« previous next »
Pages: [1]   Go Down

Author Topic: Fake Security Protection Virus  (Read 779 times)

0 Members and 1 Guest are viewing this topic.

Offline Sebstian

  • Newbie
  • *
  • Posts: 5
Fake Security Protection Virus
« on: June 13, 2011, 01:24:16 AM »
A Fake Security Protection program started and I was no longer able to open any programs on my computer. Anytime I attempted to open a program the icon on the bottom left of my screen said it was infected with the W32/Blaster.worm. I could not open Task Manager or anything. Right upon start up I received a Dialog Box stating "Error loading \3\DLCXtime.dll. Then the security program started up running a scan saying a bunch of files were infected. Thank you so much for looking into this. This website seems to be very informative and I am very happy I found you guys! Here are the requested logs per your instructions.

What I have done: Ran a full scan on Spybot. It only found two tracking cookies which I can't recall what they were. The last think I remember doing was updated firefox since I have not used that in sometime.

I am running Windows Vista.
-------------------------------------------------------------------------------
 Results of screen317's Security Check version 0.99.13  
 Windows Vista Service Pack 2 (UAC is disabled!)
 Internet Explorer 8  
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 Norton AntiVirus    
 Norton Internet Security (Symantec Corporation)  
 Norton Internet Security    
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java(TM) SE Runtime Environment 6
 Out of date Java installed!
Flash Player Out of Date!
 Adobe Flash Player    10.0.12.36  
Adobe Reader 8.1.5
Out of date Adobe Reader installed!
 Mozilla Firefox (3.0.6) Firefox Out of Date!  
````````````````````````````````
Process Check:  
objlist.exe by Laurent
``````````End of Log````````````
------------------------------------------------------------------------------
.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19048
Run by The Garcia at 17:53:32 on 2011-06-12
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.2022.1429 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Security Protection] c:\programdata\defender.exe
mRun: [OEM07Mon.exe] c:\windows\OEM07Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DLCXCATS] rundll32 \3\DLCXtime.dll,_RunDLLEntry@16
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} - hxxp://www.solidworks.com/sw/support/subscription/sldimdownload.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{55C8EE4C-9F69-46E6-AC82-97253DBE1994} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5C7A113B-D8AF-4078-A364-9B9B0472C2CE} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\the garcia\appdata\roaming\mozilla\firefox\profiles\p86y9o1v.default\
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\users\the garcia\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\the garcia\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {2C21CF44-DA74-4A66-B649-C18943E25356} - c:\users\the garcia\appdata\local\{2C21CF44-DA74-4A66-B649-C18943E25356}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\drivers\DLACPI.sys [2008-10-16 14656]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-10-16 5632]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20091110.002\IDSvix86.sys [2009-11-12 272432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-3 21504]
S2 gupdate1c9a44f9c7c1900;Google Update Service (gupdate1c9a44f9c7c1900);c:\program files\google\update\GoogleUpdate.exe [2009-3-13 133104]
S2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
S2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-3-19 83240]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\system32\drivers\A885VCap.sys [2008-10-16 733824]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-13 133104]
S3 OEM07Vfx;Creative Camera OEM007 Video VFX Driver;c:\windows\system32\drivers\OEM07Vfx.sys [2008-10-16 7424]
S3 OEM07Vid;Creative Camera OEM007 Driver;c:\windows\system32\drivers\OEM07Vid.sys [2008-10-16 235552]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-12-4 1251720]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
SUnknown CDAVFS;CDAVFS;

.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-06-12 04:10:13   0   ---ha-w-   c:\users\the garcia\appdata\local\BITF99.tmp
2011-06-12 04:05:02   869376   ----a-w-   c:\programdata\defender.exe
2011-06-12 04:04:38   952832   ----a-w-   c:\program files\mozilla firefox\0.6944212985124077.exe
2011-06-10 08:18:25   6962000   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{f16356df-78d9-4fdb-9a37-53075f84a509}\mpengine.dll
2011-05-26 09:39:01   --------   d-----w-   c:\users\the garcia\appdata\roaming\Dell
.
==================== Find3M  ====================
.
2011-04-06 23:20:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 23:20:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2009-11-04 02:34:41   1005578   ----a-w-   c:\program files\F5D7234-4_WW_3.00.03.bin
.
============= FINISH: 17:55:07.26 ===============
-------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/16/2008 1:29:20 AM
System Uptime: 6/12/2011 5:31:56 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0F756F
Processor: Intel(R) Core(TM)2 Duo CPU     E4500  @ 2.20GHz | CPU 1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 69.04 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.522 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: eHome Infrared Receiver (USBCIR)
Device ID: USB\VID_0471&PID_060F\@CLC
Manufacturer: Microsoft
Name: eHome Infrared Receiver (USBCIR)
PNP Device ID: USB\VID_0471&PID_060F\@CLC
Service: usbcir
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Elements Studio Launcher
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.5
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoCAD LT 2009 - English
Autodesk Architectural Desktop 2006
Autodesk DWF Viewer
AV
AVerMedia MiniCard Hybrid TV
Banctec Service Agreement
bodybugg® Software
Bonjour
Browser Address Error Redirector
ccCommon
CDDRV_Installer
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Dell DataSafe Online
Dell Home Systems Service Agreement
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center
Dell System Customization Wizard
Dell Webcam Center
Dell Webcam Manager
DellSupport
Dropbox
DWGeditor
EDocs
Facebook Plug-In
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Handbrake 0.9.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.00.01.0720)  
Intel(R) PRO Network Connections 12.1.12.0
Intel(R) Viiv(TM) Software
Invoices
iTunes
Java(TM) SE Runtime Environment 6
KB408682
KhalInstallWrapper
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Applications - ENU
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.6)
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OGA Notifier 2.0.0048.0
Product Documentation Launcher
QualXServ Service Agreement
QuickTime
Realtek High Definition Audio Driver
RON Tool Offersfortoday
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD DE
Roxio Update Manager
Safari
Search Assistant Searchersmart
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
SimCity 4
Skype™ 5.0
SolidWorks 2009 SP03
SolidWorks eDrawings 2009
Sonic CinePlayer Decoder Pack
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
Tour your new XPS One
TWC Customer Controls
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
WIDCOMM Bluetooth Software 6.0.1.5900
Windows Live ID Sign-in Assistant
Windows Sound Schemes
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
6/8/2011 11:18:59 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
6/12/2011 5:52:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/12/2011 5:33:56 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  eeCtrl SPBBCDrv spldr SRTSP SRTSPX SYMTDI Wanarpv6
6/12/2011 5:33:56 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
6/12/2011 5:33:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/12/2011 5:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/12/2011 5:33:05 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
6/12/2011 5:33:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/12/2011 5:32:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2011 5:32:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/12/2011 1:29:33 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv.dll
6/12/2011 1:29:32 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
6/12/2011 1:29:01 AM, Error: Service Control Manager [7000]  - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:  The system cannot find the file specified.
6/12/2011 1:27:16 AM, Error: SRTSP [5]  - Error loading Symantec real time Anti-Virus driver.
6/12/2011 1:27:16 AM, Error: SRTSP [4]  - Error loading virus definitions.
6/11/2011 9:46:13 PM, Error: Service Control Manager [7031]  - The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2011 9:46:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
6/11/2011 9:46:13 PM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 3 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The Roxio Hard Drive Watcher 9 service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The Intel(R) Application Tracker service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The Intel(R) Alert Service service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The DQLWinService service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7034]  - The dlcx_device service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP
6/11/2011 9:45:54 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Software Services Manager service to connect.
6/11/2011 9:45:54 PM, Error: Service Control Manager [7000]  - The Intel(R) Software Services Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/11/2011 9:13:39 PM, Error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
6/11/2011 9:12:16 PM, Error: Service Control Manager [7024]  - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
6/11/2011 9:12:14 PM, Error: Service Control Manager [7031]  - The Google Software Updater service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.
6/11/2011 9:12:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1c9a44f9c7c1900) service to connect.
6/11/2011 9:12:14 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate1c9a44f9c7c1900) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/11/2011 9:12:11 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/11/2011 9:12:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 27 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:59 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 26 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:53 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 25 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:48 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 24 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:47 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2011 9:11:42 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 23 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:37 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 22 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:31 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 21 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:25 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 20 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:21 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 19 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:20 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 18 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:16 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2011 9:11:16 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Service service to connect.
6/11/2011 9:11:16 PM, Error: Service Control Manager [7000]  - The Bluetooth Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/11/2011 9:11:15 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 17 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:15 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 16 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:10 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Intel(R) Software Services Manager service, but this action failed with the following error:  An instance of the service is already running.
6/11/2011 9:11:10 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 15 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:09 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 9 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 8 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 6 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 5 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 12 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 11 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:11:04 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 10 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:07:54 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 32 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:07:49 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 31 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:07:44 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 30 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:07:39 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 29 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:07:34 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 28 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:06:17 PM, Error: Service Control Manager [7031]  - The Intel(R) Software Services Manager service terminated unexpectedly.  It has done this 13 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2011 9:05:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
6/11/2011 9:05:22 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/11/2011 9:05:13 PM, Error: Service Control Manager [7034]  - The Autodesk Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 9:05:09 PM, Error: Service Control Manager [7034]  - The Adobe Active File Monitor V6 service terminated unexpectedly.  It has done this 1 time(s).
6/11/2011 4:14:59 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/11/2011 11:57:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
6/11/2011 11:15:21 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx Wanarpv6
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:44:27 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/11/2011 10:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/11/2011 10:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================

Please Help!








Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Fake Security Protection Virus
« Reply #1 on: June 13, 2011, 01:52:46 AM »
Hi, Sebstian.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.  

If you have questions regarding any of the instructions or problems running any tools, please let us know.

This rogue is often bundled with the TDSS rootkit infection.  If you are unable to download TDSSKiller in normal mode, please try safe mode with networking:

To restart your computer in Safe Mode with Networking, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.  

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see:  How to change the file extension.
  • Click the Start Scan button.  Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Note:  If you are unable to run MBAM, download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four
  • Double-click rkill to run.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.
Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Sebstian

  • Newbie
  • *
  • Posts: 5
Re: Fake Security Protection Virus
« Reply #2 on: June 13, 2011, 02:27:14 AM »
I am able to log on normally and so far it seems to be back to normal. Here is the MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6845

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19048

6/12/2011 7:20:33 PM
mbam-log-2011-06-12 (19-20-33).txt

Scan type: Quick scan
Objects scanned: 191318
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4758CBF-B916-ECFB-EC7C-2C0428BC62D6} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.79.0 (Adware.Zango) -> Value: Zango 10.3.79.0 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\0.6944212985124077.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_zangosa.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\the garcia\AppData\Local\Temp\8145.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\the garcia\AppData\Local\Temp\8BEF.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\the garcia\AppData\Local\Temp\jar_cache25663.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\the garcia\AppData\Local\Temp\jar_cache25665.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\ljbhupyrssbncgygj.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Fake Security Protection Virus
« Reply #3 on: June 13, 2011, 03:11:05 PM »
Hi, Sebstian.

Did you run TDSSKiller?

Note that the trojan on your computer is a backdoor, password stealer.  I strongly advise you to change passwords, particularly for online banking and similar sites.

Why do you have UAC disabled?   

SecurityCheck indicated that the Windows Security Center service may not be running.  Are you able to get security updates via Windows Update?

You have outdated, vulnerable versions of Java and Adobe products on your computer. 

Please go to add/remove programs and uninstall Java(TM) SE Runtime Environment 6.  Please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment 6u26.

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Adobe Flash Player needs to be updated for both IE and alternate browsers.

Direct download for IE:  http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Direct Download for non-IE (Opera, Firefox etc): http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

After install, verify Flash Player version for each browser installed at About Flash Player page.

Update Adobe Reader to the current version, http://get.adobe.com/reader/

You indicated in your initial post that you had updated Firefox.   However, the version shown in your log is Mozilla Firefox 3.0.6 which is severely out of date.  If you no longer use Firefox, I suggest you uninstall it.  Otherwise, update to the current version.

Please let me know if you have any questions.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Sebstian

  • Newbie
  • *
  • Posts: 5
Re: Fake Security Protection Virus
« Reply #4 on: June 15, 2011, 02:12:48 AM »
I did run TDSSKiller and it came up empty.
I am in the process of changing all of my passwords now.
I am not sure why or how UAC was dissable. I have enabled now.
I checked the Windows Security Center in my control panel and it was on and I was receiving security updates. I went ahead an updated them what it was suggesting to update.
I updated everything you suggested in the previous post. My computer is running 1000% better. Is there anything else I can do?

Also, what do you feel about spybot? Is there another spyware program I should be running?

Thank you so much for all the help you provided. I was really nervous I screwed up my computer pretty bad!
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Fake Security Protection Virus
« Reply #5 on: June 15, 2011, 02:50:10 PM »
Hi, Sebstian.

Thank you for answering my questions.  I suspect that the malware disabled UAC and am glad all is well now.  Although I don't personally use Spybot, it is a good program. 

My additional recommendations --

To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications

Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please let me know if you have any questions.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Sebstian

  • Newbie
  • *
  • Posts: 5
Re: Fake Security Protection Virus
« Reply #6 on: June 18, 2011, 05:09:21 AM »
Corrine,

I will download those program you suggested. Thank you! So far so good. However, I got on my machine tonight and opened the task manager and my CPU usage is hovering at 50% which seems high to me. I will run scans with the programs you suggested and see what happened.

Now you previously mentioned there should only by only one security software. Should I have SpywareBlaster and WinPatrol on my system. And should I run the Anti-Malware program you had me download on a consistent basis. I was not being proactive in preventing these attacks and I would like to be now.

Thanks you for helping and putting up with my questions.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Fake Security Protection Virus
« Reply #7 on: June 18, 2011, 06:44:11 PM »
Good questions, Sebstian.  The one security program I was referring to is only one antivirus software, one software firewall and and one "real-time" protection program. Having two of any of the above can result in not only high system usage but, more importantly, system conflicts.

It wouldn't hurt to update and scan with MBAM at least weekly.

Spyware Blaster and WinPatrol perform different functions.  Spyware Blaster needs to be updated periodically.  I would advise checking for updates at least every few weeks.  The program will help do the following:

--    Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
--    Block spying / tracking via cookies.
--    Restrict the actions of potentially unwanted or dangerous web sites.

WinPatrol, on the other hand, will provide an alert if a program attempts to add itself to start-up.  In addition to using WinPatrol for removing programs from start-up, you can also add programs to "delayed start" so your computer will be usable faster after starting.  It has many other features as well, included int he link provided above.

Should you have additional questions about WinPatrol, we just launched the WinPatrol Help & Information forum here at LandzDown.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Sebstian

  • Newbie
  • *
  • Posts: 5
Re: Fake Security Protection Virus
« Reply #8 on: June 19, 2011, 02:27:48 AM »
Last questions!  :D

So the Spyware Blaster would be considered my real time protection service, right? I would this instead of Spybot?

Regarding Firewalls. I have the firewall enables on Microsoft Security. I also have a firewall on my wireless router. Is there one I should choose over the other or are all firewalls the same? As long as you have one enabled.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Fake Security Protection Virus
« Reply #9 on: June 19, 2011, 01:28:06 PM »
Hi, Sebstian.  Spyware Blaster would be considered a supplement to Spybot. 

Real-time protection would be if you used Windows Defender with the Norton Security Suite's real-time protection.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »