Signature Version: 1.121.1154.0
Update
Source: Microsoft Update Server Update Stage: Search Source Path:
Default
URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine
Version:
1.1.8101.0 Error code: 0x80070422 Error description: The service
cannot
be started, either because it is disabled or because it has no enabled
devices associated with it.
3/8/2012 9:33:14 AM, error: DCOM [10005] - DCOM got error "%1058"
attempting to start the service wuauserv with arguments "" in order to run
the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/8/2012 9:32:49 AM, error: Microsoft Antimalware [2001] - Microsoft
Antimalware has encountered an error trying to update signatures. New
Signature Version: Previous Signature Version: 1.121.645.0
Update
Source: Microsoft Update Server Update Stage: Search Source Path:
Default
URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine
Version:
1.1.8101.0 Error code: 0x80070422 Error description: The service
cannot
be started, either because it is disabled or because it has no enabled
devices associated with it.
3/8/2012 9:31:18 AM, error: Service Control Manager [7026] - The following
boot-start or system-start driver(s) failed to load: atapi PCIIde Pnp680
3/8/2012 9:29:27 AM, error: DCOM [10005] - DCOM got error "%1084"
attempting to start the service EventSystem with arguments "" in order to
run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2012 9:10:24 AM, error: Service Control Manager [7026] - The following
boot-start or system-start driver(s) failed to load: AsIO ElbyCDIO Fips
intelppm MpFilter sptd truecrypt
3/8/2012 9:09:00 AM, error: sptd [4] - Driver detected an internal error
in its data structures for .
3/8/2012 8:58:50 AM, error: DCOM [10005] - DCOM got error "%1084"
attempting to start the service StiSvc with arguments "" in order to run
the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/8/2012 8:31:50 AM, error: Service Control Manager [7032] - The Service
Control Manager tried to take a corrective action (Restart the service)
after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: The service
cannot be started, either because it is disabled or because it has no
enabled devices associated with it.
3/8/2012 8:31:35 AM, error: Service Control Manager [7031] - The Microsoft
Antimalware Service service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 15000
milliseconds: Restart the service.
3/8/2012 12:45:39 PM, error: Microsoft Antimalware [3002] - Microsoft
Antimalware Real-Time Protection feature has encountered an error and
failed. Feature: On Access Error Code: 0x80004005 Error
description:
Unspecified error Reason: The filter driver skipped scanning items and
is
in pass through mode. This may be due to low resource conditions.
3/8/2012 10:45:51 PM, error: Service Control Manager [7003] - The TCP/IP
Protocol Driver service depends on the following nonexistent service: IPSec
3/8/2012 10:45:49 PM, error: Service Control Manager [7001] - The DNS
Client service depends on the TCP/IP Protocol Driver service which failed
to start because of the following error: The dependency service does not
exist or has been marked for deletion.
3/8/2012 10:42:56 PM, error: Service Control Manager [7001] - The Network
Location Awareness (NLA) service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: The
dependency service does not exist or has been marked for deletion.
3/8/2012 10:42:46 PM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load: Tcpip
3/8/2012 10:42:35 PM, error: Service Control Manager [7038] - The
DeltaCopyService service was unable to log on as .\williams with the
currently configured password due to the following error: Logon failure:
the user has not been granted the requested logon type at this computer. To
ensure that the service is configured properly, use the Services snap-in in
Microsoft Management Console (MMC).
3/8/2012 10:42:35 PM, error: Service Control Manager [7023] - The Windows
Firewall/Internet Connection Sharing (ICS) service terminated with the
following error: The system cannot find the file specified.
3/8/2012 10:42:35 PM, error: Service Control Manager [7003] - The IPSEC
Services service depends on the following nonexistent service: IPSec
3/8/2012 10:42:35 PM, error: Service Control Manager [7001] - The DNS
Client service depends on the TCP/IP Protocol Driver service which failed
to start because of the following error: A device attached to the system
is not functioning.
3/8/2012 10:42:35 PM, error: Service Control Manager [7001] - The DHCP
Client service depends on the TCP/IP Protocol Driver service which failed
to start because of the following error: A device attached to the system
is not functioning.
3/8/2012 10:42:35 PM, error: Service Control Manager [7001] - The Bonjour
Service service depends on the TCP/IP Protocol Driver service which failed
to start because of the following error: A device attached to the system
is not functioning.
3/8/2012 10:42:35 PM, error: Service Control Manager [7001] - The Apple
Mobile Device service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error: A device attached to the
system is not functioning.
3/8/2012 10:42:35 PM, error: Service Control Manager [7000] - The SSPORT
service failed to start due to the following error: The system cannot find
the file specified.
3/8/2012 10:42:35 PM, error: Service Control Manager [7000] - The DgiVecp
service failed to start due to the following error: The system cannot find
the file specified.
3/8/2012 10:42:35 PM, error: Service Control Manager [7000] - The
DeltaCopy Server service failed to start due to the following error: The
service did not start due to a logon failure.
3/8/2012 10:42:35 PM, error: Service Control Manager [7000] - The ASPI32
service failed to start due to the following error: The system cannot find
the file specified.
3/8/2012 10:40:35 PM, error: NetBT [4311] - Initialization failed because
the driver device could not be created.
3/8/2012 10:37:05 PM, error: Service Control Manager [7023] - The Network
Location Awareness (NLA) service terminated with the following error: The
specified procedure could not be found.
3/8/2012 10:00:09 AM, error: System Error [1003] - Error code 1000008e,
parameter1 c0000005, parameter2 b7d2ef15, parameter3 a766c738, parameter4
00000000.
3/7/2012 8:10:26 PM, error: System Error [1003] - Error code 1000008e,
parameter1 c0000005, parameter2 b7d2ef15, parameter3 a9096738, parameter4
00000000.
3/7/2012 8:09:32 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0,
did not respond within the timeout period.
.
==== End Of File ===========================

« Last Edit: March 21, 2012, 01:17:06 PM by Bear »

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #1 on: March 09, 2012, 03:42:01 PM »
Hello and welcome to SpywareHammer.

I go by Bear, and I will be helping you with your problem. I understand that having malware on your system is disruptive, annoying and can even be frightening.  I also understand the urgency of getting your computer functioning again.  Working as a team, you and I will be able to confront this problem and hopefully bring it to a successful conclusion.  But you need to do a few things to help me understand your situation.

First, tell me everything and anything that you have already tried to fix this problem. 

Second, tell me the symptoms that of infection that you are seeing in your computer and when you first notice them.  If the symptoms were progressive, let me know that.

Third, please only use one forum to help resolve your problem. Posting on more than one forum or trying other things in between our procedures will confuse and lengthen the process and may even make a positive solution impossible.

Fourth, please follow my instructions exactly.   If you cannot follow them or don't understand something, let me know immediately and do NOTHING until you hear from me.  If for any reason you have deviated from my instructions, PLEASE let me know at once.

Fifth, Understand that malware gets into your computer system very easily but can be very, very difficult to remove.  It could take a while and we may have to try several processes to fix the problem.  So please "keep the faith".   I will do all I can to get your computer operating properly, and if I can't fix it we have many very bright individuals here who will help us.

Sixth, do not send anything to me as an attachment unless I specifically ask for it.  Please copy and paste all of your responses to me by replying to my post on this forum.  If the response is too long (the forum has size limits), please send it in portions, sequentially.

Seventh let me know of any software you have running that encrypts your hard drive, such as Windows BitLocker or any others.

Eighth If your PC is set to automatically update, DISABLE, this function and do not update until we have disinfected your PC.

And lastly, before we do anything else, please back up you data, if possible on an external media such as DVD's, CD's, memory sticks or external hard drives.

I will analyze your data and post instructions back to you. 



Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #2 on: March 09, 2012, 04:34:01 PM »
Hi edw

You have the Zero Access Rootkit.  A nasty one.  Usually when you have a rootkit it allows other malware to enter your system as well.  Please BE SURE to NOT check word wrap on Notepad in future posts. 

Let's start cleaning your PC.  Because of the rootkit, some tools may not run properly, that is expected.

Please read carefully and follow these steps:

1.  Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: Combofix use

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Close all open browsers.

2.  Disable all of your Anti-Virus, Anti-Spyware programs.  If you need help to disable them go to Disable Anti Malware, be sure to re-enable them before posting your reply.

3.  Double click combofix.exe.  For XP, if ComboFix offers to install a Recovery Console, you must permit it to do so. It is very dangerous to permit ComboFix to run unless the Recovery Console is installed.

When finished, it will produce a report for you at C:\ComboFix.txt.  If ComboFix reboots, it may take a while to boot back up, if you cold restart at this point you could wind up not being able to boot the PC.

Please always check to be sure Word Wrap is NOT turned on in any Notepad  files you post.  This is done by opening the Notepad file and clicking on Format to be sure Word Wrap is not checked.

Note:  This site has size limits on posts.  Please be sure to check that all the data you entered was posted.  If not, use multiple posts.

Now please post the following to me as a reply to this post:
ComboFix.txt
Let me know how your computer is operating
If you have any questions or problems, let me know that as well


Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #3 on: March 09, 2012, 06:17:42 PM »
  Since Internet is blocked on my infected PC, I'll have to transfer combofix to its desktop via USB stick. I presume that will be OK.
  Should I do this booted in normal or safe mode?
  Would it be a good idea to disconnect the network cable for the moment, so I'm not chasing further infections?

  Thanks.


*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #4 on: March 09, 2012, 06:44:51 PM »
HI edw
Yes, you will have to transfer the tools using a flash memory drive.  I will try to get you back online as soon as possible to speed the process.  Let's try normal mode first and see if we have problems running CF.  I would suggest changing the name of the downloaded program to gotcha.exe, which might help.  Disconnecting from the network at this point would be OK.  But we will have to re-connect in future posts to test network functionality.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #5 on: March 10, 2012, 10:27:36 AM »
  I'm in the midst of getting a full backup onto a Firewire drive, in case problems with my NAS backup.  First attempt crashed overnight- perhaps because my RAID 10 array on my PC was rebuilding at the same time, or perhaps because the firewire drive was FAT32, now reformatted as NTFS, or because...  Should complete in another seven hours - then I'm ready to go with combofix.  I already did some partial extra backups of the most important stuff.  Hopefully, none of the above will be necessary.

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #6 on: March 10, 2012, 02:43:35 PM »
Hi edw

You can never have too many backups.  However once we have the PC completely clean and stable, we will have to delete them all and re-create them as they will be infected.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #7 on: March 10, 2012, 09:00:42 PM »
  OK.  I tried combofix.exe.  It asked to install the Microsoft Recovery Console - but was unable because I have no Internet connection.  Right now, I'm waiting at a dialog box that says "You do not appear to be connected to the internet. Kindly connect before clicking OK."

    Ed

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #8 on: March 10, 2012, 09:10:13 PM »
Hi edw
We'll try to connect, may or may not work at this point.  First abort CF.  Then:

Copy the code in the code box below.  Then click Start/Run and paste it into the input box.  Click OK.

Code: [Select]

cmd "netsh winsock reset"


Now reboot into normal operating mode.
 

Check to see if you have internet conectivity.  If you do follow the previous instructions and run CF.  If you don't, run CF and skip installing the recovery console.  Not good, but it's what we have.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #9 on: March 10, 2012, 09:21:15 PM »
  How about trying to install the recovery console of the XP install disk?

    http://support.microsoft.com/kb/307654

     Ed

*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #10 on: March 10, 2012, 09:54:15 PM »
Hi edw

Yes that will work.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #11 on: March 10, 2012, 10:03:28 PM »
  It half worked.  The recovery console installed, but when I tried booting it, it needed drivers for my RAID system.  These have to be on a floppy.  Sigh.  I'd have to borrow a drive out of another machine to finish the install.  But maybe that's enough to give me a way back in if required.


*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #12 on: March 10, 2012, 10:09:32 PM »
   Combofix says it won't try some stuff without the console - so I'll go the hardware scavenging route and temporarily install a floppy drive..  That will take a while, as it's now time for dinner.


*

Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • 2830
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #13 on: March 10, 2012, 10:23:39 PM »
Hi edw
If you know the name of the raid system you have, you can download the drivers on your other PC.  You should still try the netsh command to see if you can get back online.  Also if CF doesn't run we can try some other tools.
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

*

Offline edw

  • Bronze Member
  • 38
Re: [In Progress B] Fallout from "Smart Fortress 2012" cleanup.
« Reply #14 on: March 11, 2012, 12:50:21 AM »
   I have the drivers available - but when I try to boot the recovery console, it says to press F6 to install them - but demands they are on Drive A:.  Is there a way around this?  I tried putting them in a USB floppy drive, but it didn't recognize it.

   I'll try to see if I can get online.  No luck...
  ipconfig /all 
still gives:

  Windows IP Configuration
An internal error occurred: The request is not supported ...

  Additional information:  Unable to query hostname.