[Inactive] Ransomware Trojan - Tobfy.a

[AshleyPaterson]

Laptop (4 months old) came with McAfee installed. Last month I ended up having a lot of Trojans-malware on my computer that was discovered and cleaned by Microsoft Security Essentials. As I was paying for McAfee I was furious as to how these lil [Edited by Admin.] got into my computer... thats when I discovered my firewall was shut off. I was assued that this was ok as McAfee has a firewall - wrong! I finally uninstalled McAfee to find out that I could not turn on my firewall for the life of me. I searched and searched endless forums and different ways - Finally today I found a solution to my Firewall.... unfortunatly not intime to stop the lovely Tobfy.a coming into my computer. I have 4 trojans... the annoying pop up from the government asking me for my money. I am able to make the pop up go away after clicking esc 900 times however its still lurking around as I do not have a taskbar, start, command prompt or desktop.
I completed a system restore wich I hate doing... but it didn't work anyways! I am able to go into Safe Mode, Safe Mode with Networking, and of course normal. I do not have another computer to access - Please let me know what kind of information you need from me and please help me get rid of this pain!!

Windows 7 (64bit)

[Bugbatter]

Hi Ashley,

Another helper will be along soon, but let me get you started.
Please boot into safemode with networking.  Please perform the following scan:

• Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • DDS.scr
    
     
• Double click on the DDS icon and allow it to run.
  
• A small box will open, with an explanation about the tool.   
• When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt

• Save both logs to your desktop.
• The instructions here ask you to attach the Attach.txt.

 

• Instead of attaching, please copy/paste both logs into your reply here.
  
  
• Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan; enable your A/V and reconnect to the internet. 
Information on A/V control: http://www.bleepingcomputer.com/forums/topic114351.html
  In order to avoid damaging your system further, please do NOT run any other anti-virus or anti-malware scans unless under the direction of our Staff here

* Our trained volunteers will reply to your log as soon as possible. We appreciate your patience.
*  Please do not bump your topic. Replying to your new topic will cause the helpers here to skip over your log thinking that it is already being addressed.
* Please do not include suspicious links. You may, however describe the type or name of sites that you are having a problem with. By using links, you would be putting other members at risk if they click on them by accident. If you need to give information about sites that you are redirected to, please disable the links by using hxxp:// instead of http://
* Please feel free to ask questions and disagree politely, but do not argue with the instructions given. Profanity is not allowed. (This will result in your post being deleted)
* We appreciate your replying to the helper’s instructions in a timely manner. Threads are deemed inactive after a specified time. If you plan to be away for a few days, please inform your helper so that your topic will not be removed.

[Hoov]

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer. If you can follow the instructions from Bugbatter, go ahead. If not the follow the instructions below, and then try running DDS.


Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Update Malwarebytes'' Anti-Malware
  
• Launch Malwarebytes'' Anti-Malware

• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Full Scan" option is selected.
  
• Then click on the Scan button.
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Hopefully this will clear up enough of the problem to give you a bit of breathing room. [/list]

[AshleyPaterson]

1. I have quarentined and removed from Microsoft Security Essentials, however its clear the remove did not work Trojan:Win32/Tobfy.A & VirTool:Win32/CeeInject.gen!IH; I also completed a system restore back to October 15 wich did nothing for me. The problem the ransomware is causing is the white screen indicating they are the government and I have been frauding... needing $100.00.... I loose my Start Bar, unable to "run" but I am able to bring up Task Manager - when I bring up Task Manager it makes the white screen go away
2. Only post is here
3. I will try to follow as best I can
4. lol fait is little right now!
5. I will stick with you... just bare in mind I wont be able to respond right away as of course my computer is not running as nice
Data is backed up as best as possible
No software encrypting
The laptop is personal (mine)

I downloaded RKill and it ran fine

I was unable to download Malwarebytes as the message comes up - mbam-setup-1.65.1.1000.exe is unsafe to download and was blocked by SmartScreen Filter

AS FOR BUGBATTER

I downloaded the two DDS files but I am not able to copy and paste them in here as I exceed the 5000 charater limit

[Hoov]

Reboot the computer to safe mode with networking and download Malwarebytes' Anti-Malware. Then reboot the computer normally and then run Rkill again and then install Malwarebytes' Anti-Malware and then proceed with the instructions.

Let me know if you still have problems with that.

As for the DDS logs, you can post each one in a response, or split them up into three posts. If you get an error about being infected, zip the files up and attach them.

[AshleyPaterson]

Still will not allow me to install malwarebytes on Safemode with networking, same error message about it not being safe

I will paste the files next DDS logs next

[AshleyPaterson]

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by B at 20:28:05 on 2012-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.6038.3663 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Facebook Update] "C:\Users\B\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [] C:\Users\B\fqpypxnjpxgcmhqz.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{556B9D01-976A-4CA7-A7EA-3F522F1F495D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{556B9D01-976A-4CA7-A7EA-3F522F1F495D}\84058414 : DHCPNameServer = 10.10.10.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\fmxuk7p4.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\B\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-02 19:19; {0153E448-190B-4987-BDE1-F256CADA672F}; C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-6-4 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-4 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-4 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-6-4 176096]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-6-4 212544]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-6-4 69184]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-4 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-6-4 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2012-6-4 8615936]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-4 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-6-4 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-5-12 11776]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-29 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-6-4 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-6-4 212992]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-6-4 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-20 23:19:14   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEA0D0E4-4FB1-413C-AC03-5AB3F3A8FEF9}\offreg.dll
2012-10-20 18:09:26   9291768   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEA0D0E4-4FB1-413C-AC03-5AB3F3A8FEF9}\mpengine.dll
2012-10-20 14:51:56   --------   d-----w-   C:\Users\B\AppData\Local\{38177739-0B08-4931-8D93-95200A2010AD}
2012-10-20 02:50:51   --------   d-----w-   C:\Users\B\AppData\Local\{A280A1EA-F3C8-4D4D-B617-209978DB1FCC}
2012-10-20 02:14:15   57856   ----a-w-   C:\Users\B\fqpypxnjpxgcmhqz.exe
2012-10-20 02:14:13   39424   ----a-w-   C:\Users\B\dfpxvxmilgtruppb.exe
2012-10-19 15:41:17   9291768   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-19 15:14:08   --------   d-----w-   C:\ProgramData\Fugazo
2012-10-11 07:21:02   --------   d-----w-   C:\Users\B\AppData\Local\{ADD9E65C-0123-4AF9-9E9E-49D17F1FC20E}
2012-10-10 13:08:16   1659760   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2012-10-10 13:05:58   220160   ----a-w-   C:\Windows\System32\wintrust.dll
2012-10-10 13:05:58   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-10-10 13:05:38   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2012-10-10 13:05:38   2048   ----a-w-   C:\Windows\System32\tzres.dll
2012-10-10 13:05:07   715776   ----a-w-   C:\Windows\System32\kerberos.dll
2012-10-10 13:05:07   542208   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2012-10-10 13:04:49   1464320   ----a-w-   C:\Windows\System32\crypt32.dll
2012-10-10 13:04:49   1159680   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2012-10-10 13:04:48   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-10-10 13:04:48   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 13:04:48   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-10-10 13:04:48   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-10-05 17:24:30   972192   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AFD4058-46FE-4369-8ABA-C6E9BF8A4A99}\gapaengine.dll
2012-10-05 02:04:48   --------   d-----w-   C:\Users\B\AppData\Local\{5BB37ADE-D5DD-482F-8854-7CE5D443479C}
2012-10-03 15:40:12   972192   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 23:19:58   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2012-09-28 04:03:11   73696   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-26 12:46:06   245760   ----a-w-   C:\Windows\System32\OxpsConverter.exe
2012-09-25 11:15:06   --------   d-----w-   C:\Users\B\AppData\Local\{E0ACA48D-C0DF-4672-8773-FC3BA4CFE80A}
2012-09-22 07:19:29   --------   d-----w-   C:\Users\B\AppData\Local\{2C0FD82F-B6B8-4321-BFD0-B55095299D0D}
.
==================== Find3M  ====================
.
2012-10-02 23:19:13   499712   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2012-10-02 23:19:13   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2012-09-04 00:14:31   73416   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-04 00:14:31   696520   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 02:03:48   228768   ----a-w-   C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48   128456   ----a-w-   C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02   3968880   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02   3914096   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-08-24 10:20:11   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-08-24 01:45:47   328704   ----a-w-   C:\Windows\System32\services.exe
2012-08-24 01:13:13   328704   ----a-w-   C:\Windows\System32\services.exe.BDE542AAA71CF426
2012-08-24 01:09:32   328704   ----a-w-   C:\Windows\System32\services.exe.08CDCA394D7B2BC0
2012-08-24 00:36:14   328704   ----a-w-   C:\Windows\System32\services.exe.E840B908F2CC3657
2012-08-24 00:31:20   328704   ----a-w-   C:\Windows\System32\services.exe.63A8B392B11A374D
2012-08-24 00:26:37   328704   ----a-w-   C:\Windows\System32\services.exe.A0D505ECEB2439DD
2012-08-24 00:19:12   328704   ----a-w-   C:\Windows\System32\services.exe.79624198A74CD037
2012-08-24 00:10:48   328704   ----a-w-   C:\Windows\System32\services.exe.C44CA52DBC506328
2012-08-24 00:01:05   328704   ----a-w-   C:\Windows\System32\services.exe.82D788DBFBD93DFA
2012-08-23 23:53:42   49872   ----a-w-   C:\Windows\System32\drivers\uhksbihr.sys
2012-08-23 23:53:42   328704   ----a-w-   C:\Windows\System32\services.exe.54C24A2606F07228
2012-08-23 23:50:15   328704   ----a-w-   C:\Windows\System32\services.exe.D2AE316FDEBC038D
2012-08-23 23:41:08   328704   ----a-w-   C:\Windows\System32\services.exe.B30083AF6AB57049
2012-08-23 23:35:10   328704   ----a-w-   C:\Windows\System32\services.exe.9FDFC1647D4BDB7B
2012-08-23 23:30:20   328704   ----a-w-   C:\Windows\System32\services.exe.CECD7E5BD2EADFAB
2012-08-23 23:26:23   328704   ----a-w-   C:\Windows\System32\services.exe.42560116AEF2075D
2012-08-22 18:12:50   1913200   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40   950128   ----a-w-   C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40   376688   ----a-w-   C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33   288624   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44   243200   ----a-w-   C:\Windows\System32\wow64.dll
2012-08-20 18:48:44   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22   338432   ----a-w-   C:\Windows\System32\conhost.exe
2012-08-20 17:40:21   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52   574464   ----a-w-   C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20   490496   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
2012-08-01 18:13:42   41704   ----a-w-   C:\Windows\System32\drivers\hssdrv6.sys
2012-08-01 18:13:40   38632   ----a-w-   C:\Windows\System32\drivers\taphss.sys
.
============= FINISH: 20:28:28.90 ===============

[AshleyPaterson]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/06/2012 11:42:22 AM
System Uptime: 20/10/2012 7:37:19 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0YH79Y
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 586.844 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 15/10/2012 1:17:07 PM - Microsoft Antimalware Checkpoint
RP68: 16/10/2012 9:36:28 PM - Microsoft Antimalware Checkpoint
RP69: 17/10/2012 11:37:05 AM - Windows Update
RP71: 19/10/2012 8:06:52 PM - Microsoft Antimalware Checkpoint
RP72: 20/10/2012 2:11:07 PM - Windows Update
RP73: 20/10/2012 4:12:58 PM - Restore Operation
RP74: 20/10/2012 5:53:12 PM - Installed Microsoft Fix it 50203
.
==== Installed Programs ======================
.
100% Free Gin 7.42
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Advanced Audio FX Engine
Amazing Adventures Around the World
Amazing Adventures The Caribbean Secret
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bejeweled 2 Deluxe
Big City Adventure - San Francisco
Big City Adventure - Sydney
Big City Adventure - Vancouver
Big City Adventure: London Story
Blackhawk Striker 2
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Cozi
D3DX10
Deep Blue Sea 2: The Amulet of Light
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dream Builder: Amusement Park
Escape Whisper Valley (TM)
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
High-Definition Video Playback
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) WiDi
Intel(R) Wireless Display
iTunes
Java Auto Updater
Java(TM) 6 Update 32
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
K-Lite Codec Pack 8.8.0 (Standard)
Luxor
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MotoHelper 2.0.51 Driver 5.2.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namco All-Stars PAC-MAN
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Premium Service Agreement
QualxServ Service Agreement
Quickset64
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
SyncUP
Tales of Lagoona
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
20/10/2012 7:21:30 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The specified module could not be found.
20/10/2012 7:18:19 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 7:14:38 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
20/10/2012 6:51:41 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 6:51:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
20/10/2012 6:51:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/10/2012 6:51:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/10/2012 6:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/10/2012 6:51:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/10/2012 6:51:17 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
20/10/2012 6:51:14 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 5:55:28 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
20/10/2012 5:55:28 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
20/10/2012 4:17:20 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
20/10/2012 4:17:20 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.
20/10/2012 4:17:20 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
20/10/2012 4:16:20 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error:  An instance of the service is already running.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:15:20 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/10/2012 4:10:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80074fe810, 0xfffffa80074feaf0, 0xfffff80002988460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-15802-01.
20/10/2012 4:08:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/10/2012 3:55:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
20/10/2012 2:11:54 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.     New Engine Version:      Previous Engine Version: 2.1.8600.0     Engine Type: Network Inspection System     User: B-PC\B     Error Code: 0x80070666     Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
20/10/2012 2:11:54 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 15.12.0.0     Update Source: User     Update Stage: Install     Source Path:      Signature Type: Network Inspection System     Update Type: Full     User: B-PC\B     Current Engine Version:      Previous Engine Version: 2.1.8600.0     Error code: 0x80070666     Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
20/10/2012 12:08:59 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.139.108.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.8904.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
20/10/2012 11:53:33 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.139.108.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: Default URL     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.8904.0     Error code: 0x8007043c     Error description: This service cannot be started in Safe Mode
20/10/2012 10:53:49 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 10:53:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
20/10/2012 10:53:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20/10/2012 10:53:36 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache HssDRV6 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
20/10/2012 10:53:36 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
16/10/2012 8:22:03 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.2.5 with the system having network hardware address 00-1B-EA-D1-41-59. Network operations on this system may be disrupted as a result.
15/10/2012 9:53:40 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
15/10/2012 8:25:36 AM, Error: volsnap [67]  - The shadow copy of volume C: being created failed to install.
15/10/2012 1:30:09 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:30:00 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:53 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:46 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:38 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:31 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:23 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:16 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:29:09 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DZ&threatid=2147664384     Name: TrojanDownloader:ASX/Wimad.DZ     ID: 2147664384     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3;file:_C:\Users\B\FrostWire\Torrent Data\Rihanna - Diamonds\Rihanna - Diamonds.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:17:28 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DQ&threatid=2147655835     Name: TrojanDownloader:ASX/Wimad.DQ     ID: 2147655835     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\The Billboard Hot 40 (June 2012)\23. Calvin Harris - Feel So Close.mp3;file:_C:\Users\B\FrostWire\Torrent Data\The Billboard Hot 40 (June 2012)\23. Calvin Harris - Feel So Close.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
15/10/2012 1:17:19 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.DQ&threatid=2147655835     Name: TrojanDownloader:ASX/Wimad.DQ     ID: 2147655835     Severity: Severe     Category: Trojan Downloader     Path: containerfile:_C:\Users\B\FrostWire\Torrent Data\The Billboard Hot 40 (June 2012)\23. Calvin Harris - Feel So Close.mp3;file:_C:\Users\B\FrostWire\Torrent Data\The Billboard Hot 40 (June 2012)\23. Calvin Harris - Feel So Close.mp3->(ASF_Script_Commands)     Detection Origin: Local machine     Detection Type: Concrete     Detection Source: Real-Time Protection     User: NT AUTHORITY\SYSTEM     Process Name: C:\Program Files (x86)\FrostWire 5\FrostWire.exe     Action: Quarantine     Action Status:  No additional actions required     Error Code: 0x80070020     Error description: The process cannot access the file because it is being used by another process.      Signature Version: AV: 1.137.1833.0, AS: 1.137.1833.0, NIS: 15.12.0.0     Engine Version: AM: 1.1.8800.0, NIS: 2.1.8600.0
.
==== End Of File ===========================

[Hoov]

Try using a different browser.

[AshleyPaterson]

Thanks, Mozilla allowed me to install - now I am just waiting for the scan to be completed - I will copy log in here once done

[AshleyPaterson]

The scan was completed here is the log - I am going to restart the computer now

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.21.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
B :: B-PC [administrator]

Protection: Disabled

20/10/2012 9:29:02 PM
mbam-log-2012-10-20 (21-29-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371349
Time elapsed: 38 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Agent) -> Data: C:\Users\B\fqpypxnjpxgcmhqz.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\B\fqpypxnjpxgcmhqz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\B\dfpxvxmilgtruppb.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\B\Downloads\Install-Gin-Free.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\B\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

[AshleyPaterson]

I restarted my computer and it opened up! I didn't receive any stupid errors telling me to pay the government Let me know if this is all done with now or if there is still more I need to do

Thanks for all your help so far!!

[Hoov]

That is the majority of it, but it is getting late here. Go ahead and run it over night, reboot a few times, and we will pick this up in the early afternoon. I have family that is visiting that has to get on the road in the morning so I will be a tad busy.

If you notice any problems, let me know right away.

One last thing I would like you do tonight is reboot the computer and note the time. Then follow the instructions below to get me a copy of the event viewer logs. I am going to send you a Private message with a link that you can upload the logs to me. In the note where it asks for the link to the thread, put in the link and the time.


I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

[AshleyPaterson]

ok I followed the intructions and put them in the link you sent me in the PM - let me know if you need anymore information

[Hoov]

How is the computer running?

The files did not upload. Did you click the upload button?