Inactive [A] Another siref victim

Status
Not open for further replies.
G

gordon low

Posts: 17   +0
Help! I had installed avg for antivirus, and one day it began quaranting everything insight, to such a degree that when I next fired up the laptop, windows wouldnt stay up. anyways, I had to rely on safe mode to even use it for email and browsing. eventually, I found enough on the web to try to repair my windows startup, by downloading a copy of window 7.
so I've run malware.com's tool, eusing free registry cleaner, microsoft essentials and now it boots in normal mode.
my problem is itunes wont run, error 7(windows error 5), and windows update wont run.
so copying everybody, I've run the frst tool and here are my files.
 

Attachments

  • FRST.txt
    35.7 KB · Views: 1
  • Search.txt
    594 bytes · Views: 0
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Please observe forum rules.
All logs have to pasted not attached.
 
Hi bront,
sorry about that. I didnt know the rules. here are the 2 logs:

[LEFT]frst.tx_[/LEFT]
[LEFT]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-09-2012[/LEFT]
[LEFT]Ran by SYSTEM at 22-09-2012 07:12:41[/LEFT]
[LEFT]Running from G:\[/LEFT]
[LEFT]Windows 7 Enterprise (X86) OS Language: English(US)[/LEFT]
[LEFT]The current controlset is ControlSet003[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Registry (Whitelisted) ===================[/LEFT]
[LEFT] [/LEFT]
[LEFT]HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x][/LEFT]
[LEFT]HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x][/LEFT]
[LEFT]HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x][/LEFT]
[LEFT]HKLM\...\Run: [NeroCheck] EROCHECK.EXE [x][/LEFT]
[LEFT]HKLM\...\Run: [McAfeeUpdaterUI] KEY [x][/LEFT]
[LEFT]HKLM\...\Run: [ShStatEXE] E [x][/LEFT]
[LEFT]HKLM\...\Run: [AppleSyncNotifier] OTIFIER.EXE [x][/LEFT]
[LEFT]HKLM\...\Run: [GrooveMonitor] ITOR.EXE" [x][/LEFT]
[LEFT]HKLM\...\Run: [LogMeIn GUI] SYSTRAY.EXE" [x][/LEFT]
[LEFT]HKLM\...\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x][/LEFT]
[LEFT]HKLM\...\Run: [APSDaemon] .EXE" [x][/LEFT]
[LEFT]HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)[/LEFT]
[LEFT]HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x][/LEFT]
[LEFT]HKLM\...\Run: [CSESRE] DOWS\TEMP\CSESRE.DLL",LOADBITMAPRESIZE [x][/LEFT]
[LEFT]HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)[/LEFT]
[LEFT]HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)[/LEFT]
[LEFT]HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)[/LEFT]
[LEFT]HKU\ayee\...\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win [1591808 2006-03-23] (YourWare Solutions (TM))[/LEFT]
[LEFT]HKU\ayee\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)[/LEFT]
[LEFT]HKLM\...\Winlogon: [Userinit] userinit.exe, [26624 2010-11-20] (Microsoft Corporation)[/LEFT]
[LEFT]Tcpip\Parameters: [DhcpNameServer] 192.168.1.254[/LEFT]
[LEFT]Startup: C:\Users\ayee\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk[/LEFT]
[LEFT]ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Services (Whitelisted) ===================[/LEFT]
[LEFT] [/LEFT]
[LEFT]2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)[/LEFT]
[LEFT]2 Apache2.2; "C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice [24635 2008-01-17] (Apache Software Foundation)[/LEFT]
[LEFT]2018998032018998032 CTEDSPFX.DLL; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)[/LEFT]
[LEFT]2 DELTA; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)[/LEFT]
[LEFT]2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-09-11] (LogMeIn, Inc.)[/LEFT]
[LEFT]2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-09-14] (LogMeIn, Inc.)[/LEFT]
[LEFT]2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-11-08] (LogMeIn, Inc.)[/LEFT]
[LEFT]2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [19456 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2008-03-14] (McAfee, Inc.)[/LEFT]
[LEFT]2 McShield; "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" [143088 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [62800 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]2 mfevtp; C:\Windows\system32\mfevtps.exe [67904 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]2018998032018998032018998032018998032 relational; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)[/LEFT]
[LEFT]2018998032 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-23] (Syntek America Inc.)[/LEFT]
[LEFT]3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2010-11-22] (TuneUp Software GmbH)[/LEFT]
[LEFT]2 aeaudio; C:\Windows\System32\a016mdm.dll [x][/LEFT]
[LEFT]2 AirPrint; C:\Program Files\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [x][/LEFT]
[LEFT]2 astcc; C:\Windows\System32\iirsp.dll [x][/LEFT]
[LEFT]2 AsusACPI; C:\Windows\System32\eSettingsService.dll [x][/LEFT]
[LEFT]2 atkdisplf; C:\Windows\System32\cacheserver.dll [x][/LEFT]
[LEFT]2 ATNT40K; C:\Windows\System32\sym_hi.dll [x][/LEFT]
[LEFT]2 basfipm; C:\Windows\System32\kpfwsvc.dll [x][/LEFT]
[LEFT]2 bcserver; C:\Windows\System32\TOSHIBASoftModem.dll [x][/LEFT]
[LEFT]2 btserial; C:\Windows\System32\RecAgent.dll [x][/LEFT]
[LEFT]2 btwdndis; C:\Windows\System32\cwafeventrouter.dll [x][/LEFT]
[LEFT]2 caili; C:\Windows\System32\sysaudio.dll [x][/LEFT]
[LEFT]2 cqcpu; C:\Windows\System32\splitter.dll [x][/LEFT]
[LEFT]2 cqmgstor; C:\Windows\System32\RAPIProtocol.dll [x][/LEFT]
[LEFT]2 curtainssyssvc; C:\Windows\System32\pdlnemsg.dll [x][/LEFT]
[LEFT]2 dmisrv; C:\Windows\System32\i8042prt.dll [x][/LEFT]
[LEFT]2 DniVad; C:\Windows\System32\c-dillasrv.dll [x][/LEFT]
[LEFT]2 F700isw; C:\Windows\System32\AppnApi.dll [x][/LEFT]
[LEFT]2 fingrd32; C:\Windows\System32\elotouchscreen.dll [x][/LEFT]
[LEFT]2 FireHook; C:\Windows\System32\dktknsrv.dll [x][/LEFT]
[LEFT]2 GcKernel; C:\Windows\System32\ilicensesvc.dll [x][/LEFT]
[LEFT]2 genmcmn; C:\Windows\System32\FA312.dll [x][/LEFT]
[LEFT]2 gtndis5; C:\Windows\System32\tosrfcom.dll [x][/LEFT]
[LEFT]2 hdthermal; C:\Windows\System32\rslinx.dll [x][/LEFT]
[LEFT]2 hnmsvc; C:\Windows\System32\EL2000.dll [x][/LEFT]
[LEFT]2 id2scaps; C:\Windows\System32\vetmsgnt.dll [x][/LEFT]
[LEFT]2 iwebmsg; C:\Windows\System32\pdlnatdl.dll [x][/LEFT]
[LEFT]2 lwwlicenseservice; C:\Windows\System32\tme3srv.dll [x][/LEFT]
[LEFT]2 maxbackserviceint; C:\Windows\System32\dimension4.dll [x][/LEFT]
[LEFT]2 mcmispupdmgr; C:\Windows\System32\personalsecuredriveservice.dll [x][/LEFT]
[LEFT]2 mdvrmng; C:\Windows\System32\pxfhbus.dll [x][/LEFT]
[LEFT]2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x][/LEFT]
[LEFT]2 nalntservice; C:\Windows\System32\scramby.dll [x][/LEFT]
[LEFT]3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x][/LEFT]
[LEFT]2 nod32krn; C:\Windows\System32\eloggersvc6.dll [x][/LEFT]
[LEFT]2 NVNET; C:\Windows\System32\ptserial.dll [x][/LEFT]
[LEFT]2 NxSysMon; C:\Windows\System32\monfilt.dll [x][/LEFT]
[LEFT]2 OEM02Dev; C:\Windows\System32\dot4print.dll [x][/LEFT]
[LEFT]2 olregcap; C:\Windows\System32\sonypvu1.dll [x][/LEFT]
[LEFT]2 PAC7302; C:\Windows\System32\sprtsvc_ddoctorv2.dll [x][/LEFT]
[LEFT]2 PD0620VID; C:\Windows\System32\Epfwndis.dll [x][/LEFT]
[LEFT]2 qcdonner; C:\Windows\System32\SE2Emdm.dll [x][/LEFT]
[LEFT]2 roxwatch; C:\Windows\System32\LUsbFilt.dll [x][/LEFT]
[LEFT]2 s7otranx; C:\Windows\System32\rt2870.dll [x][/LEFT]
[LEFT]2 SaiH040B; C:\Windows\System32\IntelC53.dll [x][/LEFT]
[LEFT]2 se44unic; C:\Windows\System32\WmiAcpi.dll [x][/LEFT]
[LEFT]2 sfilter; C:\Windows\System32\jobserver_report.dll [x][/LEFT]
[LEFT]2 SiRemFil; C:\Windows\System32\MA_CMIDI.dll [x][/LEFT]
[LEFT]2 Sk9920nt; C:\Windows\System32\DCamUSBEMPIA.dll [x][/LEFT]
[LEFT]2 Slntamr; C:\Windows\System32\vproeventmonitor.dll [x][/LEFT]
[LEFT]2 Sntnlusb; C:\Windows\System32\msfs.dll [x][/LEFT]
[LEFT]2 spcsutilityservice; C:\Windows\System32\aawservice.dll [x][/LEFT]
[LEFT]2 SRTSPL; C:\Windows\System32\hSONYPVh.dll [x][/LEFT]
[LEFT]2 suservice; C:\Windows\System32\X10UIF.dll [x][/LEFT]
[LEFT]2 swmidi; C:\Windows\System32\ZSMC211.dll [x][/LEFT]
[LEFT]2 symtdi; C:\Windows\System32\lxrsge10s.dll [x][/LEFT]
[LEFT]2 tosrfbnp; C:\Windows\System32\askernel.dll [x][/LEFT]
[LEFT]2 transcode360; C:\Windows\System32\tosrfbnp.dll [x][/LEFT]
[LEFT]2 trioservice; C:\Windows\System32\toddsrv.dll [x][/LEFT]
[LEFT]2 USBCCID; C:\Windows\System32\Intels51.dll [x][/LEFT]
[LEFT]2 usbmate; C:\Windows\System32\pavagente.dll [x][/LEFT]
[LEFT]2 vetmsgnt; C:\Windows\System32\se59mdfl.dll [x][/LEFT]
[LEFT]2 Via4in1; C:\Windows\System32\tdcmdpst.dll [x][/LEFT]
[LEFT]2 zBackupAssistService; C:\Windows\System32\XTrapD12.dll [x][/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Drivers (Whitelisted) ====================[/LEFT]
[LEFT] [/LEFT]
[LEFT]2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)[/LEFT]
[LEFT]3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2010-09-17] (LogMeIn, Inc.)[/LEFT]
[LEFT]2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)[/LEFT]
[LEFT]3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [74648 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [90360 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [42424 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [340592 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [64432 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [62704 2008-09-29] (McAfee, Inc.)[/LEFT]
[LEFT]0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)[/LEFT]
[LEFT]2 mysql; C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql [9584 2012-04-08] ()[/LEFT]
[LEFT]3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-26] (Syntek America Inc.)[/LEFT]
[LEFT]3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-01] (Syntek America Inc.)[/LEFT]
[LEFT]4 LMIRfsClientNP; [x][/LEFT]
[LEFT]3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x][/LEFT]
[LEFT]3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x][/LEFT]
[LEFT]1 saeawbby; \??\C:\Windows\system32\drivers\saeawbby.sys [x][/LEFT]
[LEFT]3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x][/LEFT]
[LEFT]3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x][/LEFT]
[LEFT]3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x][/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== NetSvcs (Whitelisted) ===================[/LEFT]
[LEFT] [/LEFT]
[LEFT]NETSVC: SiRemFil -> C:\Windows\system32\MA_CMIDI.dll ==> No File.[/LEFT]
[LEFT]NETSVC: Slntamr -> C:\Windows\system32\vproeventmonitor.dll ==> No File.[/LEFT]
[LEFT]NETSVC: relational -> No Registry Path.[/LEFT]
[LEFT]NETSVC: tsmservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ASUSVRC -> No Registry Path.[/LEFT]
[LEFT]NETSVC: incdrec -> No Registry Path.[/LEFT]
[LEFT]NETSVC: XUIF -> No Registry Path.[/LEFT]
[LEFT]NETSVC: sbiesvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: emu10k -> No Registry Path.[/LEFT]
[LEFT]NETSVC: wintabservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: C-Dilla -> No Registry Path.[/LEFT]
[LEFT]NETSVC: slpmonx -> No Registry Path.[/LEFT]
[LEFT]NETSVC: netrcacm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pinnaclesys.mediaserver -> No Registry Path.[/LEFT]
[LEFT]NETSVC: utilman -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pageserver -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pnrouter -> No Registry Path.[/LEFT]
[LEFT]NETSVC: WISTechVIDCAP -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ipinip -> No Registry Path.[/LEFT]
[LEFT]NETSVC: DC21x4 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: USRpdA -> No Registry Path.[/LEFT]
[LEFT]NETSVC: milshieldcleaner -> No Registry Path.[/LEFT]
[LEFT]NETSVC: XBCD -> No Registry Path.[/LEFT]
[LEFT]NETSVC: dlaboiom -> No Registry Path.[/LEFT]
[LEFT]NETSVC: agnfilt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: lightscribeservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: zebrmdmc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: TMKEmu -> No Registry Path.[/LEFT]
[LEFT]NETSVC: nhcDriverDevice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: clr_optimization_v2.0.50215_32 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: alertservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: mssql$microsoftsmlbiz -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CAM1210 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: DMUSBUSBDCam -> No Registry Path.[/LEFT]
[LEFT]NETSVC: W700mdm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: tosrfec -> No Registry Path.[/LEFT]
[LEFT]NETSVC: A88xXBar -> No Registry Path.[/LEFT]
[LEFT]NETSVC: atimpab -> No Registry Path.[/LEFT]
[LEFT]NETSVC: PD0620VID -> C:\Windows\system32\Epfwndis.dll ==> No File.[/LEFT]
[LEFT]NETSVC: QV2KUX -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ms_mpu401 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: edspport -> No Registry Path.[/LEFT]
[LEFT]NETSVC: DCamUSBEMPIA -> No Registry Path.[/LEFT]
[LEFT]NETSVC: lxrsge10s -> No Registry Path.[/LEFT]
[LEFT]NETSVC: cpqdmi -> No Registry Path.[/LEFT]
[LEFT]NETSVC: adaptecstoragemanageragent -> No Registry Path.[/LEFT]
[LEFT]NETSVC: toscosrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: U81xmgmt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: winachsf -> No Registry Path.[/LEFT]
[LEFT]NETSVC: HSXHWBS2 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: IJPLMSVC -> No Registry Path.[/LEFT]
[LEFT]NETSVC: NICSer_WPC54G -> No Registry Path.[/LEFT]
[LEFT]NETSVC: bc_tdi_f -> No Registry Path.[/LEFT]
[LEFT]NETSVC: abp480n5 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: clnt_clientman -> No Registry Path.[/LEFT]
[LEFT]NETSVC: maxbackserviceint -> C:\Windows\system32\dimension4.dll ==> No File.[/LEFT]
[LEFT]NETSVC: sysaidagent -> No Registry Path.[/LEFT]
[LEFT]NETSVC: GameConsoleService -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ICAM5USB -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SE27mdm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: avinitnt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: fgdxbus -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CYGF32X -> No Registry Path.[/LEFT]
[LEFT]NETSVC: mssql$sony_mediamgr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: iaimtv2 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: aeaudio -> C:\Windows\system32\a016mdm.dll ==> No File.[/LEFT]
[LEFT]NETSVC: wfxsvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: Shockprf -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pxfhmdfl -> No Registry Path.[/LEFT]
[LEFT]NETSVC: Wuser32 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: sbcssvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SE2Cbus -> No Registry Path.[/LEFT]
[LEFT]NETSVC: viagfx -> No Registry Path.[/LEFT]
[LEFT]NETSVC: vcsw -> No Registry Path.[/LEFT]
[LEFT]NETSVC: mpservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: avc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ossrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pae_1394 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: idrivert -> No Registry Path.[/LEFT]
[LEFT]NETSVC: nmservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: trayman -> No Registry Path.[/LEFT]
[LEFT]NETSVC: itmrtsvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: hpqwmiex -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ipsecmon -> No Registry Path.[/LEFT]
[LEFT]NETSVC: w810mdm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pid_0928 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: roxupnpserver -> No Registry Path.[/LEFT]
[LEFT]NETSVC: se45mdfl -> No Registry Path.[/LEFT]
[LEFT]NETSVC: tpkd -> No Registry Path.[/LEFT]
[LEFT]NETSVC: sym_u3 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SE2Cmdfl -> No Registry Path.[/LEFT]
[LEFT]NETSVC: GoToAssist -> No Registry Path.[/LEFT]
[LEFT]NETSVC: PAR1284 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: mctskshd.exe -> No Registry Path.[/LEFT]
[LEFT]NETSVC: rt2500 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: point32 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: hotspotshieldservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: asp.net_1.1.4322 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: caboagp -> No Registry Path.[/LEFT]
[LEFT]NETSVC: GVCplDrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: NvNdis -> No Registry Path.[/LEFT]
[LEFT]NETSVC: firesvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: sqlagent$sony_mediamgr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: USB_NDIS_51 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: PNDIS5 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: hpqddsvc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: iwebcal -> No Registry Path.[/LEFT]
[LEFT]NETSVC: oracleorahometnslistener -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pdlnemap -> No Registry Path.[/LEFT]
[LEFT]NETSVC: genregistrar -> No Registry Path.[/LEFT]
[LEFT]NETSVC: fasttx2k -> No Registry Path.[/LEFT]
[LEFT]NETSVC: wanminiportservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: savrtpel -> No Registry Path.[/LEFT]
[LEFT]NETSVC: w810mdfl -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ctxcpusched -> No Registry Path.[/LEFT]
[LEFT]NETSVC: AEAudioService -> No Registry Path.[/LEFT]
[LEFT]NETSVC: driverhardwarev2 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: s217unic -> No Registry Path.[/LEFT]
[LEFT]NETSVC: Evian -> No Registry Path.[/LEFT]
[LEFT]NETSVC: BCMModem -> No Registry Path.[/LEFT]
[LEFT]NETSVC: WinDriver6 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: asc3550 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: w200mgmt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: PSDNServ -> No Registry Path.[/LEFT]
[LEFT]NETSVC: rksample -> No Registry Path.[/LEFT]
[LEFT]NETSVC: yukonwxp -> No Registry Path.[/LEFT]
[LEFT]NETSVC: minilog -> No Registry Path.[/LEFT]
[LEFT]NETSVC: belgium_id_card_service -> No Registry Path.[/LEFT]
[LEFT]NETSVC: dirms_defragmentation -> No Registry Path.[/LEFT]
[LEFT]NETSVC: zendcoreapache -> No Registry Path.[/LEFT]
[LEFT]NETSVC: wdelmgr20 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: rwbackupsrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: TNaviSrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ami0nt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: NWSNS -> No Registry Path.[/LEFT]
[LEFT]NETSVC: p1131vid -> No Registry Path.[/LEFT]
[LEFT]NETSVC: vcommmgr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: e1000 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: s3psddr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: nHancer -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SimpTcp -> No Registry Path.[/LEFT]
[LEFT]NETSVC: aaksrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: MRENDIS5 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: p17xfilt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: OEM02Dev -> C:\Windows\system32\dot4print.dll ==> No File.[/LEFT]
[LEFT]NETSVC: blueletaudio -> No Registry Path.[/LEFT]
[LEFT]NETSVC: bb-run -> No Registry Path.[/LEFT]
[LEFT]NETSVC: vpcnfltr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: samfilt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: suservice -> C:\Windows\system32\X10UIF.dll ==> No File.[/LEFT]
[LEFT]NETSVC: NETw5x32 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: oraclemtsrecoveryservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: w800obex -> No Registry Path.[/LEFT]
[LEFT]NETSVC: logonsvcid -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pduip6000dmemcrdmgr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: vmsprog -> No Registry Path.[/LEFT]
[LEFT]NETSVC: db2licd -> No Registry Path.[/LEFT]
[LEFT]NETSVC: PQNTDrv -> No Registry Path.[/LEFT]
[LEFT]NETSVC: BRGSp50 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: itchfltr -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CoachVc -> No Registry Path.[/LEFT]
[LEFT]NETSVC: tvtfilter -> No Registry Path.[/LEFT]
[LEFT]NETSVC: risdptsk -> No Registry Path.[/LEFT]
[LEFT]NETSVC: tosrfsnd -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SunkFilt -> No Registry Path.[/LEFT]
[LEFT]NETSVC: DLARTL_M -> No Registry Path.[/LEFT]
[LEFT]NETSVC: btwmodem -> No Registry Path.[/LEFT]
[LEFT]NETSVC: ADIDTSFiltService -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pivot -> No Registry Path.[/LEFT]
[LEFT]NETSVC: rkhdrv31 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: deltafw -> No Registry Path.[/LEFT]
[LEFT]NETSVC: TMMEmu -> No Registry Path.[/LEFT]
[LEFT]NETSVC: NtMtlFax -> No Registry Path.[/LEFT]
[LEFT]NETSVC: sysaudio -> No Registry Path.[/LEFT]
[LEFT]NETSVC: UlSata -> No Registry Path.[/LEFT]
[LEFT]NETSVC: JGOGO -> No Registry Path.[/LEFT]
[LEFT]NETSVC: dbmanagerscheduler -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pdlndqll -> No Registry Path.[/LEFT]
[LEFT]NETSVC: elbydelay -> No Registry Path.[/LEFT]
[LEFT]NETSVC: wmccdsls -> No Registry Path.[/LEFT]
[LEFT]NETSVC: apfiltrservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: vnxservice -> No Registry Path.[/LEFT]
[LEFT]NETSVC: cachemanxp -> No Registry Path.[/LEFT]
[LEFT]NETSVC: zebrmdm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CADlink -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SGIR -> No Registry Path.[/LEFT]
[LEFT]NETSVC: MA8032C -> No Registry Path.[/LEFT]
[LEFT]NETSVC: rbfilter -> No Registry Path.[/LEFT]
[LEFT]NETSVC: pmem -> No Registry Path.[/LEFT]
[LEFT]NETSVC: agpcpq -> No Registry Path.[/LEFT]
[LEFT]NETSVC: yats32 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: DcLps -> No Registry Path.[/LEFT]
[LEFT]NETSVC: s7oppitx -> No Registry Path.[/LEFT]
[LEFT]NETSVC: se2Dnd5 -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SiS300i -> No Registry Path.[/LEFT]
[LEFT]NETSVC: EKECioCtl -> No Registry Path.[/LEFT]
[LEFT]NETSVC: admjoy -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CAMCAUD -> No Registry Path.[/LEFT]
[LEFT]NETSVC: CTEDSPFX.DLL -> No Registry Path.[/LEFT]
[LEFT]NETSVC: z800mdm -> No Registry Path.[/LEFT]
[LEFT]NETSVC: SaiH040B -> C:\Windows\system32\IntelC53.dll ==> No File.[/LEFT]
[LEFT]NETSVC: DniVad -> C:\Windows\system32\c-dillasrv.dll ==> No File.[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== One Month Created Files and Folders ========[/LEFT]
[LEFT] [/LEFT]
[LEFT]2012-09-22 07:12 - 2012-09-22 07:12 - 00000000 ____D C:\FRST[/LEFT]
[LEFT]2012-09-22 05:54 - 2012-09-22 05:54 - 00001901 ____A C:\Users\ayee\Documents\frst notes.txt[/LEFT]
[LEFT]2012-09-22 05:50 - 2012-09-22 05:50 - 00904282 ____A (Farbar) C:\Users\ayee\Documents\FRST.exe[/LEFT]
[LEFT]2012-09-22 05:23 - 2012-09-22 05:23 - 00190479 ____A C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip[/LEFT]
[LEFT]2012-09-21 21:09 - 2012-09-21 21:09 - 00001519 ____A C:\Users\ayee\Documents\check permissions.txt[/LEFT]
[LEFT]2012-09-21 20:16 - 2012-09-21 20:17 - 199468312 ____A C:\Users\ayee\Documents\eusing_2012_09_21.reg[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\ayee\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 19:44 - 2012-09-21 19:45 - 00000000 ____D C:\Program Files\Microsoft Security Client[/LEFT]
[LEFT]2012-09-21 19:25 - 2012-09-21 19:27 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1[/LEFT]
[LEFT]2012-09-21 19:15 - 2009-07-13 15:45 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys[/LEFT]
[LEFT]2012-09-20 19:34 - 2012-09-21 20:46 - 00000000 ____D C:\Program Files\Eusing Free Registry Cleaner[/LEFT]
[LEFT]2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\ayee\AppData\Roaming\PCPro[/LEFT]
[LEFT]2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\ayee\AppData\Roaming\PC Cleaners[/LEFT]
[LEFT]2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\All Users\PC1Data[/LEFT]
[LEFT]2012-09-19 18:36 - 2012-09-19 18:36 - 00000000 ____D C:\Windows\System32\appmgmt[/LEFT]
[LEFT]2012-09-19 17:49 - 2012-09-20 18:34 - 46596096 ____A C:\Windows\System32\config\SOFTWARE.iobit[/LEFT]
[LEFT]2012-09-19 17:49 - 2012-09-20 18:34 - 36536320 ____A C:\Windows\System32\config\SYSTEM.iobit[/LEFT]
[LEFT]2012-09-19 17:49 - 2012-09-20 18:34 - 01769472 ____A C:\Windows\System32\config\DEFAULT.iobit[/LEFT]
[LEFT]2012-09-19 17:49 - 2012-09-20 18:34 - 00032768 ____A C:\Windows\System32\config\SAM.iobit[/LEFT]
[LEFT]2012-09-19 17:49 - 2012-09-20 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit[/LEFT]
[LEFT]2012-09-19 03:58 - 2012-09-19 04:19 - 78545304 ____A (Apple Inc.) C:\Users\ayee\Documents\iTunesSetup.exe[/LEFT]
[LEFT]2012-09-18 20:19 - 2012-09-18 20:19 - 00000000 ____D C:\Users\ayee\Documents\Iphone 3gs 5.1[/LEFT]
[LEFT]2012-09-18 20:13 - 2012-09-18 20:14 - 00000000 ____D C:\Users\ayee\Documents\Iphone 3gs 5.1.1[/LEFT]
[LEFT]2012-09-15 21:19 - 2012-09-15 21:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/LEFT]
[LEFT]2012-09-15 19:19 - 2012-09-15 19:19 - 00000077 ____A C:\Users\ayee\Documents\mcupdate.exec-ordinal not found.txt[/LEFT]
[LEFT]2012-09-15 16:47 - 2012-09-22 06:02 - 00001456 ____A C:\Windows\setupact.log[/LEFT]
[LEFT]2012-09-15 16:47 - 2012-09-17 20:47 - 00205694 ____A C:\Windows\PFRO.log[/LEFT]
[LEFT]2012-09-15 16:47 - 2012-09-15 16:47 - 00000000 ____A C:\Windows\setuperr.log[/LEFT]
[LEFT]2012-09-15 15:40 - 2012-07-23 14:59 - 00022400 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-21 18:28 - 00000000 ____D C:\Users\ayee\AppData\Roaming\IObit[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whqvndhd.sys[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00001230 ____A C:\Users\Public\Desktop\Uninstaller.lnk[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00001179 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00000000 ____D C:\Users\All Users\IObit[/LEFT]
[LEFT]2012-09-15 12:43 - 2012-09-15 12:43 - 00000000 ____D C:\Program Files\IObit[/LEFT]
[LEFT]2012-09-15 12:06 - 2012-09-21 19:27 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk[/LEFT]
[LEFT]2012-09-15 12:05 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys[/LEFT]
[LEFT]2012-09-15 12:03 - 2012-09-21 19:25 - 00000000 ____D C:\Program Files\iTunes[/LEFT]
[LEFT]2012-09-15 12:03 - 2012-09-21 19:25 - 00000000 ____D C:\Program Files\iPod[/LEFT]
[LEFT]2012-09-15 11:50 - 2012-09-21 19:45 - 00001945 ____A C:\Windows\epplauncher.mif[/LEFT]
[LEFT]2012-09-15 11:50 - 2012-09-15 11:50 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk[/LEFT]
[LEFT]2012-09-15 11:49 - 2012-09-21 18:34 - 00000000 ____D C:\Program Files\QuickTime[/LEFT]
[LEFT]2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____D C:\Users\ayee\AppData\Roaming\Opera[/LEFT]
[LEFT]2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____D C:\Users\ayee\AppData\Local\Opera[/LEFT]
[LEFT]2012-09-15 08:30 - 2012-09-15 08:31 - 00000000 ____D C:\Program Files\Opera[/LEFT]
[LEFT]2012-09-15 08:30 - 2012-09-15 08:30 - 00001775 ____A C:\Users\Public\Desktop\Opera.lnk[/LEFT]
[LEFT]2012-09-12 18:08 - 2012-09-12 19:21 - 00005586 ____A C:\Users\ayee\Documents\startup bad dlls.txt[/LEFT]
[LEFT]2012-09-11 20:42 - 2012-09-11 20:42 - 198359374 ____A C:\Users\ayee\Documents\BACKUP.REG[/LEFT]
[LEFT]2012-09-09 12:52 - 2012-09-09 12:52 - 16144455 ____A (Rockers Team) C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe[/LEFT]
[LEFT]2012-09-02 14:27 - 2012-09-02 14:27 - 00000000 ____D C:\Users\ayee\Documents\Redsn0w0.9.14b2[/LEFT]
[LEFT]2012-09-01 13:00 - 2012-09-01 13:00 - 00120044 ____A C:\Users\ayee\Documents\blued-gui.rar[/LEFT]
[LEFT]2012-08-26 12:42 - 2012-08-26 12:42 - 365230920 ____A (Microsoft Corporation) C:\Users\ayee\Documents\Windows6.0-KB948465-X86_vista_sp2.exe[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== 3 Months Modified Files ==================[/LEFT]
[LEFT] [/LEFT]
[LEFT]2012-09-22 06:07 - 2009-07-13 20:34 - 00016448 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/LEFT]
[LEFT]2012-09-22 06:07 - 2009-07-13 20:34 - 00016448 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/LEFT]
[LEFT]2012-09-22 06:04 - 2010-11-22 20:53 - 02027749 ____A C:\Windows\WindowsUpdate.log[/LEFT]
[LEFT]2012-09-22 06:03 - 2010-12-31 16:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[/LEFT]
[LEFT]2012-09-22 06:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT[/LEFT]
[LEFT]2012-09-22 06:02 - 2012-09-15 16:47 - 00001456 ____A C:\Windows\setupact.log[/LEFT]
[LEFT]2012-09-22 05:54 - 2012-09-22 05:54 - 00001901 ____A C:\Users\ayee\Documents\frst notes.txt[/LEFT]
[LEFT]2012-09-22 05:50 - 2012-09-22 05:50 - 00904282 ____A (Farbar) C:\Users\ayee\Documents\FRST.exe[/LEFT]
[LEFT]2012-09-22 05:23 - 2012-09-22 05:23 - 00190479 ____A C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip[/LEFT]
[LEFT]2012-09-22 05:20 - 2010-12-31 16:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[/LEFT]
[LEFT]2012-09-21 21:09 - 2012-09-21 21:09 - 00001519 ____A C:\Users\ayee\Documents\check permissions.txt[/LEFT]
[LEFT]2012-09-21 21:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At47.job[/LEFT]
[LEFT]2012-09-21 20:17 - 2012-09-21 20:16 - 199468312 ____A C:\Users\ayee\Documents\eusing_2012_09_21.reg[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\ayee\Desktop\Eusing Free Registry Cleaner.lnk[/LEFT]
[LEFT]2012-09-21 20:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At46.job[/LEFT]
[LEFT]2012-09-21 19:45 - 2012-09-15 11:50 - 00001945 ____A C:\Windows\epplauncher.mif[/LEFT]
[LEFT]2012-09-21 19:44 - 2010-11-22 21:09 - 00005348 ____A C:\Windows\System32\PerfStringBackup.INI[/LEFT]
[LEFT]2012-09-21 19:27 - 2012-09-15 12:06 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk[/LEFT]
[LEFT]2012-09-21 19:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At45.job[/LEFT]
[LEFT]2012-09-21 18:12 - 2011-05-20 10:35 - 00063369 ____A C:\Users\ayee\Documents\news.zip[/LEFT]
[LEFT]2012-09-21 18:10 - 2011-05-20 08:07 - 00139151 ____A C:\Users\ayee\Documents\news.txt[/LEFT]
[LEFT]2012-09-21 17:58 - 2011-12-15 06:46 - 00015439 ____A C:\Users\ayee\Documents\short.txt[/LEFT]
[LEFT]2012-09-20 18:34 - 2012-09-19 17:49 - 46596096 ____A C:\Windows\System32\config\SOFTWARE.iobit[/LEFT]
[LEFT]2012-09-20 18:34 - 2012-09-19 17:49 - 36536320 ____A C:\Windows\System32\config\SYSTEM.iobit[/LEFT]
[LEFT]2012-09-20 18:34 - 2012-09-19 17:49 - 01769472 ____A C:\Windows\System32\config\DEFAULT.iobit[/LEFT]
[LEFT]2012-09-20 18:34 - 2012-09-19 17:49 - 00032768 ____A C:\Windows\System32\config\SAM.iobit[/LEFT]
[LEFT]2012-09-20 18:34 - 2012-09-19 17:49 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit[/LEFT]
[LEFT]2012-09-19 04:19 - 2012-09-19 03:58 - 78545304 ____A (Apple Inc.) C:\Users\ayee\Documents\iTunesSetup.exe[/LEFT]
[LEFT]2012-09-19 04:00 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At30.job[/LEFT]
[LEFT]2012-09-18 20:23 - 2012-03-05 10:00 - 00323072 __ASH C:\Users\ayee\Documents\Thumbs.db[/LEFT]
[LEFT]2012-09-17 20:47 - 2012-09-15 16:47 - 00205694 ____A C:\Windows\PFRO.log[/LEFT]
[LEFT]2012-09-16 15:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At41.job[/LEFT]
[LEFT]2012-09-16 14:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At40.job[/LEFT]
[LEFT]2012-09-16 13:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At39.job[/LEFT]
[LEFT]2012-09-16 12:08 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At38.job[/LEFT]
[LEFT]2012-09-16 11:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At37.job[/LEFT]
[LEFT]2012-09-16 10:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At36.job[/LEFT]
[LEFT]2012-09-16 09:05 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At35.job[/LEFT]
[LEFT]2012-09-16 08:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At34.job[/LEFT]
[LEFT]2012-09-16 07:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At33.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At32.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At31.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At29.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At28.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At27.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At26.job[/LEFT]
[LEFT]2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At25.job[/LEFT]
[LEFT]2012-09-15 22:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At48.job[/LEFT]
[LEFT]2012-09-15 21:19 - 2012-09-15 21:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/LEFT]
[LEFT]2012-09-15 19:19 - 2012-09-15 19:19 - 00000077 ____A C:\Users\ayee\Documents\mcupdate.exec-ordinal not found.txt[/LEFT]
[LEFT]2012-09-15 18:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At44.job[/LEFT]
[LEFT]2012-09-15 17:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At43.job[/LEFT]
[LEFT]2012-09-15 16:47 - 2012-09-15 16:47 - 00000000 ____A C:\Windows\setuperr.log[/LEFT]
[LEFT]2012-09-15 16:01 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At42.job[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whqvndhd.sys[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00001230 ____A C:\Users\Public\Desktop\Uninstaller.lnk[/LEFT]
[LEFT]2012-09-15 12:47 - 2012-09-15 12:47 - 00001179 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk[/LEFT]
[LEFT]2012-09-15 11:50 - 2012-09-15 11:50 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk[/LEFT]
[LEFT]2012-09-15 08:30 - 2012-09-15 08:30 - 00001775 ____A C:\Users\Public\Desktop\Opera.lnk[/LEFT]
[LEFT]2012-09-12 19:21 - 2012-09-12 18:08 - 00005586 ____A C:\Users\ayee\Documents\startup bad dlls.txt[/LEFT]
[LEFT]2012-09-11 20:58 - 2011-02-08 19:50 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll[/LEFT]
[LEFT]2012-09-11 20:58 - 2011-02-08 19:50 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll[/LEFT]
[LEFT]2012-09-11 20:58 - 2011-02-08 19:50 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll[/LEFT]
[LEFT]2012-09-11 20:42 - 2012-09-11 20:42 - 198359374 ____A C:\Users\ayee\Documents\BACKUP.REG[/LEFT]
[LEFT]2012-09-09 12:52 - 2012-09-09 12:52 - 16144455 ____A (Rockers Team) C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe[/LEFT]
[LEFT]2012-09-07 16:04 - 2010-11-22 21:29 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys[/LEFT]
[LEFT]2012-09-01 13:00 - 2012-09-01 13:00 - 00120044 ____A C:\Users\ayee\Documents\blued-gui.rar[/LEFT]
[LEFT]2012-08-26 12:42 - 2012-08-26 12:42 - 365230920 ____A (Microsoft Corporation) C:\Users\ayee\Documents\Windows6.0-KB948465-X86_vista_sp2.exe[/LEFT]
[LEFT]2012-08-21 12:01 - 2012-09-15 12:05 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys[/LEFT]
[LEFT]2012-08-21 12:01 - 2010-11-23 19:49 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll[/LEFT]
[LEFT]2012-08-19 12:35 - 2012-08-19 12:35 - 05034606 ____A C:\Users\ayee\Documents\com.pragmatixconsulting.packagebackup_4.3.12_iphoneos-arm_fabius.deb[/LEFT]
[LEFT]2012-08-18 19:56 - 2012-08-18 19:55 - 00065495 ____A C:\Users\ayee\Documents\resume etc.zip[/LEFT]
[LEFT]2012-08-12 14:28 - 2012-08-12 14:28 - 00001301 ____A C:\Users\ayee\Documents\new old bootrom.txt[/LEFT]
[LEFT]2012-08-12 09:57 - 2012-08-12 09:56 - 711494134 ____A C:\Users\ayee\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206_oldbootrom.ipsw[/LEFT]
[LEFT]2012-08-12 09:30 - 2012-08-12 09:30 - 711381881 ____A C:\Users\ayee\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206_new_bootrom.ipsw[/LEFT]
[LEFT]2012-08-04 12:32 - 2012-05-20 12:56 - 3047718912 ____A C:\Users\ayee\Downloads\Windows Vista Business__Dell OEM.iso[/LEFT]
[LEFT]2012-07-23 14:59 - 2012-09-15 15:40 - 00022400 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe[/LEFT]
[LEFT]2012-07-07 09:01 - 2012-04-01 20:58 - 00020992 ____A C:\Users\ayee\Documents\Calc Return.xls[/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT]ZeroAccess:[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L\00000004.@[/LEFT]
[LEFT]C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L\201d3dde[/LEFT]
[LEFT] [/LEFT]
[LEFT]ZeroAccess:[/LEFT]
[LEFT]C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}[/LEFT]
[LEFT]C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@[/LEFT]
[LEFT]C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L[/LEFT]
[LEFT]C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Known DLLs (Whitelisted) =================[/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Bamital & volsnap Check =================[/LEFT]
[LEFT] [/LEFT]
[LEFT]C:\Windows\explorer.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\winlogon.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\wininit.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\svchost.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\services.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\User32.dll => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\userinit.exe => MD5 is legit[/LEFT]
[LEFT]C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== EXE ASSOCIATION =====================[/LEFT]
[LEFT] [/LEFT]
[LEFT]HKLM\...\.exe: exefile => OK[/LEFT]
[LEFT]HKLM\...\exefile\DefaultIcon: %1 => OK[/LEFT]
[LEFT]HKLM\...\exefile\open\command: "%1" %* => OK[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Restore Points =========================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Restore point made on: 2012-09-15 11:51:52[/LEFT]
[LEFT]Restore point made on: 2012-09-15 11:55:40[/LEFT]
[LEFT]Restore point made on: 2012-09-19 04:27:32[/LEFT]
[LEFT]Restore point made on: 2012-09-19 18:33:41[/LEFT]
[LEFT]Restore point made on: 2012-09-19 18:36:43[/LEFT]
[LEFT]Restore point made on: 2012-09-19 18:39:42[/LEFT]
[LEFT]Restore point made on: 2012-09-19 18:41:55[/LEFT]
[LEFT]Restore point made on: 2012-09-20 18:19:45[/LEFT]
[LEFT]Restore point made on: 2012-09-20 18:21:23[/LEFT]
[LEFT]Restore point made on: 2012-09-20 18:22:12[/LEFT]
[LEFT]Restore point made on: 2012-09-20 18:23:22[/LEFT]
[LEFT]Restore point made on: 2012-09-20 18:24:11[/LEFT]
[LEFT]Restore point made on: 2012-09-20 19:53:50[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:35:48[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:50:04[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:55:30[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:56:36[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:57:10[/LEFT]
[LEFT]Restore point made on: 2012-09-20 20:57:46[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:27:27[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:37:26[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:37:49[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:40:59[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:43:45[/LEFT]
[LEFT]Restore point made on: 2012-09-21 17:45:02[/LEFT]
[LEFT]Restore point made on: 2012-09-21 18:23:20[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Memory info ===========================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Percentage of memory in use: 16%[/LEFT]
[LEFT]Total physical RAM: 3062.44 MB[/LEFT]
[LEFT]Available physical RAM: 2563.54 MB[/LEFT]
[LEFT]Total Pagefile: 3060.72 MB[/LEFT]
[LEFT]Available Pagefile: 2573.64 MB[/LEFT]
[LEFT]Total Virtual: 2047.88 MB[/LEFT]
[LEFT]Available Virtual: 1968.7 MB[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== Partitions =============================[/LEFT]
[LEFT] [/LEFT]
[LEFT]1 Drive c: () (Fixed) (Total:232.79 GB) (Free:141.05 GB) NTFS[/LEFT]
[LEFT]3 Drive f: () (Removable) (Total:3.73 GB) (Free:1.43 GB) NTFS[/LEFT]
[LEFT]4 Drive g: () (Removable) (Total:0.94 GB) (Free:0.02 GB) FAT[/LEFT]
[LEFT]5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS[/LEFT]
[LEFT]6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)][/LEFT]
[LEFT] [/LEFT]
[LEFT]Disk ### Status Size Free Dyn Gpt[/LEFT]
[LEFT]-------- ------------- ------- ------- --- ---[/LEFT]
[LEFT]Disk 0 Online 232 GB 0 B[/LEFT]
[LEFT]Disk 1 Online 3822 MB 0 B[/LEFT]
[LEFT]Disk 2 Online 967 MB 0 B[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partitions of Disk 0:[/LEFT]
[LEFT]===============[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partition ### Type Size Offset[/LEFT]
[LEFT]------------- ---------------- ------- -------[/LEFT]
[LEFT]Partition 1 Primary 100 MB 1024 KB[/LEFT]
[LEFT]Partition 2 Primary 232 GB 101 MB[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Disk: 0[/LEFT]
[LEFT]Partition 1[/LEFT]
[LEFT]Type : 07[/LEFT]
[LEFT]Hidden: No[/LEFT]
[LEFT]Active: Yes[/LEFT]
[LEFT] [/LEFT]
[LEFT]Volume ### Ltr Label Fs Type Size Status Info[/LEFT]
[LEFT]---------- --- ----------- ----- ---------- ------- --------- --------[/LEFT]
[LEFT]* Volume 1 Y System Rese NTFS Partition 100 MB Healthy[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Disk: 0[/LEFT]
[LEFT]Partition 2[/LEFT]
[LEFT]Type : 07[/LEFT]
[LEFT]Hidden: No[/LEFT]
[LEFT]Active: No[/LEFT]
[LEFT] [/LEFT]
[LEFT]Volume ### Ltr Label Fs Type Size Status Info[/LEFT]
[LEFT]---------- --- ----------- ----- ---------- ------- --------- --------[/LEFT]
[LEFT]* Volume 2 C NTFS Partition 232 GB Healthy[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partitions of Disk 1:[/LEFT]
[LEFT]===============[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partition ### Type Size Offset[/LEFT]
[LEFT]------------- ---------------- ------- -------[/LEFT]
[LEFT]Partition 1 Primary 3818 MB 4032 KB[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Disk: 1[/LEFT]
[LEFT]Partition 1[/LEFT]
[LEFT]Type : 07[/LEFT]
[LEFT]Hidden: No[/LEFT]
[LEFT]Active: Yes[/LEFT]
[LEFT] [/LEFT]
[LEFT]Volume ### Ltr Label Fs Type Size Status Info[/LEFT]
[LEFT]---------- --- ----------- ----- ---------- ------- --------- --------[/LEFT]
[LEFT]* Volume 3 F NTFS Removable 3818 MB Healthy[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partitions of Disk 2:[/LEFT]
[LEFT]===============[/LEFT]
[LEFT] [/LEFT]
[LEFT]Partition ### Type Size Offset[/LEFT]
[LEFT]------------- ---------------- ------- -------[/LEFT]
[LEFT]Partition 1 Primary 967 MB 16 KB[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Disk: 2[/LEFT]
[LEFT]Partition 1[/LEFT]
[LEFT]Type : 06[/LEFT]
[LEFT]Hidden: No[/LEFT]
[LEFT] [/LEFT]
[LEFT]Active: Yes[/LEFT]
[LEFT] [/LEFT]
[LEFT]Volume ### Ltr Label Fs Type Size Status[/LEFT]
[LEFT] [/LEFT]
[LEFT]---------- --- ----------- ----- ---------- ------- --------- --------[/LEFT]
[LEFT]* Volume 4 G FAT Removable 967 MB Healthy[/LEFT]
[LEFT] [/LEFT]
[LEFT]=========================================================[/LEFT]
[LEFT] [/LEFT]
[LEFT]Last Boot: 2012-09-16 11:52[/LEFT]
[LEFT] [/LEFT]
[LEFT]==================== End Of Log ============================[/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT] [/LEFT]
[LEFT]search.txt[/LEFT]
[LEFT]---------------[/LEFT]
[LEFT]Farbar Recovery Scan Tool (x86) Version: 22-09-2012[/LEFT]
[LEFT]Ran by SYSTEM at 2012-09-22 07:16:39[/LEFT]
[LEFT]Running from G:\[/LEFT]
[LEFT] [/LEFT]
[LEFT]================== Search: "services.exe" ===================[/LEFT]
[LEFT] [/LEFT]
[LEFT]C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe[/LEFT]
[LEFT][2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6[/LEFT]
[LEFT] [/LEFT]
[LEFT]C:\Windows\System32\services.exe[/LEFT]
[LEFT][2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6[/LEFT]
[LEFT] [/LEFT]
[LEFT]=== End Of Search ===[/LEFT]
[LEFT]-[/LEFT]
[LEFT] [/LEFT]
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
 

Attachments

  • fixlist.txt
    224 bytes · Views: 7
Broni,
here is 1/3 of logs>Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
ayee :: AYEE-PC [administrator]

9/22/2012 10:42:11 AM
mbam-log-2012-09-22 (10-42-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238145
Time elapsed: 25 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------
gmer -
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-22 11:16:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2250BH rev.0000000B
Running: gmer.exe; Driver: C:\Users\ayee\AppData\Local\Temp\kxldrpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8CC5409A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CC53FF8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CC5400C]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CC54022]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8CC5405E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8CC540AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CC54086]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CC54072]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CC5404A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CC54036]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CC53FE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------
dds -
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by ayee at 11:19:52 on 2012-09-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1648 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\AppServ\MySQL\bin\mysqld.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\AirPrint\airprint.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\ayee\Desktop\gmer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
mRun: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
mRun: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
mRun: [NeroCheck] EROCHECK.EXE
mRun: [McAfeeUpdaterUI] KEY
mRun: [ShStatEXE] E
mRun: [AppleSyncNotifier] OTIFIER.EXE
mRun: [GrooveMonitor] ITOR.EXE"
mRun: [LogMeIn GUI] SYSTRAY.EXE"
mRun: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
mRun: [APSDaemon] .EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"
mRun: [CSESRE] DOWS\TEMP\CSESRE.DLL",LOADBITMAPRESIZE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: c:\users\ayee\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45A86153-9909-4614-BE95-1CC5BD995AD2} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\0554544535 : DhcpNameServer = 66.7.224.17 66.7.224.18 4.2.2.3
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\2375942554238343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\34F6C6566516C6C6569734166656 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\356405C4D275942554C4543535 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\4586567516272796F6276313 : DhcpNameServer = 192.168.7.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ayee\appdata\roaming\mozilla\firefox\profiles\dpqx62sf.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-22 340592]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl734ab8a9;MpKsl734ab8a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\MpKsl734ab8a9.sys [2012-9-22 29904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-15 913792]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -r _ipp._tcp,_universal -s --> c:\program files\airprint\airprint.exe -R _ipp._tcp,_universal -s [?]
R2 Apache2.2;Apache2.2;c:\appserv\apache2.2\bin\httpd.exe [2008-1-17 24635]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-8 47640]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-22 67904]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-22 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-22 42424]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nod32krn;MA8032M;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 vetmsgnt;Sfcure01;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-22 64432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-3 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-22 1343400]
.
=============== Created Last 30 ================
.
2012-09-22 17:27:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\MpKsl734ab8a9.sys
2012-09-22 15:12:31 -------- d-----w- C:\FRST
2012-09-22 04:12:08 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{983c5926-9641-404a-b15f-506df954d71a}\gapaengine.dll
2012-09-22 04:11:24 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\mpengine.dll
2012-09-22 03:44:46 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-22 03:25:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-22 03:15:41 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-09-21 03:34:57 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-09-21 03:01:33 -------- d-----w- c:\users\ayee\appdata\roaming\PC Cleaners
2012-09-21 03:01:22 -------- d-----w- c:\users\ayee\appdata\roaming\PCPro
2012-09-21 03:01:22 -------- d-----w- c:\programdata\PC1Data
2012-09-20 02:36:19 -------- d-----w- c:\windows\system32\appmgmt
2012-09-15 23:40:15 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-15 20:47:41 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
2012-09-15 20:47:36 -------- d-----w- c:\programdata\IObit
2012-09-15 20:47:23 -------- d-----w- c:\users\ayee\appdata\roaming\IObit
2012-09-15 20:43:10 -------- d-----w- c:\program files\IObit
2012-09-15 20:05:34 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 20:03:36 -------- d-----w- c:\program files\iPod
2012-09-15 20:03:35 -------- d-----w- c:\program files\iTunes
2012-09-15 16:31:37 -------- d-----w- c:\users\ayee\appdata\local\Opera
.
==================== Find3M ====================
.
2012-09-12 04:58:28 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-12 04:58:27 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-09-12 04:58:23 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-12 04:58:22 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 11:25:18.64 ===============
-------------------------------------
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2010 9:06:05 PM
System Uptime: 9/22/2012 10:24:03 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0NF743
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 140.521 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Storage media
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_STORAGE_MEDIA&REV_0100#0F07020109746&0#
Manufacturer: Sony
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_STORAGE_MEDIA&REV_0100#0F07020109746&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP102: 9/15/2012 12:51:32 PM - Removed AVG 2012
RP103: 9/15/2012 12:55:31 PM - Removed AVG 2012
RP104: 9/19/2012 5:27:15 AM - good starting point
RP105: 9/19/2012 7:33:23 PM - Removed iTunes
RP106: 9/19/2012 7:36:30 PM - Removed QuickTime
RP107: 9/19/2012 7:39:33 PM - Removed Bonjour
RP108: 9/19/2012 7:41:48 PM - Installed iTunes
RP109: 9/20/2012 7:19:30 PM - Removed Apple Application Support
RP110: 9/20/2012 7:21:15 PM - Removed Apple Software Update
RP111: 9/20/2012 7:22:04 PM - Removed Apple Mobile Device Support
RP112: 9/20/2012 7:23:13 PM - Removed Bonjour
RP113: 9/20/2012 7:24:04 PM - Removed iTunes
RP114: 9/20/2012 8:53:34 PM - Installed iTunes
RP115: 9/20/2012 9:35:22 PM - Windows Update
RP116: 9/20/2012 9:49:56 PM - Removed iTunes
RP117: 9/20/2012 9:55:23 PM - Removed Apple Application Support
RP118: 9/20/2012 9:56:29 PM - Removed Bonjour
RP119: 9/20/2012 9:57:03 PM - Removed Apple Software Update
RP120: 9/20/2012 9:57:39 PM - Removed Apple Mobile Device Support
RP121: 9/21/2012 6:27:06 PM - Installed iTunes
RP123: 9/21/2012 6:37:19 PM - IObit Uninstaller restore point
RP124: 9/21/2012 6:37:35 PM - Removed Apple Mobile Device Support
RP125: 9/21/2012 6:40:51 PM - Removed Apple Application Support
RP126: 9/21/2012 6:43:30 PM - Removed Apple Software Update
RP127: 9/21/2012 6:44:55 PM - Removed Bonjour
RP128: 9/21/2012 7:23:07 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Advanced SystemCare 5
Ahead Nero Burning ROM
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppServ 2.6.0 (remove only)
Bonjour
Dell Driver Download Manager
DivX
Eusing Free Registry Cleaner
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LogMeIn
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox (3.6.12)
Opera 12.02
QuickTime
Safari
ScanToPDF 4.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Symtrax - Telnet
TuneUp Utilities 2008
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VH Toolkit 1.0.46.0
VideoLAN VLC media player 0.8.6c
.
==== Event Viewer Messages From Past Week ========
.
9/22/2012 10:29:36 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/22/2012 10:29:36 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/22/2012 10:29:33 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
9/22/2012 10:25:49 AM, Error: Service Control Manager [7023] - The Symc810 service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:47 AM, Error: Service Control Manager [7023] - The Db2ntsecserver service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: The system cannot find the file specified.
9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The Iaimtv3 service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The Ec2007service service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:45 AM, Error: Service Control Manager [7023] - The TUWinStylerThemeSvc service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:45 AM, Error: Service Control Manager [7023] - The Fsks service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:20 AM, Error: Service Control Manager [7023] - The Zntport service terminated with the following error: The specified module could not be found.
9/22/2012 10:25:06 AM, Error: Service Control Manager [7023] - The Flutilssvc service terminated with the following error: The system cannot find the file specified.
9/22/2012 10:25:06 AM, Error: Service Control Manager [7023] - The Cpqrcmc service terminated with the following error: The specified module could not be found.
9/22/2012 10:24:53 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
9/22/2012 10:24:51 AM, Error: Service Control Manager [7023] - The U81xobex service terminated with the following error: The specified module could not be found.
9/22/2012 10:24:40 AM, Error: Service Control Manager [7023] - The TuneUp Theme Extension service terminated with the following error: The specified procedure could not be found.
9/22/2012 10:06:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
9/21/2012 8:45:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 8:45:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 8:30:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 7:46:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 7:01:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/21/2012 7:01:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/21/2012 6:50:50 PM, Error: Service Control Manager [7003] - The AirPrint service depends the following service: Bonjour Service. This service might not be installed.
9/21/2012 6:38:00 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/21/2012 6:15:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/21/2012 6:15:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/20/2012 9:37:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
9/20/2012 8:31:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/20/2012 7:21:02 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
9/20/2012 6:13:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/18/2012 9:00:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: ayee-PC\ayee Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/18/2012 9:00:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: ayee-PC\ayee Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/18/2012 8:59:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/18/2012 8:36:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:35:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:25:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin....0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-
 
8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 8:08:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/18/2012 8:07:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/18/2012 8:02:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
9/18/2012 7:54:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/18/2012 7:51:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
9/17/2012 9:53:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/17/2012 9:53:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/17/2012 9:53:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/17/2012 9:53:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/17/2012 9:53:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2012 9:53:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/17/2012 9:53:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 9:53:06 PM, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2012 9:43:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/17/2012 9:24:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/17/2012 8:50:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/17/2012 10:03:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/16/2012 9:41:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 9:12:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 8:56:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 8:42:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 8:31:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 8:14:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\shuttleengine.dll;containerfile:_C:\Windows\System32\SiS7018.dll;containerfile:_C:\Windows\System32\Sk99202k.dll;containerfile:_C:\Windows\System32\slabser.dll;containerfile:_C:\Windows\System32\smartscaps.dll;containerfile:_C:\Windows\System32\sonicwall_netextender.dll;containerfile:_C:\Windows\System32\spcstb.dll;containerfile:_C:\Windows\System32\sprtsvc_smartagent.dll;containerfile:_C:\Windows\System32\sp_rssrv.dll;containerfile:_C:\Windows\System32\SQLAgent$ABBEYIIOFFLINE.dll;containerfile:_C:\Windows\System32\ssdiagn.dll;containerfile:_C:\Windows\System32\STEC3.dll;containerfile:_C:\Windows\System32\STV672.dll;containerfile:_C:\Windows\System32\stylexpservice.dll;containerfile:_C:\Windows\System32\surveyor.dll;containerfile:_C:\Windows\System32\suservice.dll;containerfile:_C:\Windows\System32\tb2launch.dll;containerfile:_C:\Windows\System32\tbiosdrv.dll;containerfile:_C:\Windows\System32\tcpip.dll;containerfile:_C:\Windows\System32\tdrpman174.dll;containerfile:_C:\Win Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 8:14:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\shuttleengine.dll;file:_C:\Windows\System32\SiS7018.dll;file:_C:\Windows\System32\Sk99202k.dll;file:_C:\Windows\System32\slabser.dll;file:_C:\Windows\System32\smartscaps.dll;file:_C:\Windows\System32\sonicwall_netextender.dll;file:_C:\Windows\System32\spcstb.dll;file:_C:\Windows\System32\sprtsvc_smartagent.dll;file:_C:\Windows\System32\sp_rssrv.dll;file:_C:\Windows\System32\SQLAgent$ABBEYIIOFFLINE.dll;file:_C:\Windows\System32\ssdiagn.dll;file:_C:\Windows\System32\STEC3.dll;file:_C:\Windows\System32\STV672.dll;file:_C:\Windows\System32\stylexpservice.dll;file:_C:\Windows\System32\surveyor.dll;file:_C:\Windows\System32\suservice.dll;file:_C:\Windows\System32\tb2launch.dll;file:_C:\Windows\System32\tbiosdrv.dll;file:_C:\Windows\System32\tcpip.dll;file:_C:\Windows\System32\tdrpman174.dll;file:_C:\Windows\System32\tmesbs32.dll;file:_C:\Windows\System32\TMKEmu.dll;file:_C:\Windows\System32\tosrfhid.dll;file:_C:\Windows\System32\tosrfsnd.dll;file:_C:\Windows\System32\tpkmpsvc.dll;file:_C: Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 7:51:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 4:11:31 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
9/16/2012 4:10:44 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The system cannot find the path specified.
9/16/2012 4:09:19 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.
9/16/2012 3:51:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 3:08:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/16/2012 2:59:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The system cannot find the path specified.
9/16/2012 2:59:58 PM, Error: Service Control Manager [7000] - The Function Discovery Provider Host service failed to start due to the following error: The system cannot find the path specified.
9/16/2012 2:14:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 12:12:40 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
9/16/2012 12:08:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 11:29:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 11:14:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 10:34:02 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\zz-services.tmp Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 10:34:02 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\system32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 10:34:01 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 10:34:01 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.FR&threatid=2147656060 Name: Trojan:Win32/Alureon.FR ID: 2147656060 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\afacadfbeadct.exe;regkey:_HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AFACADFBEADCT;runkey:_HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AFACADFBEADCT Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/16/2012 10:26:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 10:16:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 10:05:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/16/2012 1:01:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 9:55:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 9:34:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 9:29:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 9:29:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef&threatid=2147646306 Name: Trojan:Win32/Sirefef ID: 2147646306 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U\00000004.@;file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
 
Through mode. This may be due to low resource conditions.
9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows\System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows\System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows\System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows\System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows\System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows\System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows\System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows\System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows\System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows\System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows\System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows\System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows\System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows\System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows\System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
 
Through mode. This may be due to low resource conditions.
9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass

through mode. This may be due to low resource conditions.
9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

critical error when taking action on malware or other potentially unwanted software. For more information

please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID:

2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll

Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time

Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise

\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code:

0x80070021 Error description: The process cannot access the file because another process has locked a

portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0

Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

critical error when taking action on malware or other potentially unwanted software. For more information

please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID:

2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows

\System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type:

Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows

\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and

other potentially unwanted software, see the support article on the Microsoft Security website.

Error Code: 0x800704ec Error description: This program is blocked by group policy. For more

information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS:

1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

critical error when taking action on malware or other potentially unwanted software. For more information

please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID:

2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows

\System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows

\System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows

\System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows

\System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows

\System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows

\System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows

\System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows

\System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows

\System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows

\System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows

\System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection

Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions

required Error Code: 0x80070021 Error description: The process cannot access the file

because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS:

1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

critical error when taking action on malware or other potentially unwanted software. For more information

please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID:

2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows

\System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows

\System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows

\System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows

\System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows

\System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows

\System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
 
Please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070102 Error description: The wait operation timed out. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 7:11:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 7:05:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070102 Error description: The wait operation timed out. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 7:02:46 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
9/15/2012 7:02:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/15/2012 7:02:15 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
9/15/2012 6:55:19 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows
 
Through mode. This may be due to low resource conditions.
9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows\System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows\System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows\System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows\System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows\System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows\System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows\System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows\System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows\System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows\System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows\System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows\System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows\System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows\System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows\System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
 
$ABBEYIIOFFLINE.dll;containerfile:_C:\Windows\System32\ssdiagn.dll;containerfile:_C:\Windows\System32\STEC3.dll;containerfile:_C:\Windows\System32\STV672.dll;containerfile:_C:\Windows\System32\stylexpservice.dll;containerfile:_C:\Windows\System32\surveyor.dll;containerfile:_C:\Windows\System32\suservice.dll;containerfile:_C:\Windo Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
9/15/2012 10:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LMIMaint service.
9/15/2012 10:25:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
9/15/2012 10:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
9/15/2012 10:24:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
9/15/2012 10:24:50 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/15/2012 10:24:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:564 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 10:24:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/15/2012 10:06:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 10:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/15/2012 10:01:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ayee-PC\ayee Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 10:01:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ayee-PC\ayee Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 10:01:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
9/15/2012 10:01:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
.
==== End Of File ===========================

-------------------------------------
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
1st part of tdss log
16:28:19.0125 0600 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:28:20.0061 0600 ============================================================
16:28:20.0061 0600 Current date / time: 2012/09/22 16:28:20.0061
16:28:20.0061 0600 SystemInfo:
16:28:20.0061 0600
16:28:20.0061 0600 OS Version: 6.1.7601 ServicePack: 1.0
16:28:20.0061 0600 Product type: Workstation
16:28:20.0061 0600 ComputerName: AYEE-PC
16:28:20.0061 0600 UserName: ayee
16:28:20.0061 0600 Windows directory: C:\Windows
16:28:20.0061 0600 System windows directory: C:\Windows
16:28:20.0061 0600 Processor architecture: Intel x86
16:28:20.0061 0600 Number of processors: 2
16:28:20.0061 0600 Page size: 0x1000
16:28:20.0061 0600 Boot type: Normal boot
16:28:20.0061 0600 ============================================================
16:28:23.0493 0600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:28:23.0493 0600 Drive \Device\Harddisk1\DR1 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:28:23.0493 0600 ============================================================
16:28:23.0493 0600 \Device\Harddisk0\DR0:
16:28:23.0571 0600 MBR partitions:
16:28:23.0571 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:28:23.0571 0600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:28:23.0571 0600 \Device\Harddisk1\DR1:
16:28:23.0571 0600 MBR partitions:
16:28:23.0571 0600 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
16:28:23.0571 0600 ============================================================
16:28:23.0571 0600 C: <-> \Device\Harddisk0\DR0\Partition2
16:28:23.0571 0600 ============================================================
16:28:23.0571 0600 Initialize success
16:28:23.0571 0600 ============================================================
16:28:31.0215 2056 ============================================================
16:28:31.0215 2056 Scan started
16:28:31.0215 2056 Mode: Manual;
16:28:31.0215 2056 ============================================================
16:28:31.0574 2056 ================ Scan system memory ========================
16:28:31.0574 2056 System memory - ok
16:28:31.0574 2056 ================ Scan services =============================
16:28:31.0714 2056 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:28:31.0717 2056 1394ohci - ok
16:28:31.0732 2056 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:28:31.0748 2056 ACPI - ok
16:28:31.0763 2056 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:28:31.0826 2056 AcpiPmi - ok
16:28:31.0857 2056 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:31.0888 2056 adp94xx - ok
16:28:31.0919 2056 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:28:31.0919 2056 adpahci - ok
16:28:31.0935 2056 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:28:31.0951 2056 adpu320 - ok
16:28:32.0187 2056 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:28:32.0281 2056 AdvancedSystemCareService5 - ok
16:28:32.0281 2056 aeaudio - ok
16:28:32.0328 2056 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:32.0328 2056 AeLookupSvc - ok
16:28:32.0406 2056 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:28:32.0468 2056 AFD - ok
16:28:32.0499 2056 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:28:32.0515 2056 agp440 - ok
16:28:32.0548 2056 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:28:32.0564 2056 aic78xx - ok
16:28:32.0580 2056 AirPrint - ok
16:28:32.0595 2056 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:28:32.0611 2056 ALG - ok
16:28:32.0626 2056 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:28:32.0626 2056 aliide - ok
16:28:32.0642 2056 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:28:32.0658 2056 amdagp - ok
16:28:32.0673 2056 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:28:32.0673 2056 amdide - ok
16:28:32.0704 2056 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:28:32.0704 2056 AmdK8 - ok
16:28:32.0704 2056 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:28:32.0720 2056 AmdPPM - ok
16:28:32.0736 2056 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:28:32.0845 2056 amdsata - ok
16:28:32.0876 2056 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:32.0892 2056 amdsbs - ok
16:28:32.0907 2056 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:28:33.0016 2056 amdxata - ok
16:28:33.0126 2056 [ 97ED5AA5FBAA105EF614B8C240B62BA1 ] Apache2.2 C:\AppServ\Apache2.2\bin\httpd.exe
16:28:33.0141 2056 Apache2.2 - ok
16:28:33.0172 2056 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:28:33.0282 2056 AppID - ok
16:28:33.0313 2056 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:28:33.0328 2056 AppIDSvc - ok
16:28:33.0344 2056 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:28:33.0360 2056 Appinfo - ok
16:28:33.0453 2056 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:28:33.0516 2056 Apple Mobile Device - ok
16:28:33.0531 2056 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:28:33.0547 2056 AppMgmt - ok
16:28:33.0578 2056 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:28:33.0578 2056 arc - ok
16:28:33.0594 2056 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:28:33.0609 2056 arcsas - ok
16:28:33.0609 2056 astcc - ok
16:28:33.0609 2056 AsusACPI - ok
16:28:33.0656 2056 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:33.0672 2056 AsyncMac - ok
16:28:33.0703 2056 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:28:33.0703 2056 atapi - ok
16:28:33.0718 2056 atkdisplf - ok
16:28:33.0718 2056 ATNT40K - ok
16:28:33.0750 2056 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:33.0812 2056 AudioEndpointBuilder - ok
16:28:33.0859 2056 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:28:33.0874 2056 Audiosrv - ok
16:28:33.0906 2056 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:28:33.0952 2056 AxInstSV - ok
16:28:33.0968 2056 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:28:34.0046 2056 b06bdrv - ok
16:28:34.0108 2056 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:28:34.0155 2056 b57nd60x - ok
16:28:34.0155 2056 basfipm - ok
16:28:34.0311 2056 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:28:34.0311 2056 bcm4sbxp - ok
16:28:34.0327 2056 bcserver - ok
16:28:34.0358 2056 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:28:34.0374 2056 BDESVC - ok
16:28:34.0405 2056 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:28:34.0420 2056 Beep - ok
16:28:34.0467 2056 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:34.0467 2056 blbdrive - ok
16:28:34.0530 2056 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:34.0609 2056 Bonjour Service - ok
16:28:34.0655 2056 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:34.0702 2056 bowser - ok
16:28:34.0718 2056 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:34.0733 2056 BrFiltLo - ok
16:28:34.0733 2056 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:34.0749 2056 BrFiltUp - ok
16:28:34.0780 2056 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
16:28:34.0780 2056 Browser - ok
16:28:34.0827 2056 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\system32\Drivers\Brserid.sys
16:28:34.0827 2056 Brserid - ok
16:28:34.0858 2056 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:34.0858 2056 BrSerWdm - ok
16:28:34.0858 2056 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:34.0874 2056 BrUsbMdm - ok
16:28:34.0889 2056 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
16:28:34.0889 2056 BrUsbSer - ok
16:28:34.0952 2056 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:28:34.0952 2056 BthEnum - ok
16:28:34.0967 2056 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:34.0983 2056 BTHMODEM - ok
16:28:34.0999 2056 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:28:34.0999 2056 BthPan - ok
16:28:35.0030 2056 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:28:35.0077 2056 BTHPORT - ok
16:28:35.0108 2056 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:28:35.0108 2056 bthserv - ok
16:28:35.0123 2056 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:28:35.0233 2056 BTHUSB - ok
16:28:35.0233 2056 btserial - ok
16:28:35.0248 2056 btwdndis - ok
16:28:35.0248 2056 caili - ok
16:28:35.0326 2056 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:35.0326 2056 cdfs - ok
16:28:35.0389 2056 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:28:35.0389 2056 cdrom - ok
16:28:35.0451 2056 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:35.0498 2056 CertPropSvc - ok
16:28:35.0529 2056 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:28:35.0545 2056 circlass - ok
16:28:35.0607 2056 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:28:35.0607 2056 CLFS - ok
16:28:35.0701 2056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:35.0701 2056 clr_optimization_v2.0.50727_32 - ok
16:28:35.0732 2056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:35.0732 2056 clr_optimization_v4.0.30319_32 - ok
16:28:35.0747 2056 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:35.0763 2056 CmBatt - ok
16:28:35.0810 2056 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:28:35.0810 2056 cmdide - ok
16:28:35.0872 2056 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
16:28:35.0950 2056 CNG - ok
16:28:35.0966 2056 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:28:35.0981 2056 Compbatt - ok
16:28:35.0997 2056 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:28:36.0059 2056 CompositeBus - ok
16:28:36.0059 2056 COMSysApp - ok
16:28:36.0075 2056 cqcpu - ok
16:28:36.0091 2056 cqmgstor - ok
16:28:36.0106 2056 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:36.0122 2056 crcdisk - ok
16:28:36.0137 2056 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:36.0184 2056 CryptSvc - ok
16:28:36.0262 2056 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:28:36.0325 2056 CSC - ok
16:28:36.0371 2056 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:28:36.0418 2056 CscService - ok
16:28:36.0434 2056 curtainssyssvc - ok
16:28:36.0465 2056 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:36.0465 2056 DcomLaunch - ok
16:28:36.0512 2056 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:28:36.0512 2056 defragsvc - ok
16:28:36.0590 2056 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:28:36.0652 2056 DfsC - ok
16:28:36.0699 2056 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:28:36.0746 2056 Dhcp - ok
16:28:36.0777 2056 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:28:36.0777 2056 discache - ok
16:28:36.0793 2056 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:28:36.0793 2056 Disk - ok
16:28:36.0793 2056 dmisrv - ok
16:28:36.0808 2056 DniVad - ok
16:28:36.0871 2056 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:36.0902 2056 Dnscache - ok
16:28:36.0964 2056 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:37.0011 2056 dot3svc - ok
16:28:37.0042 2056 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:28:37.0042 2056 DPS - ok
16:28:37.0089 2056 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:37.0105 2056 drmkaud - ok
16:28:37.0151 2056 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:37.0214 2056 DXGKrnl - ok
16:28:37.0261 2056 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:28:37.0261 2056 EapHost - ok
16:28:37.0417 2056 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:28:37.0526 2056 ebdrv - ok
16:28:37.0557 2056 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:28:37.0619 2056 EFS - ok
16:28:37.0697 2056 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:28:37.0822 2056 ehRecvr - ok
16:28:37.0869 2056 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:28:37.0900 2056 ehSched - ok
16:28:37.0947 2056 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:28:37.0963 2056 elxstor - ok
16:28:37.0994 2056 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:28:37.0994 2056 ErrDev - ok
16:28:38.0072 2056 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:28:38.0087 2056 EventSystem - ok
16:28:38.0103 2056 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:38.0119 2056 exfat - ok
16:28:38.0134 2056 F700isw - ok
16:28:38.0181 2056 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:38.0181 2056 fastfat - ok
16:28:38.0259 2056 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:28:38.0337 2056 Fax - ok
16:28:38.0368 2056 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:28:38.0368 2056 fdc - ok
16:28:38.0399 2056 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:38.0399 2056 fdPHost - ok
16:28:38.0415 2056 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:38.0415 2056 FDResPub - ok
16:28:38.0446 2056 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:38.0462 2056 FileInfo - ok
16:28:38.0462 2056 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:38.0477 2056 Filetrace - ok
16:28:38.0477 2056 fingrd32 - ok
16:28:38.0493 2056 FireHook - ok
16:28:38.0524 2056 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:38.0524 2056 flpydisk - ok
16:28:38.0555 2056 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:38.0555 2056 FltMgr - ok
16:28:38.0602 2056 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:28:38.0602 2056 FontCache - ok
16:28:38.0696 2056 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:28:38.0696 2056 FontCache3.0.0.0 - ok
16:28:38.0711 2056 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:28:38.0711 2056 FsDepends - ok
16:28:38.0789 2056 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:38.0852 2056 Fs_Rec - ok
16:28:38.0883 2056 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:28:38.0992 2056 fvevol - ok
16:28:39.0023 2056 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:39.0023 2056 gagp30kx - ok
16:28:39.0039 2056 GcKernel - ok
16:28:39.0070 2056 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:28:39.0133 2056 GEARAspiWDM - ok
16:28:39.0148 2056 genmcmn - ok
16:28:39.0211 2056 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:39.0257 2056 gpsvc - ok
16:28:39.0273 2056 gtndis5 - ok
16:28:39.0335 2056 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:39.0335 2056 gupdate - ok
16:28:39.0413 2056 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:28:39.0413 2056 gupdatem - ok
16:28:39.0476 2056 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:28:39.0476 2056 hcw85cir - ok
16:28:39.0617 2056 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:39.0680 2056 HdAudAddService - ok
16:28:39.0695 2056 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:28:39.0742 2056 HDAudBus - ok
16:28:39.0758 2056 hdthermal - ok
16:28:39.0789 2056 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:39.0789 2056 HidBatt - ok
16:28:39.0804 2056 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:28:39.0820 2056 HidBth - ok
16:28:39.0820 2056 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:28:39.0836 2056 HidIr - ok
16:28:39.0867 2056 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:28:39.0882 2056 hidserv - ok
16:28:39.0914 2056 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:28:40.0023 2056 HidUsb - ok
16:28:40.0054 2056 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:40.0101 2056 hkmsvc - ok
16:28:40.0101 2056 hnmsvc - ok
16:28:40.0132 2056 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:40.0179 2056 HomeGroupListener - ok
16:28:40.0226 2056 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:40.0226 2056 HomeGroupProvider - ok
16:28:40.0241 2056 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:28:40.0257 2056 HpSAMD - ok
16:28:40.0304 2056 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:40.0382 2056 HTTP - ok
16:28:40.0428 2056 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:28:40.0475 2056 hwpolicy - ok
16:28:40.0491 2056 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:28:40.0506 2056 i8042prt - ok
16:28:40.0553 2056 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:28:40.0662 2056 iaStorV - ok
16:28:40.0678 2056 id2scaps - ok
16:28:40.0740 2056 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:28:40.0834 2056 idsvc - ok
16:28:41.0006 2056 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:28:41.0224 2056 igfx - ok
16:28:41.0271 2056 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:28:41.0286 2056 iirsp - ok
16:28:41.0349 2056 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:41.0427 2056 IKEEXT - ok
16:28:41.0489 2056 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:28:41.0505 2056 intelide - ok
16:28:41.0520 2056 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:28:41.0520 2056 intelppm - ok
16:28:41.0552 2056 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:28:41.0567 2056 IPBusEnum - ok
16:28:41.0583 2056 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:41.0598 2056 IpFilterDriver - ok
16:28:41.0630 2056 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:28:41.0692 2056 IPMIDRV - ok
16:28:41.0708 2056 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:28:41.0708 2056 IPNAT - ok
16:28:41.0786 2056 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:28:41.0786 2056 iPod Service - ok
16:28:41.0848 2056 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:41.0848 2056 IRENUM - ok
16:28:41.0864 2056 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:28:41.0879 2056 isapnp - ok
16:28:41.0926 2056 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:28:41.0988 2056 iScsiPrt - ok
16:28:42.0004 2056 iwebmsg - ok
16:28:42.0020 2056 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:42.0020 2056 kbdclass - ok
16:28:42.0051 2056 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:42.0160 2056 kbdhid - ok
16:28:42.0191 2056 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:28:42.0191 2056 KeyIso - ok
16:28:42.0254 2056 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:42.0332 2056 KSecDD - ok
16:28:42.0363 2056 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:28:42.0472 2056 KSecPkg - ok
16:28:42.0519 2056 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:42.0550 2056 KtmRm - ok
16:28:42.0581 2056 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:28:42.0581 2056 LanmanServer - ok
16:28:42.0612 2056 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:42.0659 2056 LanmanWorkstation - ok
16:28:42.0690 2056 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:42.0706 2056 lltdio - ok
16:28:42.0737 2056 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:42.0753 2056 lltdsvc - ok
16:28:42.0784 2056 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:42.0784 2056 lmhosts - ok
16:28:42.0862 2056 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
16:28:42.0878 2056 LMIGuardianSvc - ok
16:28:42.0924 2056 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
16:28:43.0034 2056 LMIInfo - ok
16:28:43.0080 2056 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
16:28:43.0143 2056 LMIMaint - ok
16:28:43.0190 2056 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
16:28:43.0299 2056 lmimirr - ok
16:28:43.0299 2056 LMIRfsClientNP - ok
16:28:43.0330 2056 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
16:28:43.0392 2056 LMIRfsDriver - ok
16:28:43.0455 2056 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
16:28:43.0455 2056 LogMeIn - ok
16:28:43.0548 2056 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:43.0548 2056 LSI_FC - ok
16:28:43.0564 2056 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:43.0580 2056 LSI_SAS - ok
16:28:43.0611 2056 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:43.0611 2056 LSI_SAS2 - ok
16:28:43.0626 2056 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:43.0642 2056 LSI_SCSI - ok
16:28:43.0642 2056 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:43.0658 2056 luafv - ok
16:28:43.0673 2056 lwwlicenseservice - ok
16:28:43.0689 2056 maxbackserviceint - ok
16:28:43.0736 2056 [ C3D7E3DCC470D0A5230A485549F21908 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
16:28:43.0798 2056 McAfeeEngineService - ok
16:28:43.0845 2056 [ 4CD3EE64736B4D156DAC5C1D6EB60C24 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
16:28:43.0907 2056 McAfeeFramework - ok
16:28:43.0970 2056 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
16:28:44.0032 2056 McciCMService - ok
16:28:44.0048 2056 mcmispupdmgr - ok
16:28:44.0079 2056 [ 291ADFCB72658349A929B903BC47F8EA ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
16:28:44.0141 2056 McShield - ok
16:28:44.0172 2056 [ 9DF3A434657512B31549F8D20AFFAD5F ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
16:28:44.0235 2056 McTaskManager - ok
16:28:44.0282 2056 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:28:44.0313 2056 Mcx2Svc - ok
16:28:44.0328 2056 mdvrmng - ok
16:28:44.0375 2056 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:28:44.0375 2056 megasas - ok
16:28:44.0406 2056 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:44.0422 2056 MegaSR - ok
16:28:44.0484 2056 [ D0813CF480E3D38A265F3BE86522BF3B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
16:28:44.0500 2056 mfeapfk - ok
16:28:44.0516 2056 [ 04440CC0F5F89933BABD585CC5F2F70E ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:28:44.0516 2056 mfeavfk - ok
16:28:44.0547 2056 [ F6E257C31E0C354A2ED22BF5026C2466 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
16:28:44.0547 2056 mfebopk - ok
16:28:44.0578 2056 [ 79FAE8CE9A478F79B74873A810C8227E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:28:44.0594 2056 mfehidk - ok
16:28:44.0625 2056 [ F21BF10A3784E52EEC925BB5F7D3FFFA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
16:28:45.0077 2056 mferkdet - ok
16:28:45.0124 2056 [ F2D4D0F8E230257A0BE36DF803B549D1 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
16:28:45.0561 2056 mfetdik - ok
16:28:45.0608 2056 [ B87B41F2C05788F04A3B487902803FD2 ] mfevtp C:\Windows\system32\mfevtps.exe
16:28:45.0670 2056 mfevtp - ok
16:28:45.0732 2056 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:28:45.0795 2056 Microsoft Office Groove Audit Service - ok
16:28:45.0857 2056 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:28:45.0857 2056 MMCSS - ok
16:28:45.0873 2056 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:28:45.0873 2056 Modem - ok
16:28:45.0951 2056 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:45.0951 2056 monitor - ok
16:28:45.0982 2056 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:28:45.0982 2056 mouclass - ok
16:28:46.0013 2056 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:28:46.0013 2056 mouhid - ok
16:28:46.0044 2056 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:28:46.0107 2056 mountmgr - ok
16:28:46.0169 2056 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:28:46.0294 2056 MpFilter - ok
16:28:46.0341 2056 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:28:46.0450 2056 mpio - ok
16:28:46.0653 2056 [ A69630D039C38018689190234F866D77 ] MpKsl78006687 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl78006687.sys
16:28:46.0653 2056 MpKsl78006687 - ok
16:28:46.0715 2056 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:46.0715 2056 mpsdrv - ok
16:28:46.0731 2056 MREMP50 - ok
16:28:46.0746 2056 MRESP50 - ok
16:28:46.0809 2056 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:46.0934 2056 MRxDAV - ok
16:28:46.0980 2056 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:47.0090 2056 mrxsmb - ok
16:28:47.0136 2056 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:47.0230 2056 mrxsmb10 - ok
16:28:47.0246 2056 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:47.0370 2056 mrxsmb20 - ok
16:28:47.0433 2056 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:28:47.0573 2056 msahci - ok
16:28:47.0620 2056 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:28:47.0729 2056 msdsm - ok
16:28:47.0776 2056 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:28:47.0792 2056 MSDTC - ok
16:28:47.0838 2056 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:47.0854 2056 Msfs - ok
16:28:47.0870 2056 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:28:47.0885 2056 mshidkmdf - ok
16:28:47.0901 2056 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:28:47.0901 2056 msisadrv - ok
16:28:47.0932 2056 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:47.0948 2056 MSiSCSI - ok
16:28:47.0963 2056 msiserver - ok
16:28:47.0994 2056 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:47.0994 2056 MSKSSRV - ok
16:28:48.0088 2056 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:28:48.0150 2056 MsMpSvc - ok
16:28:48.0166 2056 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:48.0166 2056 MSPCLOCK - ok
16:28:48.0182 2056 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:48.0197 2056 MSPQM - ok
16:28:48.0228 2056 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:48.0244 2056 MsRPC - ok
16:28:48.0275 2056 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:28:48.0275 2056 mssmbios - ok
16:28:48.0306 2056 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:48.0306 2056 MSTEE - ok
16:28:48.0322 2056 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:48.0322 2056 MTConfig - ok
16:28:48.0353 2056 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:48.0353 2056 Mup - ok
16:28:48.0400 2056 mysql - ok
16:28:48.0416 2056 nalntservice - ok
16:28:48.0478 2056 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:28:48.0478 2056 napagent - ok
16:28:48.0525 2056 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:48.0540 2056 NativeWifiP - ok
16:28:48.0587 2056 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:48.0587 2056 NDIS - ok
16:28:48.0618 2056 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:48.0618 2056 NdisCap - ok
16:28:48.0650 2056 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:48.0650 2056 NdisTapi - ok
16:28:48.0712 2056 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:48.0774 2056 Ndisuio - ok
16:28:48.0821 2056 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:48.0930 2056 NdisWan - ok
16:28:48.0993 2056 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:49.0040 2056 NDProxy - ok
16:28:49.0071 2056 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:49.0071 2056 NetBIOS - ok
16:28:49.0118 2056 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:28:49.0227 2056 NetBT - ok
16:28:49.0258 2056 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:28:49.0258 2056 Netlogon - ok
16:28:49.0305 2056 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:28:49.0305 2056 Netman - ok
16:28:49.0320 2056 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:28:49.0336 2056 netprofm - ok
16:28:49.0352 2056 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:49.0430 2056 NetTcpPortSharing - ok
16:28:49.0679 2056 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
16:28:49.0913 2056 netw5v32 - ok
16:28:49.0991 2056 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:49.0991 2056 nfrd960 - ok
16:28:50.0038 2056 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:28:50.0100 2056 NisDrv - ok
16:28:50.0163 2056 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:28:50.0241 2056 NisSrv - ok
16:28:50.0288 2056 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:50.0334 2056 NlaSvc - ok
16:28:50.0350 2056 nod32krn - ok
16:28:50.0366 2056 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:50.0366 2056 Npfs - ok
16:28:50.0428 2056 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:28:50.0428 2056 nsi - ok
16:28:50.0459 2056 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:50.0475 2056 nsiproxy - ok
16:28:50.0553 2056 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:50.0646 2056 Ntfs - ok
16:28:50.0709 2056 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:28:50.0724 2056 Null - ok
16:28:50.0740 2056 NVNET - ok
16:28:50.0771 2056 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:50.0834 2056 nvraid - ok
16:28:50.0880 2056 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:50.0990 2056 nvstor - ok
16:28:51.0021 2056 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:28:51.0021 2056 nv_agp - ok
16:28:51.0036 2056 NxSysMon - ok
16:28:51.0114 2056 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:51.0208 2056 odserv - ok
16:28:51.0224 2056 OEM02Dev - ok
16:28:51.0270 2056 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:28:51.0270 2056 ohci1394 - ok
16:28:51.0286 2056 olregcap - ok
16:28:51.0333 2056 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:51.0395 2056 ose - ok
16:28:51.0473 2056 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:28:51.0489 2056 p2pimsvc - ok
16:28:51.0520 2056 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:51.0551 2056 p2psvc - ok
16:28:51.0567 2056 PAC7302 - ok
16:28:51.0614 2056 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:28:51.0614 2056 Parport - ok
16:28:51.0645 2056 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:51.0754 2056 partmgr - ok
16:28:51.0785 2056 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:28:51.0785 2056 Parvdm - ok
16:28:51.0816 2056 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:51.0816 2056 PcaSvc - ok
16:28:51.0848 2056 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:28:51.0910 2056 pci - ok
16:28:51.0941 2056 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:28:51.0941 2056 pciide - ok
16:28:51.0972 2056 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:51.0988 2056 pcmcia - ok
16:28:52.0004 2056 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:28:52.0019 2056 pcw - ok
16:28:52.0035 2056 PD0620VID - ok
16:28:52.0082 2056 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:52.0097 2056 PEAUTH - ok
16:28:52.0160 2056 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:28:52.0191 2056 PeerDistSvc - ok
16:28:52.0331 2056 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:28:52.0425 2056 pla - ok
16:28:52.0472 2056 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:52.0534 2056 PlugPlay - ok
16:28:52.0565 2056 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:28:52.0565 2056 PNRPAutoReg - ok
16:28:52.0596 2056 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:28:52.0596 2056 PNRPsvc - ok
16:28:52.0674 2056 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:52.0721 2056 PolicyAgent - ok
16:28:52.0768 2056 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:28:52.0815 2056 Power - ok
16:28:52.0862 2056 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:52.0862 2056 PptpMiniport - ok
16:28:52.0893 2056 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:28:52.0893 2056 Processor - ok
16:28:52.0940 2056 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:52.0986 2056 ProfSvc - ok
16:28:53.0018 2056 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:53.0018 2056 ProtectedStorage - ok
16:28:53.0096 2056 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:28:53.0111 2056 Psched - ok
16:28:53.0127 2056 qcdonner - ok
16:28:53.0189 2056 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:28:53.0236 2056 ql2300 - ok
16:28:53.0267 2056 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:53.0283 2056 ql40xx - ok
16:28:53.0330 2056 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:28:53.0345 2056 QWAVE - ok
16:28:53.0361 2056 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
 
16:28:53.0376 2056 QWAVEdrv - ok
16:28:53.0392 2056 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:53.0408 2056 RasAcd - ok
16:28:53.0454 2056 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:53.0454 2056 RasAgileVpn - ok
16:28:53.0486 2056 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:53.0486 2056 RasAuto - ok
16:28:53.0517 2056 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:53.0517 2056 Rasl2tp - ok
16:28:53.0564 2056 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:28:53.0610 2056 RasMan - ok
16:28:53.0642 2056 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:53.0642 2056 RasPppoe - ok
16:28:53.0688 2056 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:53.0704 2056 RasSstp - ok
16:28:53.0766 2056 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:53.0876 2056 rdbss - ok
16:28:53.0891 2056 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:53.0891 2056 rdpbus - ok
16:28:53.0938 2056 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:54.0000 2056 RDPCDD - ok
16:28:54.0047 2056 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:28:54.0110 2056 RDPDR - ok
16:28:54.0125 2056 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:28:54.0125 2056 RDPENCDD - ok
16:28:54.0156 2056 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:28:54.0172 2056 RDPREFMP - ok
16:28:54.0219 2056 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:54.0281 2056 RdpVideoMiniport - ok
16:28:54.0344 2056 [ 244C83332F44589AE98FC347F11B2693 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:28:54.0453 2056 RDPWD - ok
16:28:54.0515 2056 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:28:54.0624 2056 rdyboost - ok
16:28:54.0718 2056 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:28:54.0734 2056 RemoteAccess - ok
16:28:54.0780 2056 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:28:54.0780 2056 RemoteRegistry - ok
16:28:54.0874 2056 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:28:54.0874 2056 RFCOMM - ok
16:28:54.0905 2056 roxwatch - ok
16:28:54.0921 2056 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:28:54.0936 2056 RpcEptMapper - ok
16:28:54.0983 2056 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:28:54.0983 2056 RpcLocator - ok
16:28:55.0014 2056 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:28:55.0030 2056 RpcSs - ok
16:28:55.0077 2056 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:28:55.0077 2056 rspndr - ok
16:28:55.0124 2056 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:28:55.0186 2056 s3cap - ok
16:28:55.0202 2056 s7otranx - ok
16:28:55.0233 2056 saeawbby - ok
16:28:55.0248 2056 SaiH040B - ok
16:28:55.0280 2056 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:28:55.0295 2056 SamSs - ok
16:28:55.0342 2056 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:28:55.0451 2056 sbp2port - ok
16:28:55.0498 2056 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:28:55.0514 2056 SCardSvr - ok
16:28:55.0545 2056 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:28:55.0592 2056 scfilter - ok
16:28:55.0670 2056 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:28:55.0732 2056 Schedule - ok
16:28:55.0779 2056 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:28:55.0810 2056 SCPolicySvc - ok
16:28:55.0857 2056 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:28:55.0904 2056 SDRSVC - ok
16:28:55.0935 2056 se44unic - ok
16:28:55.0997 2056 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:28:55.0997 2056 secdrv - ok
16:28:56.0028 2056 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:28:56.0044 2056 seclogon - ok
16:28:56.0075 2056 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:28:56.0075 2056 SENS - ok
16:28:56.0122 2056 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:28:56.0122 2056 SensrSvc - ok
16:28:56.0169 2056 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:28:56.0184 2056 Serenum - ok
16:28:56.0247 2056 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:28:56.0262 2056 Serial - ok
16:28:56.0294 2056 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:28:56.0294 2056 sermouse - ok
16:28:56.0387 2056 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:28:56.0434 2056 SessionEnv - ok
16:28:56.0481 2056 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:28:56.0481 2056 sffdisk - ok
16:28:56.0512 2056 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:28:56.0528 2056 sffp_mmc - ok
16:28:56.0559 2056 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:28:56.0606 2056 sffp_sd - ok
16:28:56.0637 2056 sfilter - ok
16:28:56.0668 2056 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:56.0684 2056 sfloppy - ok
16:28:56.0730 2056 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:56.0793 2056 ShellHWDetection - ok
16:28:56.0808 2056 SiRemFil - ok
16:28:56.0840 2056 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:28:56.0840 2056 sisagp - ok
16:28:56.0871 2056 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:56.0871 2056 SiSRaid2 - ok
16:28:56.0902 2056 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:56.0918 2056 SiSRaid4 - ok
16:28:56.0933 2056 Sk9920nt - ok
16:28:56.0964 2056 Slntamr - ok
16:28:56.0996 2056 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:28:56.0996 2056 Smb - ok
16:28:57.0089 2056 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:28:57.0089 2056 SNMPTRAP - ok
16:28:57.0120 2056 Sntnlusb - ok
16:28:57.0136 2056 spcsutilityservice - ok
16:28:57.0198 2056 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:28:57.0198 2056 spldr - ok
16:28:57.0261 2056 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
16:28:57.0323 2056 Spooler - ok
16:28:57.0526 2056 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:28:57.0557 2056 sppsvc - ok
16:28:57.0588 2056 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:28:57.0651 2056 sppuinotify - ok
16:28:57.0666 2056 SRTSPL - ok
16:28:57.0760 2056 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:28:57.0869 2056 srv - ok
16:28:57.0947 2056 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:28:58.0010 2056 srv2 - ok
16:28:58.0056 2056 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:28:58.0072 2056 SrvHsfHDA - ok
16:28:58.0119 2056 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:28:58.0150 2056 SrvHsfV92 - ok
16:28:58.0197 2056 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:28:58.0212 2056 SrvHsfWinac - ok
16:28:58.0244 2056 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:28:58.0353 2056 srvnet - ok
16:28:58.0431 2056 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:28:58.0431 2056 SSDPSRV - ok
16:28:58.0446 2056 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:28:58.0462 2056 SstpSvc - ok
16:28:58.0493 2056 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:28:58.0509 2056 stexstor - ok
16:28:58.0556 2056 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:28:58.0602 2056 StiSvc - ok
16:28:58.0665 2056 [ 69A926DBCA12046633E3D6E6D46E7087 ] StkAMini C:\Windows\system32\Drivers\StkAMini.sys
16:28:58.0727 2056 StkAMini - ok
16:28:58.0774 2056 [ 5CCFE3B03F97005D221BA897C9A20B38 ] StkASSrv C:\Windows\System32\StkASv2K.exe
16:28:58.0836 2056 StkASSrv - ok
16:28:58.0868 2056 [ 83406FB18CB0ABFEC501ADD986D63572 ] StkScan C:\Windows\system32\Drivers\StkScan.sys
16:28:58.0946 2056 StkScan - ok
16:28:58.0992 2056 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:28:59.0055 2056 storflt - ok
16:28:59.0086 2056 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:28:59.0133 2056 StorSvc - ok
16:28:59.0164 2056 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:28:59.0226 2056 storvsc - ok
16:28:59.0242 2056 suservice - ok
16:28:59.0289 2056 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:28:59.0289 2056 swenum - ok
16:28:59.0304 2056 swmidi - ok
16:28:59.0382 2056 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:28:59.0382 2056 swprv - ok
16:28:59.0414 2056 symtdi - ok
16:28:59.0445 2056 Synth3dVsc - ok
16:28:59.0523 2056 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:28:59.0538 2056 SysMain - ok
16:28:59.0570 2056 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:59.0616 2056 TabletInputService - ok
16:28:59.0663 2056 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:28:59.0710 2056 TapiSrv - ok
16:28:59.0741 2056 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:28:59.0757 2056 TBS - ok
16:28:59.0835 2056 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:28:59.0960 2056 Tcpip - ok
16:29:00.0022 2056 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:29:00.0038 2056 TCPIP6 - ok
16:29:00.0116 2056 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:29:00.0225 2056 tcpipreg - ok
16:29:00.0287 2056 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:29:00.0396 2056 TDPIPE - ok
16:29:00.0443 2056 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:29:00.0552 2056 TDTCP - ok
16:29:00.0630 2056 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:29:00.0740 2056 tdx - ok
16:29:00.0771 2056 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:29:00.0849 2056 TermDD - ok
16:29:00.0942 2056 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:29:01.0020 2056 TermService - ok
16:29:01.0083 2056 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:29:01.0083 2056 Themes - ok
16:29:01.0114 2056 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:29:01.0130 2056 THREADORDER - ok
16:29:01.0145 2056 tosrfbnp - ok
16:29:01.0161 2056 transcode360 - ok
16:29:01.0192 2056 trioservice - ok
16:29:01.0223 2056 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:29:01.0239 2056 TrkWks - ok
16:29:01.0317 2056 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:29:01.0426 2056 TrustedInstaller - ok
16:29:01.0504 2056 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:01.0613 2056 tssecsrv - ok
16:29:01.0644 2056 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:29:01.0707 2056 TsUsbFlt - ok
16:29:01.0722 2056 tsusbhub - ok
16:29:01.0785 2056 [ 233FCD3443CFBBAA27E7E463DCCBC528 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
16:29:01.0863 2056 TuneUp.Defrag - ok
16:29:01.0925 2056 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:29:01.0972 2056 tunnel - ok
16:29:02.0019 2056 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:29:02.0019 2056 uagp35 - ok
16:29:02.0066 2056 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:29:02.0128 2056 udfs - ok
16:29:02.0206 2056 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:29:02.0206 2056 UI0Detect - ok
16:29:02.0253 2056 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:29:02.0268 2056 uliagpkx - ok
16:29:02.0300 2056 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:29:02.0362 2056 umbus - ok
16:29:02.0393 2056 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:29:02.0393 2056 UmPass - ok
16:29:02.0456 2056 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:29:02.0502 2056 UmRdpService - ok
16:29:02.0534 2056 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:29:02.0534 2056 upnphost - ok
16:29:02.0580 2056 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:29:02.0721 2056 USBAAPL - ok
16:29:02.0799 2056 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:29:02.0861 2056 usbaudio - ok
16:29:02.0908 2056 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:02.0970 2056 usbccgp - ok
16:29:02.0986 2056 USBCCID - ok
16:29:03.0033 2056 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:29:03.0033 2056 usbcir - ok
16:29:03.0095 2056 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:29:03.0204 2056 usbehci - ok
16:29:03.0236 2056 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:29:03.0345 2056 usbhub - ok
16:29:03.0376 2056 usbmate - ok
16:29:03.0423 2056 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:29:03.0516 2056 usbohci - ok
16:29:03.0563 2056 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:29:03.0579 2056 usbprint - ok
16:29:03.0626 2056 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:29:03.0626 2056 usbscan - ok
16:29:03.0657 2056 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:03.0766 2056 USBSTOR - ok
16:29:03.0797 2056 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:29:03.0906 2056 usbuhci - ok
16:29:03.0953 2056 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:29:03.0953 2056 UxSms - ok
16:29:04.0000 2056 [ 25895CC7C3F101419A9ED1BF65A8BD62 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:29:04.0047 2056 UxTuneUp - ok
16:29:04.0078 2056 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:29:04.0078 2056 VaultSvc - ok
16:29:04.0109 2056 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:29:04.0125 2056 vdrvroot - ok
16:29:04.0172 2056 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:29:04.0265 2056 vds - ok
16:29:04.0281 2056 vetmsgnt - ok
16:29:04.0328 2056 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:04.0328 2056 vga - ok
16:29:04.0390 2056 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:29:04.0390 2056 VgaSave - ok
16:29:04.0421 2056 VGPU - ok
16:29:04.0468 2056 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:29:04.0530 2056 vhdmp - ok
16:29:04.0546 2056 Via4in1 - ok
16:29:04.0593 2056 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:29:04.0593 2056 viaagp - ok
16:29:04.0640 2056 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:29:04.0640 2056 ViaC7 - ok
16:29:04.0671 2056 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:29:04.0686 2056 viaide - ok
16:29:04.0702 2056 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:29:04.0764 2056 vmbus - ok
16:29:04.0811 2056 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:29:04.0858 2056 VMBusHID - ok
16:29:04.0889 2056 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:29:04.0952 2056 volmgr - ok
16:29:05.0014 2056 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:29:05.0030 2056 volmgrx - ok
16:29:05.0061 2056 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:29:05.0123 2056 volsnap - ok
16:29:05.0154 2056 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:29:05.0170 2056 vsmraid - ok
16:29:05.0232 2056 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:29:05.0326 2056 VSS - ok
16:29:05.0388 2056 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:29:05.0388 2056 vwifibus - ok
16:29:05.0466 2056 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:29:05.0498 2056 W32Time - ok
16:29:05.0560 2056 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:29:05.0560 2056 WacomPen - ok
16:29:05.0607 2056 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:29:05.0716 2056 WANARP - ok
16:29:05.0763 2056 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:29:05.0763 2056 Wanarpv6 - ok
16:29:05.0872 2056 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:29:05.0997 2056 WatAdminSvc - ok
16:29:06.0075 2056 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:29:06.0200 2056 wbengine - ok
16:29:06.0262 2056 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:29:06.0262 2056 WbioSrvc - ok
16:29:06.0309 2056 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:29:06.0387 2056 wcncsvc - ok
16:29:06.0418 2056 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:29:06.0434 2056 WcsPlugInService - ok
16:29:06.0465 2056 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:29:06.0480 2056 Wd - ok
16:29:06.0527 2056 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:29:06.0558 2056 Wdf01000 - ok
16:29:06.0590 2056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:29:06.0590 2056 WdiServiceHost - ok
16:29:06.0621 2056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:29:06.0621 2056 WdiSystemHost - ok
16:29:06.0668 2056 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:29:06.0714 2056 WebClient - ok
16:29:06.0761 2056 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:29:06.0777 2056 Wecsvc - ok
16:29:06.0792 2056 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:29:06.0792 2056 wercplsupport - ok
16:29:06.0824 2056 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:29:06.0839 2056 WerSvc - ok
16:29:06.0902 2056 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:06.0902 2056 WfpLwf - ok
16:29:06.0948 2056 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:29:06.0948 2056 WIMMount - ok
16:29:06.0995 2056 WinHttpAutoProxySvc - ok
16:29:07.0073 2056 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:29:07.0073 2056 Winmgmt - ok
16:29:07.0151 2056 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:29:07.0245 2056 WinRM - ok
16:29:07.0338 2056 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:29:07.0385 2056 WinUsb - ok
16:29:07.0479 2056 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:29:07.0494 2056 Wlansvc - ok
16:29:07.0541 2056 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:29:07.0541 2056 WmiAcpi - ok
16:29:07.0604 2056 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:29:07.0650 2056 wmiApSrv - ok
16:29:07.0728 2056 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:29:07.0744 2056 WMPNetworkSvc - ok
16:29:07.0775 2056 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:29:07.0791 2056 WPCSvc - ok
16:29:07.0838 2056 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:29:07.0838 2056 WPDBusEnum - ok
16:29:07.0884 2056 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:29:07.0900 2056 ws2ifsl - ok
16:29:07.0916 2056 WSearch - ok
16:29:07.0994 2056 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:29:08.0118 2056 WudfPf - ok
16:29:08.0150 2056 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:08.0274 2056 WUDFRd - ok
16:29:08.0306 2056 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:29:08.0352 2056 wudfsvc - ok
16:29:08.0399 2056 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:29:08.0415 2056 WwanSvc - ok
16:29:08.0462 2056 zBackupAssistService - ok
16:29:08.0555 2056 ================ Scan global ===============================
16:29:08.0665 2056 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:29:08.0743 2056 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:29:08.0805 2056 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
16:29:08.0836 2056 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:29:08.0852 2056 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:29:08.0867 2056 [Global] - ok
16:29:08.0867 2056 ================ Scan MBR ==================================
16:29:08.0867 2056 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:29:09.0086 2056 \Device\Harddisk0\DR0 - ok
16:29:09.0086 2056 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:29:12.0019 2056 \Device\Harddisk1\DR1 - ok
16:29:12.0034 2056 ================ Scan VBR ==================================
16:29:12.0034 2056 [ 45D9FAE720141F33F48B303940591B39 ] \Device\Harddisk0\DR0\Partition1
16:29:12.0034 2056 \Device\Harddisk0\DR0\Partition1 - ok
16:29:12.0065 2056 [ 5ADE49C750A59FA1E80BF8B0799F2ABF ] \Device\Harddisk0\DR0\Partition2
16:29:12.0065 2056 \Device\Harddisk0\DR0\Partition2 - ok
16:29:12.0081 2056 [ A9D9BA7F30D4384CC10CEEF5464B8CC0 ] \Device\Harddisk1\DR1\Partition1
16:29:12.0081 2056 \Device\Harddisk1\DR1\Partition1 - ok
16:29:12.0081 2056 ============================================================
16:29:12.0081 2056 Scan finished
16:29:12.0081 2056 ============================================================
16:29:12.0097 1648 Detected object count: 0
16:29:12.0097 1648 Actual detected object count: 0
--------------------------
roguekiller -
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : ayee [Admin rights]
Mode : Remove -- Date : 09/22/2012 16:36:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 67 ¤¤¤
[TASK][SUSP PATH] At33.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At32.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At31.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At30.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At29.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At28.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At27.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At26.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At25.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At43.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At42.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At41.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At40.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At39.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At38.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At37.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At36.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At35.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At34.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At48.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At47.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At46.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At45.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At44.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At25 : C:\ProgramData\ERQE3II7.exe_ -> DELETED
[TASK][SUSP PATH] At26 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At27 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At28 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At29 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At30 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At31 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At32 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At33 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At34 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At35 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At36 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At37 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At38 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At39 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At40 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At41 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At42 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At43 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At44 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At45 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At46 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At47 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[TASK][SUSP PATH] At48 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] c7640912f808a4048c3c310872317f92
[BSP] d500636d65bd83825c9fb5c8063422b9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

--------------------------
aswmbr-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 16:39:57
-----------------------------
16:39:57.298 OS Version: Windows 6.1.7601 Service Pack 1
16:39:57.298 Number of processors: 2 586 0xF06
16:39:57.298 ComputerName: AYEE-PC UserName: ayee
16:39:59.045 Initialize success
16:55:10.328 AVAST engine defs: 12092201
16:55:52.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:55:52.798 Disk 0 Vendor: FUJITSU_MHY2250BH 0000000B Size: 238475MB BusType: 3
16:55:52.829 Disk 0 MBR read successfully
16:55:52.829 Disk 0 MBR scan
16:55:52.844 Disk 0 Windows 7 default MBR code
16:55:52.860 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:55:52.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
16:55:52.969 Disk 0 scanning sectors +488394752
16:55:53.094 Disk 0 scanning C:\Windows\system32\drivers
16:56:29.209 Service scanning
16:56:56.868 Service MpKsl78006687 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl78006687.sys **LOCKED** 32
16:57:27.470 Modules scanning
16:57:33.944 Module: C:\Windows\System32\iertutil.dll **SUSPICIOUS**
16:57:34.802 Module: C:\Windows\System32\imagehlp.dll **SUSPICIOUS**
16:57:39.326 Module: C:\Windows\System32\wintrust.dll **SUSPICIOUS**
16:57:40.074 Disk 0 trace - called modules:
16:57:40.106 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys intelppm.sys
16:57:40.106 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8777e460]
16:57:40.121 3 CLASSPNP.SYS[8cc6959e] -> nt!IofCallDriver -> [0x876b4918]
16:57:40.121 5 ACPI.sys[8c4ac3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x869de610]
16:57:41.010 AVAST engine scan C:\Windows
16:57:45.675 AVAST engine scan C:\Windows\system32
17:08:14.296 AVAST engine scan C:\Windows\system32\drivers
17:09:05.386 AVAST engine scan C:\Users\ayee
18:02:24.237 AVAST engine scan C:\ProgramData
18:05:23.648 Scan finished successfully
18:07:39.722 Disk 0 MBR has been saved successfully to "C:\Users\ayee\Documents\MBR.dat"
18:07:39.738 The log file has been saved successfully to "C:\Users\ayee\Documents\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni, the log from combofix:
ComboFix 12-09-22.02 - ayee 09/22/2012 20:34:18.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1736 [GMT -7:00]
Running from: c:\users\ayee\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\85028134
c:\programdata\ERQE3II7.exe.b
c:\users\ayee\Desktop\Internet Explorer.lnk
c:\users\ayee\Documents\~WRL0001.tmp
c:\users\ayee\g2mdlhlpx.exe
c:\windows\$NtUninstallKB30596$
c:\windows\$NtUninstallKB30596$\1066223625\@
c:\windows\$NtUninstallKB30596$\1066223625\cfg.ini
c:\windows\$NtUninstallKB30596$\1066223625\Desktop.ini
c:\windows\$NtUninstallKB30596$\1066223625\L\xadqgnnk
c:\windows\$NtUninstallKB30596$\1066223625\oemid
c:\windows\$NtUninstallKB30596$\1066223625\U\00000001.@
c:\windows\$NtUninstallKB30596$\1066223625\U\00000002.@
c:\windows\$NtUninstallKB30596$\1066223625\U\00000004.@
c:\windows\$NtUninstallKB30596$\1066223625\U\80000000.@
c:\windows\$NtUninstallKB30596$\1066223625\U\80000004.@
c:\windows\$NtUninstallKB30596$\1066223625\U\80000032.@
c:\windows\$NtUninstallKB30596$\1066223625\version
c:\windows\$NtUninstallKB30596$\2411358654
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 03:51 . 2012-09-23 03:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys
2012-09-23 03:48 . 2012-09-23 03:52 -------- d-----w- c:\users\ayee\AppData\Local\temp
2012-09-23 03:48 . 2012-09-23 03:48 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-09-23 03:48 . 2012-09-23 03:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-22 15:12 . 2012-09-22 15:12 -------- d-----w- C:\FRST
2012-09-22 04:12 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{983C5926-9641-404A-B15F-506DF954D71A}\gapaengine.dll
2012-09-22 04:11 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\mpengine.dll
2012-09-22 03:44 . 2012-09-22 03:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-22 03:25 . 2012-09-22 03:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-22 03:15 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-09-21 03:34 . 2012-09-22 04:46 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PC Cleaners
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PCPro
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\programdata\PC1Data
2012-09-15 23:40 . 2012-07-23 22:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-15 20:47 . 2012-09-15 20:47 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
2012-09-15 20:47 . 2012-09-15 20:47 -------- d-----w- c:\programdata\IObit
2012-09-15 20:47 . 2012-09-22 02:28 -------- d-----w- c:\users\ayee\AppData\Roaming\IObit
2012-09-15 20:43 . 2012-09-15 20:43 -------- d-----w- c:\program files\IObit
2012-09-15 20:05 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iPod
2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iTunes
2012-09-15 19:49 . 2012-09-22 02:34 -------- d-----w- c:\program files\QuickTime
2012-09-15 16:31 . 2012-09-15 16:31 -------- d-----w- c:\users\ayee\AppData\Local\Opera
2012-09-15 16:30 . 2012-09-15 16:31 -------- d-----w- c:\program files\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 04:58 . 2011-02-09 03:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-12 04:58 . 2011-02-09 03:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-09-12 04:58 . 2011-02-09 03:50 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-12 04:58 . 2011-02-09 03:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-08 00:04 . 2010-11-23 05:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 20:01 . 2010-11-24 03:49 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-28 . 384CEE4A16E93BBDB72B2F45295C8D78 . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21158_none_2e80a0ea1381c332\mshtml.dll
[-] 2012-02-28 . A02495541347031DA24D19806B147B3F . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16968_none_2dec5c10fa6c0c17\mshtml.dll
[-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll
[-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17785_none_2fba1860f7a563e0\mshtml.dll
[-] 2012-02-28 . 07B90528507189F3DD6AA132FDAA23BB . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21931_none_3075c586109e0fc0\mshtml.dll
[7] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
[7] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
[7] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
[7] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
[7] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll
[7] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll
[7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll
[7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll
[7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll
[7] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll
[7] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll
[7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll
[7] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll
[7] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll
[7] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll
[7] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll
[7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll
[7] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll
[7] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll
[7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll
[7] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll
[7] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll
[7] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll
[7] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
[7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll
[7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
[7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll
[7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll
[7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll
[7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
.
[-] 2012-02-28 . 6D57EAE6BC922EC56DBD9EF4AD9986BD . 982016 . . [8.00.7600.21158] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21158_none_1d2681cb932b59fc\wininet.dll
[-] 2012-02-28 . F09F1A921CB0F1B708D23CC58F8EB21E . 981504 . . [8.00.7600.16968] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16968_none_1c923cf27a15a2e1\wininet.dll
[-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll
[-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7601.17785] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll
[-] 2012-02-28 . 6A5778483A8023B4DB9C5A509D382392 . 982016 . . [8.00.7601.21931] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll
[7] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
[7] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
[7] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
[7] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
[7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
[7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
[7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16869] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
[7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.21033] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[7] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[7] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
[7] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[7] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
[7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[7] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
[7] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
[7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
[7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="KEY" [X]
"ShStatEXE"="E" [X]
"LogMeIn GUI"="SYSTRAY.EXE" [2009-07-14 8192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-20 247968]
.
c:\users\ayee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 saeawbby;saeawbby;c:\windows\system32\drivers\saeawbby.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsl9cef16d6;MpKsl9cef16d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys [x]
S1 MpKslaaa1e0af;MpKslaaa1e0af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKslaaa1e0af.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9CEF16D6
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
UxTuneUp
Wmi
WmdmPmSp
SiRemFil
Slntamr
relational
tsmservice
ASUSVRC
incdrec
XUIF
sbiesvc
emu10k
wintabservice
C-Dilla
slpmonx
netrcacm
pinnaclesys.mediaserver
utilman
pageserver
pnrouter
WISTechVIDCAP
ipinip
DC21x4
USRpdA
milshieldcleaner
XBCD
dlaboiom
agnfilt
lightscribeservice
zebrmdmc
TMKEmu
nla
nhcDriverDevice
clr_optimization_v2.0.50215_32
alertservice
mssql$microsoftsmlbiz
CAM1210
DMUSBUSBDCam
W700mdm
tosrfec
A88xXBar
atimpab
PD0620VID
QV2KUX
ms_mpu401
edspport
DCamUSBEMPIA
nwcworkstation
lxrsge10s
cpqdmi
adaptecstoragemanageragent
toscosrv
U81xmgmt
winachsf
HSXHWBS2
IJPLMSVC
NICSer_WPC54G
bc_tdi_f
abp480n5
clnt_clientman
maxbackserviceint
sysaidagent
GameConsoleService
ICAM5USB
SE27mdm
avinitnt
fgdxbus
CYGF32X
mssql$sony_mediamgr
iaimtv2
aeaudio
wfxsvc
Shockprf
pxfhmdfl
Wuser32
sbcssvc
SE2Cbus
viagfx
vcsw
mpservice
avc
ossrv
pae_1394
idrivert
nmservice
trayman
itmrtsvc
hpqwmiex
ipsecmon
w810mdm
pid_0928
roxupnpserver
se45mdfl
tpkd
sym_u3
SE2Cmdfl
GoToAssist
PAR1284
mctskshd.exe
rt2500
point32
oracle_load_balancer_60_server-forms6ip14
hotspotshieldservice
asp.net_1.1.4322
caboagp
GVCplDrv
NvNdis
firesvc
sqlagent$sony_mediamgr
USB_NDIS_51
PNDIS5
hpqddsvc
iwebcal
oracleorahometnslistener
pdlnemap
genregistrar
fasttx2k
wanminiportservice
savrtpel
w810mdfl
ctxcpusched
AEAudioService
driverhardwarev2
s217unic
Evian
BCMModem
WinDriver6
asc3550
w200mgmt
PSDNServ
rksample
yukonwxp
minilog
belgium_id_card_service
dirms_defragmentation
zendcoreapache
wdelmgr20
rwbackupsrv
TNaviSrv
ami0nt
NWSNS
p1131vid
vcommmgr
e1000
s3psddr
nHancer
SimpTcp
aaksrv
MRENDIS5
p17xfilt
OEM02Dev
blueletaudio
bb-run
vpcnfltr
samfilt
suservice
NETw5x32
oraclemtsrecoveryservice
w800obex
logonsvcid
pduip6000dmemcrdmgr
vmsprog
db2licd
PQNTDrv
BRGSp50
itchfltr
CoachVc
tvtfilter
risdptsk
tosrfsnd
SunkFilt
DLARTL_M
btwmodem
ADIDTSFiltService
pivot
rkhdrv31
deltafw
TMMEmu
NtMtlFax
sysaudio
UlSata
JGOGO
dbmanagerscheduler
pdlndqll
elbydelay
wmccdsls
apfiltrservice
vnxservice
cachemanxp
zebrmdm
CADlink
SGIR
MA8032C
rbfilter
pmem
agpcpq
yats32
DcLps
s7oppitx
se2Dnd5
SiS300i
EKECioCtl
admjoy
CAMCAUD
CTEDSPFX.DLL
z800mdm
SaiH040B
DniVad
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
astcc
AsusACPI
atkdisplf
ATNT40K
basfipm
bcserver
btserial
btwdndis
caili
cqcpu
cqmgstor
curtainssyssvc
DELTA
dmisrv
F700isw
fingrd32
FireHook
GcKernel
genmcmn
gtndis5
hdthermal
hnmsvc
id2scaps
iwebmsg
lwwlicenseservice
mcmispupdmgr
mdvrmng
nalntservice
nod32krn
NVNET
NxSysMon
olregcap
PAC7302
qcdonner
roxwatch
s7otranx
se44unic
sfilter
Sk9920nt
Sntnlusb
spcsutilityservice
SRTSPL
swmidi
symtdi
tosrfbnp
transcode360
trioservice
USBCCID
usbmate
vetmsgnt
Via4in1
zBackupAssistService
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 21:31]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-Run-NeroCheck - EROCHECK.EXE
HKLM-Run-AppleSyncNotifier - OTIFIER.EXE
HKLM-Run-GrooveMonitor - ITOR.EXE
HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
HKLM-Run-APSDaemon - .EXE
HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
HKLM-Run-CSESRE - DOWS\TEMP\CSESRE.DLL
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\appserv\MySQL\bin\mysqld.exe
c:\windows\System32\StkASv2K.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-22 21:01:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-23 04:01
.
Pre-Run: 148,992,745,472 bytes free
Post-Run: 149,138,366,464 bytes free
.
- - End Of File - - 4092EE98D7962BCD6F2478AEDEAD616E
 
Uninstall Eusing Free Registry Cleaner and Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


=======================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\whqvndhd.sys
c:\windows\system32\drivers\saeawbby.sys

Driver::
whqvndhd
saeawbby

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix log from script:
ComboFix 12-09-22.02 - ayee 09/22/2012 21:42:29.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1663 [GMT -7:00]
Running from: c:\users\ayee\Desktop\ComboFix.exe
Command switches used :: c:\users\ayee\Documents\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\saeawbby.sys"
"c:\windows\system32\drivers\whqvndhd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ayee\AppData\Local\Temp\{C4931174-AC67-41D3-A3A2-F324BC2627A1}
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_saeawbby
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 03:51 . 2012-09-23 03:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys
2012-09-23 03:48 . 2012-09-23 04:55 -------- d-----w- c:\users\ayee\AppData\Local\temp
2012-09-22 15:12 . 2012-09-22 15:12 -------- d-----w- C:\FRST
2012-09-22 04:12 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{983C5926-9641-404A-B15F-506DF954D71A}\gapaengine.dll
2012-09-22 04:11 . 2012-09-19 07:59 6980552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\mpengine.dll
2012-09-22 03:44 . 2012-09-23 04:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-22 03:25 . 2012-09-22 03:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-22 03:15 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-09-21 03:34 . 2012-09-23 04:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PC Cleaners
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PCPro
2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\programdata\PC1Data
2012-09-15 23:40 . 2012-07-23 22:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-15 20:47 . 2012-09-15 20:47 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
2012-09-15 20:47 . 2012-09-15 20:47 -------- d-----w- c:\programdata\IObit
2012-09-15 20:47 . 2012-09-22 02:28 -------- d-----w- c:\users\ayee\AppData\Roaming\IObit
2012-09-15 20:43 . 2012-09-15 20:43 -------- d-----w- c:\program files\IObit
2012-09-15 20:05 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iPod
2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iTunes
2012-09-15 19:49 . 2012-09-22 02:34 -------- d-----w- c:\program files\QuickTime
2012-09-15 16:31 . 2012-09-15 16:31 -------- d-----w- c:\users\ayee\AppData\Local\Opera
2012-09-15 16:30 . 2012-09-15 16:31 -------- d-----w- c:\program files\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 04:58 . 2011-02-09 03:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-12 04:58 . 2011-02-09 03:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-09-12 04:58 . 2011-02-09 03:50 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-12 04:58 . 2011-02-09 03:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-08 00:04 . 2010-11-23 05:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 20:01 . 2010-11-24 03:49 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-28 . 384CEE4A16E93BBDB72B2F45295C8D78 . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21158_none_2e80a0ea1381c332\mshtml.dll
[-] 2012-02-28 . A02495541347031DA24D19806B147B3F . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16968_none_2dec5c10fa6c0c17\mshtml.dll
[-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll
[-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17785_none_2fba1860f7a563e0\mshtml.dll
[-] 2012-02-28 . 07B90528507189F3DD6AA132FDAA23BB . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21931_none_3075c586109e0fc0\mshtml.dll
[7] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
[7] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
[7] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
[7] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
[7] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll
[7] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll
[7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll
[7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll
[7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll
[7] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll
[7] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll
[7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll
[7] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll
[7] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll
[7] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll
[7] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll
[7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll
[7] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll
[7] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll
[7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll
[7] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll
[7] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll
[7] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll
[7] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll
[7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
[7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
[7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll
[7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
[7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll
[7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll
[7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll
[7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
.
[-] 2012-02-28 . 6D57EAE6BC922EC56DBD9EF4AD9986BD . 982016 . . [8.00.7600.21158] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21158_none_1d2681cb932b59fc\wininet.dll
[-] 2012-02-28 . F09F1A921CB0F1B708D23CC58F8EB21E . 981504 . . [8.00.7600.16968] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16968_none_1c923cf27a15a2e1\wininet.dll
[-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll
[-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7601.17785] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll
[-] 2012-02-28 . 6A5778483A8023B4DB9C5A509D382392 . 982016 . . [8.00.7601.21931] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll
[7] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
[7] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
[7] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
[7] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
[7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
[7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
[7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16869] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
[7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.21033] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[7] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[7] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
[7] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[7] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
[7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[7] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
[7] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
[7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
[7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="KEY" [X]
"ShStatEXE"="E" [X]
"LogMeIn GUI"="SYSTRAY.EXE" [2009-07-14 8192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-20 247968]
.
c:\users\ayee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslaaa1e0af;MpKslaaa1e0af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKslaaa1e0af.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsl9cef16d6;MpKsl9cef16d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys [x]
S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
UxTuneUp
Wmi
WmdmPmSp
SiRemFil
Slntamr
relational
tsmservice
ASUSVRC
incdrec
XUIF
sbiesvc
emu10k
wintabservice
C-Dilla
slpmonx
netrcacm
pinnaclesys.mediaserver
utilman
pageserver
pnrouter
WISTechVIDCAP
ipinip
DC21x4
USRpdA
milshieldcleaner
XBCD
dlaboiom
agnfilt
lightscribeservice
zebrmdmc
TMKEmu
nla
nhcDriverDevice
clr_optimization_v2.0.50215_32
alertservice
mssql$microsoftsmlbiz
CAM1210
DMUSBUSBDCam
W700mdm
tosrfec
A88xXBar
atimpab
PD0620VID
QV2KUX
ms_mpu401
edspport
DCamUSBEMPIA
nwcworkstation
lxrsge10s
cpqdmi
adaptecstoragemanageragent
toscosrv
U81xmgmt
winachsf
HSXHWBS2
IJPLMSVC
NICSer_WPC54G
bc_tdi_f
abp480n5
clnt_clientman
maxbackserviceint
sysaidagent
GameConsoleService
ICAM5USB
SE27mdm
avinitnt
fgdxbus
CYGF32X
mssql$sony_mediamgr
iaimtv2
aeaudio
wfxsvc
Shockprf
pxfhmdfl
Wuser32
sbcssvc
SE2Cbus
viagfx
vcsw
mpservice
avc
ossrv
pae_1394
idrivert
nmservice
trayman
itmrtsvc
hpqwmiex
ipsecmon
w810mdm
pid_0928
roxupnpserver
se45mdfl
tpkd
sym_u3
SE2Cmdfl
GoToAssist
PAR1284
mctskshd.exe
rt2500
point32
oracle_load_balancer_60_server-forms6ip14
hotspotshieldservice
asp.net_1.1.4322
caboagp
GVCplDrv
NvNdis
firesvc
sqlagent$sony_mediamgr
USB_NDIS_51
PNDIS5
hpqddsvc
iwebcal
oracleorahometnslistener
pdlnemap
genregistrar
fasttx2k
wanminiportservice
savrtpel
w810mdfl
ctxcpusched
AEAudioService
driverhardwarev2
s217unic
Evian
BCMModem
WinDriver6
asc3550
w200mgmt
PSDNServ
rksample
yukonwxp
minilog
belgium_id_card_service
dirms_defragmentation
zendcoreapache
wdelmgr20
rwbackupsrv
TNaviSrv
ami0nt
NWSNS
p1131vid
vcommmgr
e1000
s3psddr
nHancer
SimpTcp
aaksrv
MRENDIS5
p17xfilt
OEM02Dev
blueletaudio
bb-run
vpcnfltr
samfilt
suservice
NETw5x32
oraclemtsrecoveryservice
w800obex
logonsvcid
pduip6000dmemcrdmgr
vmsprog
db2licd
PQNTDrv
BRGSp50
itchfltr
CoachVc
tvtfilter
risdptsk
tosrfsnd
SunkFilt
DLARTL_M
btwmodem
ADIDTSFiltService
pivot
rkhdrv31
deltafw
TMMEmu
NtMtlFax
sysaudio
UlSata
JGOGO
dbmanagerscheduler
pdlndqll
elbydelay
wmccdsls
apfiltrservice
vnxservice
cachemanxp
zebrmdm
CADlink
SGIR
MA8032C
rbfilter
pmem
agpcpq
yats32
DcLps
s7oppitx
se2Dnd5
SiS300i
EKECioCtl
admjoy
CAMCAUD
CTEDSPFX.DLL
z800mdm
SaiH040B
DniVad
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
astcc
AsusACPI
atkdisplf
ATNT40K
basfipm
bcserver
btserial
btwdndis
caili
cqcpu
cqmgstor
curtainssyssvc
DELTA
dmisrv
F700isw
fingrd32
FireHook
GcKernel
genmcmn
gtndis5
hdthermal
hnmsvc
id2scaps
iwebmsg
lwwlicenseservice
mcmispupdmgr
mdvrmng
nalntservice
nod32krn
NVNET
NxSysMon
olregcap
PAC7302
qcdonner
roxwatch
s7otranx
se44unic
sfilter
Sk9920nt
Sntnlusb
spcsutilityservice
SRTSPL
swmidi
symtdi
tosrfbnp
transcode360
trioservice
USBCCID
usbmate
vetmsgnt
Via4in1
zBackupAssistService
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 21:31]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\appserv\MySQL\bin\mysqld.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\System32\StkASv2K.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-22 22:02:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-23 05:02
ComboFix2.txt 2012-09-23 04:01
.
Pre-Run: 149,387,669,504 bytes free
Post-Run: 148,862,046,208 bytes free
.
- - End Of File - - 3B91C94B04E0D0BB6D3B3DBB9919E672
 
Looks good :)

Any current issues?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi broni, well,after couple of restarts this morning and clicking on windows update @ microsoft.com, it started updating!
but my problem with itune.is still there, I uninstalled and reinstalled, my error 7 (windows error 5),now mutated into
'the program can't start because avfoundationcf.dll is missing from your computer. try reinstalling the program to fix this problem.'. I searched on net and found that some claims that .net is hosed, I see that 3.x and 2.x are supposed to be built in, I have 4.0 installed, thinking I might try downloading it and trying to repair that. is there such a thing as permissions on the registries, that would prevent itunes from installing? or is there a repair for missing dll(s)?
 
That may be a subject to a different forum.
Here we have to finish cleaning process so go ahead with OTL.
 
OTL logfile created on: 9/23/2012 11:44:06 AM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\ayee\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.78% Memory free
5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 137.14 Gb Free Space | 58.91% Space Free | Partition Type: NTFS

Computer Name: AYEE-PC | User Name: ayee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 11:35:22 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
PRC - [2012/09/14 19:07:19 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/09/11 21:58:20 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/22 22:17:53 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/09/29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/09/29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/02/13 03:00:20 | 007,336,576 | ---- | M] () -- C:\AppServ\MySQL\bin\mysqld.exe
PRC - [2008/01/17 10:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\AppServ\Apache2.2\bin\httpd.exe
PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XTrapD12.dllzBackupAssistService\Parameters -- (zBackupAssistService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdcmdpst.dllj.dll -- (Via4in1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (vetmsgnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavagente.dll -- (usbmate)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Intels51.dll -- (USBCCID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\toddsrv.dll -- (trioservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfbnp.dll -- (transcode360)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\askernel.dll -- (tosrfbnp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsge10s.dll -- (symtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (swmidi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\X10UIF.dll -- (suservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hSONYPVh.dll -- (SRTSPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aawservice.dll -- (spcsutilityservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (Sntnlusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vproeventmonitor.dll -- (Slntamr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBEMPIA.dll--- | m] (microsoft corporation) -- (Sk9920nt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (SiRemFil)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\jobserver_report.dll -- (sfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmiAcpi.dll -- (se44unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IntelC53.dll -- (SaiH040B)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt2870.dlls\s7otranx\Parameters -- (s7otranx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LUsbFilt.dll -- (roxwatch)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (relational)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Emdm.dll -- (qcdonner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (PD0620VID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sprtsvc_ddoctorv2.dll -- (PAC7302)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonypvu1.dlll client\nissrv.e -- (olregcap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4print.dll client\nissrv.ex -- (OEM02Dev)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\monfilt.dll -- (NxSysMon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptserial.dll -- (NVNET)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dlln -- (nod32krn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scramby.dll -- (nalntservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhbus.dll -- (mdvrmng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dllrameters -- (mcmispupdmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dimension4.dllwlicenseservice\parameters -- (maxbackserviceint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tme3srv.dll\lwwlicenseservice\Parameters -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnatdl.dllice.exe -- (iwebmsg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vetmsgnt.dll -- (id2scaps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EL2000.dll -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rslinx.dll -- (hdthermal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfcom.dll -- (gtndis5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FA312.dll -- (genmcmn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ilicensesvc.dll.0\wpf\presentationfontcache.exe -- (GcKernel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (FireHook)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elotouchscreen.dllsys,-100 -- (fingrd32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AppnApi.dll -- (F700isw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\c-dillasrv.dll -- (DniVad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i8042prt.dll -- (dmisrv)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (DELTA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemsg.dll55) -- (curtainssyssvc)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (CTEDSPFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RAPIProtocol.dlll -- (cqmgstor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\splitter.dllms.dll -- (cqcpu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaudio.dll -- (caili)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafeventrouter.dll -- (btwdndis)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dllSB -- (btserial)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (bcserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (basfipm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sym_hi.dlle -- (ATNT40K)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cacheserver.dllileDeviceService.exe -- (atkdisplf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eSettingsService.dll -- (AsusACPI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iirsp.dll -- (astcc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (aeaudio)
SRV - [2012/09/14 19:07:19 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/09/11 21:58:20 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/22 22:17:53 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/11/22 23:47:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/22 22:40:46 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Unknown (2018998034) | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/02/13 03:00:20 | 007,336,576 | ---- | M] () [Auto | Running] -- C:\AppServ\MySQL\bin\mysqld.exe -- (mysql)
SRV - [2008/01/17 10:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\AppServ\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2007/12/20 11:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ayee\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/23 11:29:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01902AB-BDF8-4DFB-8DE4-BCB8C0560DA6}\MpKsl7a6629b6.sys -- (MpKsl7a6629b6)
DRV - [2012/09/23 09:20:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01902AB-BDF8-4DFB-8DE4-BCB8C0560DA6}\MpKsl3f4809a2.sys -- (MpKsl3f4809a2)
DRV - [2012/09/11 21:58:28 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 15:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2008/09/29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/09/26 19:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/01 22:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 32 42 51 7D 98 CD 01 [binary data]
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ccccc6508f4&lang=en&ds=AVG&pr=fr&d=2012-05-09 07:05:04&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2012-03-29 14:50:02&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/15 12:51:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/21 19:35:47 | 000,000,000 | ---D | M]

[2010/12/31 17:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Extensions
[2012/06/16 13:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\extensions
[2009/07/13 16:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\extensions\tnnreimtpx@tnnreimtpx.org.xpi
[2012/05/11 21:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 16:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/26 10:29:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/13 17:50:45 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Safe Search = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/09/22 21:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Windows\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [MobileDocuments] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45A86153-9909-4614-BE95-1CC5BD995AD2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 11:34:51 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
[2012/09/23 10:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/23 10:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/23 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/23 10:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/23 10:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/23 07:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/22 21:54:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/22 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Local\temp
[2012/09/22 20:15:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/22 20:15:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/22 20:15:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/22 20:15:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/22 20:08:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/22 20:04:07 | 004,754,913 | R--- | C] (Swearware) -- C:\Users\ayee\Desktop\ComboFix.exe
[2012/09/22 16:37:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ayee\Desktop\aswMBR.exe
[2012/09/22 16:33:31 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\RK_Quarantine
[2012/09/22 08:12:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/22 06:50:16 | 000,904,282 | ---- | C] (Farbar) -- C:\Users\ayee\Documents\FRST.exe
[2012/09/21 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2012/09/21 20:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/20 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2012/09/20 20:01:33 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\PC Cleaners
[2012/09/20 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\PCPro
[2012/09/20 20:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/09/19 19:36:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/09/18 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Iphone 3gs 5.1
[2012/09/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Iphone 3gs 5.1.1
[2012/09/15 16:40:15 | 000,022,400 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/09/15 13:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/09/15 13:47:23 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\IObit
[2012/09/15 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/09/15 12:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/09/15 12:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/09/15 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\Opera
[2012/09/15 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Local\Opera
[2012/09/15 09:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/09/09 13:52:43 | 016,144,455 | ---- | C] (Rockers Team) -- C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe
[2012/09/08 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\dell_vista_drivers
[2012/09/02 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Redsn0w0.9.14b2
[2012/09/01 11:13:55 | 000,000,000 | R--D | C] -- C:\Users\ayee\Documents\Documents

========== Files - Modified Within 30 Days ==========

[2012/09/23 11:36:16 | 000,016,448 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 11:36:16 | 000,016,448 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 11:35:22 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
[2012/09/23 11:32:25 | 000,933,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/23 11:32:25 | 000,212,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/23 11:27:24 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 11:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 11:26:04 | 2408,398,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 10:20:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 10:14:03 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 09:19:48 | 000,408,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/22 22:05:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 21:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/22 20:05:18 | 004,754,913 | R--- | M] (Swearware) -- C:\Users\ayee\Desktop\ComboFix.exe
[2012/09/22 18:34:21 | 000,046,454 | ---- | M] () -- C:\Users\ayee\Documents\news.zip
[2012/09/22 18:07:39 | 000,000,512 | ---- | M] () -- C:\Users\ayee\Documents\MBR.dat
[2012/09/22 16:39:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ayee\Desktop\aswMBR.exe
[2012/09/22 16:31:20 | 001,388,032 | ---- | M] () -- C:\Users\ayee\Documents\RogueKiller.exe
[2012/09/22 06:50:45 | 000,904,282 | ---- | M] (Farbar) -- C:\Users\ayee\Documents\FRST.exe
[2012/09/22 06:23:29 | 000,190,479 | ---- | M] () -- C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip
[2012/09/21 21:17:55 | 199,468,312 | ---- | M] () -- C:\Users\ayee\Documents\eusing_2012_09_21.reg
[2012/09/15 22:19:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/15 12:50:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/15 09:30:58 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/09/11 21:58:28 | 000,083,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/09/11 21:58:23 | 000,030,624 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/09/11 21:58:22 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/09/11 21:42:32 | 198,359,374 | ---- | M] () -- C:\Users\ayee\Documents\BACKUP.REG
[2012/09/09 13:52:55 | 016,144,455 | ---- | M] (Rockers Team) -- C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/01 14:00:07 | 000,120,044 | ---- | M] () -- C:\Users\ayee\Documents\blued-gui.rar

========== Files Created - No Company Name ==========

[2012/09/23 10:14:03 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/23 10:11:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/22 22:05:30 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/22 20:15:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/22 20:15:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/22 20:15:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/22 20:15:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/22 20:15:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/22 18:07:39 | 000,000,512 | ---- | C] () -- C:\Users\ayee\Documents\MBR.dat
[2012/09/22 16:30:57 | 001,388,032 | ---- | C] () -- C:\Users\ayee\Documents\RogueKiller.exe
[2012/09/22 06:23:26 | 000,190,479 | ---- | C] () -- C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip
[2012/09/21 21:16:20 | 199,468,312 | ---- | C] () -- C:\Users\ayee\Documents\eusing_2012_09_21.reg
[2012/09/15 22:19:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/15 12:50:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/15 12:50:39 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/15 09:30:58 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/09/11 21:42:02 | 198,359,374 | ---- | C] () -- C:\Users\ayee\Documents\BACKUP.REG
[2012/09/01 14:00:07 | 000,120,044 | ---- | C] () -- C:\Users\ayee\Documents\blued-gui.rar
[2012/05/12 08:35:36 | 000,000,600 | ---- | C] () -- C:\Users\ayee\AppData\Local\PUTTY.RND
[2012/05/10 21:38:23 | 000,000,068 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/05/10 21:38:19 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/05/10 21:38:19 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012/05/10 21:38:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/05/10 21:38:19 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012/04/29 09:56:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\-06QucbADZ6ZevM
[2012/04/29 09:55:58 | 000,000,480 | ---- | C] () -- C:\ProgramData\06QucbADZ6ZevM
[2012/02/18 20:55:19 | 000,000,001 | ---- | C] () -- C:\ProgramData\ERQE3II7.exe_.b
[2012/02/18 07:57:25 | 000,187,432 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/12 14:18:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/12/31 07:42:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\lhah8C3.com_.b
[2011/12/24 09:45:36 | 000,000,001 | ---- | C] () -- C:\Windows\System32\lhah8C3.com.b
[2011/12/24 07:13:40 | 000,000,112 | ---- | C] () -- C:\ProgramData\CK8lbl0G1.dat
[2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\Users\ayee\AppData\Local\p45gq71falo0e34xqp2sdbtn63027hndp
[2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\ProgramData\p45gq71falo0e34xqp2sdbtn63027hndp
[2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\Users\ayee\AppData\Local\4a24mk4f80s857
[2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
[2011/07/03 18:48:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/03 18:45:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/03 17:54:37 | 000,000,600 | ---- | C] () -- C:\Users\ayee\AppData\Roaming\winscp.rnd
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/29 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\AVG2012
[2012/03/25 10:49:47 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\DA0FCCD6
[2012/04/07 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\DiskAid
[2011/07/04 12:40:19 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\GetRightToGo
[2012/09/21 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\IObit
[2012/09/15 09:31:37 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\Opera
[2012/09/20 20:01:33 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PC Cleaners
[2012/05/11 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PCDr
[2012/09/20 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PCPro
[2012/09/02 16:38:25 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\redsn0w
[2011/07/04 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\ScanToPDF_4
[2010/11/22 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\TuneUp Software
[2012/09/23 07:53:53 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\uTorrent
[2012/05/05 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\whqvndhd.sys:changelist

< End of report >
 
OTL Extras logfile created on: 9/23/2012 11:44:06 AM - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\ayee\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.78% Memory free
5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 137.14 Gb Free Space | 58.91% Space Free | Partition Type: NTFS

Computer Name: AYEE-PC | User Name: ayee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{304E6D89-3444-4DD8-9500-B8CD48D48C71}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59BF84BC-A272-4C79-A7CE-FBC6B0EAF447}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B51479D2-B9BB-44E6-8398-FE6D60DE4E14}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7569212-728A-4E95-8C1E-44DCD0647E3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3072C0F5-09C1-4FDB-B380-C94A53A7B6BF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E9A6F1D6-1D46-4F97-8DB1-338D17D0C03C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{CB7B4260-0E23-4444-8376-1D3E74F421D8}_is1" = ScanToPDF 4.1
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AppServ" = AppServ 2.6.0 (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Opera 12.02.1578" = Opera 12.02
"Symtrax - Telnet" = Symtrax - Telnet
"uTorrent" = µTorrent
"VH Toolkit_is1" = VH Toolkit 1.0.46.0
"VLC media player" = VideoLAN VLC media player 0.8.6c

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2012 12:16:42 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/23/2012 12:25:28 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/23/2012 12:25:28 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
code.

Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
the error code.

Error - 9/23/2012 2:32:22 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/23/2012 2:32:22 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 9/23/2012 2:42:45 PM | Computer Name = ayee-PC | Source = Application Error | ID = 1000
Description = Faulting application name: opera.exe, version: 12.2.1578.0, time stamp:
0x503cc74d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process id:
0x92c Faulting application start time: 0x01cd99b97562eb67 Faulting application path:
C:\Program Files\Opera\opera.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 76973a69-05ae-11e2-b182-001a6b26c375

[ OSession Events ]
Error - 1/31/2011 3:09:06 PM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6311
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 1/25/2012 11:44:55 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1501
seconds with 300 seconds of active time. This session ended with a crash.

Error - 3/2/2012 12:56:58 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/2/2012 12:58:38 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/2/2012 1:04:10 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/2/2012 1:07:17 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 176
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/2/2012 1:09:18 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/2/2012 1:10:48 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The STV680m service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The CcmExec service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Digisptiservice service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Qcdonner service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The FreshIO service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Tvicport service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Sfcure01 service terminated with the following error: %%126

Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Lktimesync service terminated with the following error: %%126

Error - 9/23/2012 2:27:54 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
Description = The Hpdj service terminated with the following error: %%126

Error - 9/23/2012 2:29:39 PM | Computer Name = ayee-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >
 
You're running two AV programs, McAfee and MSE.
You must uninstall one of them.

===========================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [MobileDocuments] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\Users\ayee\AppData\Local\p45gq71falo0e34xqp2sdbtn63027hndp
[2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\ProgramData\p45gq71falo0e34xqp2sdbtn63027hndp
[2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\Users\ayee\AppData\Local\4a24mk4f80s857
[2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[2012/03/29 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\AVG2012
[2012/05/05 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012
@Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\whqvndhd.sys:changelist

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Status
Not open for further replies.

Similar threads

arsonfly
Hi all, I have a problem with random FPS lag from out of nowhere.
Replies
1
Views
1K
khadirajohn
K
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz

Latest posts

Back