Jump to content


Photo

help removing wow.dll malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 MalwareBeatDown

MalwareBeatDown

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 06 May 2013 - 08:48 PM

I have Windows 7 Home Edition on a Toshiba Satellite C655 laptop. This computer is about two years old.

 

I have run AdAware 10.5.2.4379 with the latest definitions. I ran the full scan

 

A trojan or malware was found and deleted. 

 

Now when I start my computer I get the error message below:

"There was a problem starting c:\Users\patm\appdata\Local\Temp\semvebn\spcpsuu\wow.dll"

 

I tried using MSCONFIG to remove all startup programs but this had no effect.

 

I have the program dds.com and attached the two files attach.txt and dds.txt.   I have also copy/pasted the text from those files into this email as instructed.

 

I have done searches in my registry and the hard drive for wow.dll and found nothing. I tried to copy the path  c:\Users\patm\appdata\Local\Temp\semvebn\spcpsuu\wow.dll into the Windows Explorer and it says path not accessible.  I did research this on the internet and other sites say this is caused by a partial cleanup of a virus but no one had a solution.

 

Can you please recommend a solution. I am stumped.

 

 

 

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2010 12:51:02 AM
System Uptime: 5/6/2013 12:41:12 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Celeron® CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 118.793 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 75 GiB total, 54.052 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP378: 4/27/2013 7:41:09 PM - Windows Update
RP379: 4/28/2013 3:59:24 PM - Removed Ad-Aware Antivirus.
RP380: 4/30/2013 3:00:22 AM - Windows Update
RP381: 5/3/2013 8:53:40 AM - Windows Update
RP382: 5/5/2013 11:39:20 PM - Removed Ad-Aware Antivirus.
.
==== Installed Programs ======================
.
AccuLock
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3
Amazon Kindle
Android platform 4.0.3
Android SDK Tools
Any Video Converter 3.2.1
apache-ant-1.8.2
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Best Buy pc app
BitTorrent
Boost Libraries for C++Builder 2009
Boost Libraries for C++Builder XE3
Borland C++Builder 6
calibre
CodeGear Delphi and C++Builder 2009 Database Pack
CodeGear Delphi and C++Builder 2009 Help System
CodeGear RAD Studio 2009
CodeSite Express 5.1.2
CollabNet Subversion Client 1.7.5
Conexant HD Audio
D3DX10
Easy Thumbnails (Remove only)
Embarcadero Delphi and C++Builder XE3 Help System
Embarcadero InterBase XE3 [instance = gds_db]
Embarcadero RAD Studio XE3
ESCV_v2
eSignal
eSignal 10.6
Everything 1.2.1.371
FastReport 4 Embarcadero edition
Feedback Tool
Font Creator Program 4.5
Foxit Reader
FoxTab FLV Player
FTP Commander
Google Update Helper
Help & Manual 3.60
Help & Manual 6
Help & Manual 6 Premium Pack V2.10
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
HTML Help Workshop
HTML5 Builder
HTML5 Builder Android Project Tools
ImgBurn
Inno Setup version 5.4.0
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IntelliProtector client v2.22
IntelliProtector v2.21
InterBase 6.5
IP*Works! V9 C++ Builder Edition
IQFeed Client 5.0.0.9
IQFeed Developer 5.0.0.9
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 35
Java™ SE Development Kit 6 Update 26
Junior Icon Editor
Junk Mail filter update
jZip
Kindle Previewer
Label@Once 1.0
LAME v3.98.2 for Audacity
MarketWarrior4
MarketWarrior4 version 4.8.450
MetaStock 7.2
MetaStock Developer's Kit 8.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Document Explorer 2008
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NOOK for PC
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.4.1
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
QuickBooks
QuickBooks Pro 2010
Rapport
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.3
SmartBear AQtime 7 Standard for Embarcadero RAD Studio
SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE, XE2 and XE3
Synaptics Pointing Device Driver
TMS Component Pack for Delphi / C++ Builder v6.7.0.0
TMS Component Pack Help Files for C++Builder 2009 for VCL
TMS Component Pack Help Files for C++Builder 6 for VCL
TMS Component Pack Samples
TMS Grid for FireMonkey for RAD Studio XE3 v1.5.0.0
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UpdateBuilder 1.0.0.0
WebM Media Foundation Components
WinDjView 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMerge 2.12.4
.
==== Event Viewer Messages From Past Week ========
.
5/6/2013 12:44:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
5/6/2013 12:42:18 PM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The system cannot find the file specified.
5/6/2013 12:38:02 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
5/6/2013 12:38:02 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:34:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/6/2013 12:33:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
5/6/2013 12:30:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
5/6/2013 12:28:02 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
5/6/2013 12:23:04 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
5/6/2013 12:16:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
5/6/2013 12:15:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
5/6/2013 12:14:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
5/6/2013 12:14:31 PM, Error: Service Control Manager [7001]  - The Application Information service depends on the User Profile Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:14:31 PM, Error: Service Control Manager [7000]  - The User Profile Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:14:19 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
5/6/2013 12:13:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
5/6/2013 12:13:01 PM, Error: Service Control Manager [7000]  - The System Event Notification Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:11:31 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:11:01 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
5/6/2013 12:11:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
5/6/2013 12:11:01 PM, Error: Service Control Manager [7000]  - The Extensible Authentication Protocol service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:10:31 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
5/6/2013 12:10:31 PM, Error: Service Control Manager [7000]  - The Group Policy Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 12:08:34 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:07:34 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
5/6/2013 12:05:57 AM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/6/2013 12:05:57 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2013 11:58:08 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/6/2013 11:53:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/6/2013 11:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/6/2013 11:53:55 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/6/2013 11:53:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2013 11:53:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/6/2013 11:53:28 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched RapportKE64 rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
5/6/2013 11:53:28 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/6/2013 11:53:28 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:28 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:28 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:28 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:27 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/6/2013 11:53:27 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/6/2013 11:53:27 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
5/6/2013 11:53:27 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/6/2013 11:53:27 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/6/2013 11:44:32 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
5/6/2013 11:07:20 AM, Error: Service Control Manager [7000]  - The Windows Update service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/6/2013 1:06:50 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/5/2013 9:59:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
5/5/2013 8:49:08 PM, Error: Service Control Manager [7022]  - The Ad-Aware service hung on starting.
5/5/2013 8:42:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800177db50, 0xfffff80000b9c4d0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 050513-21278-01.
5/5/2013 8:31:40 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.149.1239.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9402.0   Error code: 0x80080005   Error description: Server execution failed
5/5/2013 8:04:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.149.1239.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9402.0   Error code: 0x80080005   Error description: Server execution failed
5/5/2013 7:14:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
5/5/2013 7:14:52 PM, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/5/2013 7:10:14 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.149.1239.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9402.0   Error code: 0x80080005   Error description: Server execution failed
5/5/2013 6:15:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.149.1239.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9402.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
5/5/2013 6:15:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/5/2013 5:35:28 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.149.1239.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9402.0   Error code: 0x80080005   Error description: Server execution failed
5/5/2013 11:59:22 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
5/5/2013 11:57:21 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
5/5/2013 11:57:21 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The pipe has been ended.
5/5/2013 11:52:53 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
5/5/2013 11:52:53 PM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/5/2013 11:29:29 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:  An instance of the service is already running.
5/5/2013 11:29:29 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
5/5/2013 11:26:24 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/5/2013 11:20:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
5/5/2013 11:18:51 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
5/5/2013 11:18:51 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/5/2013 11:15:57 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
5/5/2013 11:15:57 PM, Error: Service Control Manager [7000]  - The Network Location Awareness service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/5/2013 11:01:55 PM, Error: Service Control Manager [7000]  - The Windows Update service failed to start due to the following error:  The pipe has been ended.
5/3/2013 8:47:15 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
5/1/2013 3:10:02 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{05CEEF50-C087-4185-B455-A06E4B853EB4} because another computer on the network has the same name.  The server could not start.
.
==== End Of File ===========================
 

 

 

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 1.6.0_35
Run by patm at 13:01:14 on 2013-05-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1916.879 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=1A78610EF5511FD7CFA0AC518738760D
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\144545736383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\2375942554730343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\3416E63656273416573796E676E4564777F627B6 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{05CEEF50-C087-4185-B455-A06E4B853EB4}\6596275737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mikulaforecasting.com/
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=1A78610EF5511FD7CFA0AC518738760D
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-19 09:00; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-04-19 09:02; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\patm\AppData\Roaming\Mozilla\Firefox\Profiles\w1hrhpy3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-4-19 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2011-3-23 236248]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-3-25 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 BlackfishSQL;BlackfishSQL;C:\Program Files (x86)\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [2009-1-14 65536]
R2 IBG_gds_db;InterBase XE3 Guardian gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-8-5 9216]
R3 IBS_gds_db;InterBase XE3 Server gds_db;C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i "C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3" -p gds_db --> C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe -i C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3 [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-5 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-5 232992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-06 17:52:07 -------- d-----w- C:\Users\patm\AppData\Local\{47B8579E-4AE1-4957-9D86-F29C96481A12}
2013-05-06 05:01:23 -------- d-----w- C:\ProgramData\Search Protection
2013-05-06 05:01:20 -------- d-----w- C:\ProgramData\blekko toolbars
2013-05-06 05:01:20 -------- d-----w- C:\ProgramData\adawaretb
2013-05-06 05:01:19 -------- d-----w- C:\Users\patm\AppData\Local\adawarebp
2013-05-06 04:59:35 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-05-06 04:56:13 47496 ----a-w- C:\windows\System32\sbbd.exe
2013-05-06 04:33:50 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{043DAF7C-BDCE-4751-B5BC-AC5CFC54CB56}\mpengine.dll
2013-05-06 00:55:43 -------- d-----w- C:\adawarebp
2013-05-05 12:08:24 -------- d-----w- C:\Users\patm\AppData\Local\{2CAF1902-D56B-4853-8A97-FA037E0E06C2}
2013-05-04 14:56:04 -------- d-----w- C:\Users\patm\AppData\Local\{5DE894B6-31A9-4529-BCC4-AC185F496DA7}
2013-05-04 14:36:58 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-04 01:58:44 -------- d-----w- C:\Users\patm\AppData\Local\{E4F3D15E-EA5B-40A9-972C-6F9A5BE7F726}
2013-05-03 13:44:47 -------- d-----w- C:\Users\patm\AppData\Local\{F8402D52-FAA7-4F41-ADF6-0B1F302EB27C}
2013-05-03 01:21:29 -------- d-----w- C:\Users\patm\AppData\Local\{C9F9242B-B1F4-4F10-9ED6-642714FBB0C8}
2013-05-02 13:21:13 -------- d-----w- C:\Users\patm\AppData\Local\{F5B79557-75CB-4B57-B396-A37784B0612F}
2013-05-02 01:15:02 -------- d-----w- C:\Users\patm\AppData\Local\{854F3DD2-81F1-48AD-B72B-45EB7D6DCB99}
2013-05-01 13:14:38 -------- d-----w- C:\Users\patm\AppData\Local\{98FFDAA6-C877-48FB-9246-0A9144D15A3A}
2013-05-01 01:14:02 -------- d-----w- C:\Users\patm\AppData\Local\{90AAE165-E696-4720-951A-F046B1945402}
2013-04-30 13:13:37 -------- d-----w- C:\Users\patm\AppData\Local\{DD0B9DAB-ED75-425A-B17C-EBBB0B5EEC80}
2013-04-29 22:20:58 -------- d-----w- C:\Users\patm\AppData\Local\{57A659B0-9AA5-4488-8477-9B0DF51B89B3}
2013-04-29 10:19:36 -------- d-----w- C:\Users\patm\AppData\Local\{094FBCB2-1052-4EF5-BF46-63FA46B3B4F7}
2013-04-28 22:13:16 -------- d-----w- C:\Users\patm\AppData\Local\{E1C94D09-197D-4707-8AD3-FD274B1A8F33}
2013-04-28 15:53:18 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-04-28 09:56:16 -------- d-----w- C:\Users\patm\AppData\Local\{FAF8489C-189F-4C63-85BF-B0577284F550}
2013-04-27 21:27:47 -------- d-----w- C:\Users\patm\AppData\Local\{E48F865E-E5FB-4AF6-B99C-B8A9CF0DB67B}
2013-04-27 09:26:23 -------- d-----w- C:\Users\patm\AppData\Local\{0C98CCE5-10F9-4203-9734-3A30DC05DCF3}
2013-04-26 15:11:18 -------- d-----w- C:\Users\patm\AppData\Local\{D60A3F9C-32A7-44E9-951A-3CE512DB9740}
2013-04-25 19:45:17 -------- d-----w- C:\Users\patm\AppData\Local\{C1AD3880-FA87-4489-B515-BD07A0891BF3}
2013-04-25 09:16:43 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE7657CE-6970-437A-B9E1-80A3338558F5}\gapaengine.dll
2013-04-25 00:39:39 -------- d-----w- C:\Users\patm\AppData\Local\{C6132AE9-C887-4CCA-813C-5D6684552DFB}
2013-04-24 12:39:14 -------- d-----w- C:\Users\patm\AppData\Local\{63C6BF27-71A3-4B91-80F8-0ECDFD24F2BC}
2013-04-24 09:31:48 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-04-24 03:21:07 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-23 21:04:00 -------- d-----w- C:\Users\patm\AppData\Local\{99C01D3C-15E5-4A9B-8D46-A2EF74BC32E1}
2013-04-23 09:03:21 -------- d-----w- C:\Users\patm\AppData\Local\{23D55E24-A5EE-44C4-86CD-AD18BAD5306C}
2013-04-22 21:02:44 -------- d-----w- C:\Users\patm\AppData\Local\{4772E684-F3D8-41FA-BDD4-FE39DFD10218}
2013-04-22 08:33:34 -------- d-----w- C:\Users\patm\AppData\Local\{7BAA6881-2EA2-4858-8C6E-6E288352C7F0}
2013-04-21 19:06:02 -------- d-----w- C:\Users\patm\AppData\Local\{5A93DF23-09C4-480A-BFFF-2ACDC931736A}
2013-04-21 01:28:09 -------- d-----w- C:\Users\patm\AppData\Local\{BB5C78C9-78D2-4EB3-BF31-EFD4D589A8EE}
2013-04-20 12:49:21 -------- d-----w- C:\Users\patm\AppData\Local\{50A06744-2B07-4846-9578-8FA32559AB02}
2013-04-19 14:23:32 -------- d-----w- C:\Users\patm\AppData\Local\{321088D1-74A2-4D36-8524-40D5C3746925}
2013-04-19 14:07:54 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-04-19 14:07:53 -------- d-----w- C:\Users\patm\AppData\Roaming\LavasoftStatistics
2013-04-19 14:03:08 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-04-19 14:02:48 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-04-19 14:02:32 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-04-19 13:59:19 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys
2013-04-19 13:59:14 -------- d-----w- C:\Users\patm\AppData\Roaming\Ad-Aware Antivirus
2013-04-19 06:48:23 -------- d-----w- C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-19 06:48:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-04-19 06:09:51 -------- d-----w- C:\windows\snack
2013-04-19 02:22:41 -------- d-----w- C:\Users\patm\AppData\Local\{19F7EC5B-7D93-48FA-AF58-EBC13DED7A5E}
2013-04-18 14:22:04 -------- d-----w- C:\Users\patm\AppData\Local\{03A7B4BC-86C2-4EB2-8CEF-F9727F60EAEC}
2013-04-18 02:21:33 -------- d-----w- C:\Users\patm\AppData\Local\{24D3B9A6-BB4E-41CC-98DA-76255EA19289}
2013-04-17 14:20:50 -------- d-----w- C:\Users\patm\AppData\Local\{A4E9ED65-AB4F-4A04-9CFB-C6A60A971070}
2013-04-17 02:20:28 -------- d-----w- C:\Users\patm\AppData\Local\{9F0FA1AA-385C-4C1F-A2AD-5D06992C43DC}
2013-04-16 12:55:51 -------- d-----w- C:\Users\patm\AppData\Local\{779071D1-3420-4993-8105-783B68573A58}
2013-04-16 00:55:29 -------- d-----w- C:\Users\patm\AppData\Local\{019C4A38-6FAC-4421-9E21-1CBCA0E87FD5}
2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-15 20:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-04-15 12:54:48 -------- d-----w- C:\Users\patm\AppData\Local\{BCFD8478-B87E-4511-B297-49ED011FC2CA}
2013-04-15 00:22:20 -------- d-----w- C:\Users\patm\AppData\Local\{6B5456BB-6A11-4306-9906-4D5C847FCE94}
2013-04-14 02:32:07 -------- d-----w- C:\Users\patm\AppData\Local\{18035F4F-E246-4371-8EAA-71E8FBC5330E}
2013-04-13 14:11:39 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-13 11:53:59 -------- d-----w- C:\Users\patm\AppData\Local\{77072336-8DAA-45C9-8E34-9ECF7704CE30}
2013-04-12 23:53:03 -------- d-----w- C:\Users\patm\AppData\Local\{A26E3FB7-61DB-43E2-ACB0-8A3132341E8B}
2013-04-12 10:45:10 -------- d-----w- C:\Users\patm\AppData\Local\{9CDE3608-2D97-4A18-9382-89578D9A8C73}
2013-04-11 22:44:34 -------- d-----w- C:\Users\patm\AppData\Local\{63D4CBCD-6CE6-4A74-A15C-44610E6B4E2B}
2013-04-11 08:09:43 -------- d-----w- C:\Users\patm\AppData\Local\{F75F2324-517A-4137-9116-55917D7AE3BD}
2013-04-10 20:09:14 -------- d-----w- C:\Users\patm\AppData\Local\{84557DFD-773B-448A-A11A-408CDF98B89F}
2013-04-10 07:14:25 -------- d-----w- C:\Users\patm\AppData\Local\{33228539-C93B-462D-81F7-18CC2A357277}
2013-04-09 19:13:50 -------- d-----w- C:\Users\patm\AppData\Local\{18B089C4-6CCD-4881-9F6D-D350C113DF3D}
2013-04-08 19:02:13 -------- d-----w- C:\Users\patm\AppData\Local\{2451E843-8283-43BC-9A81-A5D3C193A3D5}
2013-04-08 04:49:19 -------- d-----w- C:\Users\patm\AppData\Local\{52F1E461-6390-48DC-8DCB-CDB7CD99E9B1}
2013-04-07 13:29:15 -------- d-----w- C:\Users\patm\AppData\Local\{9319F3A2-F638-44E1-A531-60F0FA629047}
2013-04-07 13:06:05 -------- d-----w- C:\Program Files (x86)\MarketWarrior4
2013-04-07 12:47:26 22016 ----a-w- C:\windows\SysWow64\borlndmm.dll
2013-04-07 10:56:58 -------- d-----w- C:\Users\patm\AppData\Local\{9B46A8FE-B6C7-46D9-84CA-000C9C6AB62C}
2013-04-07 05:28:52 -------- d-----w- C:\Users\patm\AppData\Local\{25B87245-FDBD-4E75-827A-0B87D2ED322A}
.
==================== Find3M  ====================
.
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-28 00:33:33 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-28 00:33:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 18:16:10 236248 ----a-w- C:\windows\System32\drivers\RapportKE64.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-02-15 06:08:40 44032 ----a-w- C:\windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
.
============= FINISH: 13:06:45.11 ===============
 

 

Attached Files



#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 07 May 2013 - 08:27 AM

Hi

BitTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you. 

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 bhbingle

bhbingle

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 July 2013 - 08:47 PM

Hell Blade81,

 

I notice this thread wasn't picked back up by the originator.  I have done some research on this one as I, too, have this wow.dll issue and cannot clean it out.  I am not a novice at PC's but definitely this is way outta my comfort zone!

 

May I follow your instructions and post to this thread and maybe get some help cleaning out this stubborn infection?

 

Thanks,

 

Bart.



#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7292 posts

Posted 15 July 2013 - 11:57 PM

Hi Bart,

 

Please, to get help with cleaning your computer, start your own thread in this forum by following the instructions in the topic Read This Before You Post!.



#5 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7292 posts

Posted 07 October 2013 - 05:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users