TechSpot

[A] Another siref victim

Inactive
By gordon low
Sep 22, 2012
  1. Help! I had installed avg for antivirus, and one day it began quaranting everything insight, to such a degree that when I next fired up the laptop, windows wouldnt stay up. anyways, I had to rely on safe mode to even use it for email and browsing. eventually, I found enough on the web to try to repair my windows startup, by downloading a copy of window 7.
    so I've run malware.com's tool, eusing free registry cleaner, microsoft essentials and now it boots in normal mode.
    my problem is itunes wont run, error 7(windows error 5), and windows update wont run.
    so copying everybody, I've run the frst tool and here are my files.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Please observe forum rules.
    All logs have to pasted not attached.
     
  3. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Hi bront,
    sorry about that. I didnt know the rules. here are the 2 logs:

    frst.tx_​
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-09-2012​
    Ran by SYSTEM at 22-09-2012 07:12:41​
    Running from G:\​
    Windows 7 Enterprise (X86) OS Language: English(US)​
    The current controlset is ControlSet003​
    ==================== Registry (Whitelisted) ===================​
    HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]​
    HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]​
    HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]​
    HKLM\...\Run: [NeroCheck] EROCHECK.EXE [x]​
    HKLM\...\Run: [McAfeeUpdaterUI] KEY [x]​
    HKLM\...\Run: [ShStatEXE] E [x]​
    HKLM\...\Run: [AppleSyncNotifier] OTIFIER.EXE [x]​
    HKLM\...\Run: [GrooveMonitor] ITOR.EXE" [x]​
    HKLM\...\Run: [LogMeIn GUI] SYSTRAY.EXE" [x]​
    HKLM\...\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]​
    HKLM\...\Run: [APSDaemon] .EXE" [x]​
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)​
    HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]​
    HKLM\...\Run: [CSESRE] DOWS\TEMP\CSESRE.DLL",LOADBITMAPRESIZE [x]​
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)​
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)​
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)​
    HKU\ayee\...\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win [1591808 2006-03-23] (YourWare Solutions (TM))​
    HKU\ayee\...\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)​
    HKLM\...\Winlogon: [Userinit] userinit.exe, [26624 2010-11-20] (Microsoft Corporation)​
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254​
    Startup: C:\Users\ayee\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk​
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)​
    ==================== Services (Whitelisted) ===================​
    2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)​
    2 Apache2.2; "C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice [24635 2008-01-17] (Apache Software Foundation)​
    2018998032018998032 CTEDSPFX.DLL; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)​
    2 DELTA; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)​
    2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-09-11] (LogMeIn, Inc.)​
    2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-09-14] (LogMeIn, Inc.)​
    2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-11-08] (LogMeIn, Inc.)​
    2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [19456 2008-09-29] (McAfee, Inc.)​
    2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2008-03-14] (McAfee, Inc.)​
    2 McShield; "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" [143088 2008-09-29] (McAfee, Inc.)​
    2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [62800 2008-09-29] (McAfee, Inc.)​
    2 mfevtp; C:\Windows\system32\mfevtps.exe [67904 2008-09-29] (McAfee, Inc.)​
    2018998032018998032018998032018998032 relational; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)​
    2018998032 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-23] (Syntek America Inc.)​
    3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [306432 2010-11-22] (TuneUp Software GmbH)​
    2 aeaudio; C:\Windows\System32\a016mdm.dll [x]​
    2 AirPrint; C:\Program Files\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [x]​
    2 astcc; C:\Windows\System32\iirsp.dll [x]​
    2 AsusACPI; C:\Windows\System32\eSettingsService.dll [x]​
    2 atkdisplf; C:\Windows\System32\cacheserver.dll [x]​
    2 ATNT40K; C:\Windows\System32\sym_hi.dll [x]​
    2 basfipm; C:\Windows\System32\kpfwsvc.dll [x]​
    2 bcserver; C:\Windows\System32\TOSHIBASoftModem.dll [x]​
    2 btserial; C:\Windows\System32\RecAgent.dll [x]​
    2 btwdndis; C:\Windows\System32\cwafeventrouter.dll [x]​
    2 caili; C:\Windows\System32\sysaudio.dll [x]​
    2 cqcpu; C:\Windows\System32\splitter.dll [x]​
    2 cqmgstor; C:\Windows\System32\RAPIProtocol.dll [x]​
    2 curtainssyssvc; C:\Windows\System32\pdlnemsg.dll [x]​
    2 dmisrv; C:\Windows\System32\i8042prt.dll [x]​
    2 DniVad; C:\Windows\System32\c-dillasrv.dll [x]​
    2 F700isw; C:\Windows\System32\AppnApi.dll [x]​
    2 fingrd32; C:\Windows\System32\elotouchscreen.dll [x]​
    2 FireHook; C:\Windows\System32\dktknsrv.dll [x]​
    2 GcKernel; C:\Windows\System32\ilicensesvc.dll [x]​
    2 genmcmn; C:\Windows\System32\FA312.dll [x]​
    2 gtndis5; C:\Windows\System32\tosrfcom.dll [x]​
    2 hdthermal; C:\Windows\System32\rslinx.dll [x]​
    2 hnmsvc; C:\Windows\System32\EL2000.dll [x]​
    2 id2scaps; C:\Windows\System32\vetmsgnt.dll [x]​
    2 iwebmsg; C:\Windows\System32\pdlnatdl.dll [x]​
    2 lwwlicenseservice; C:\Windows\System32\tme3srv.dll [x]​
    2 maxbackserviceint; C:\Windows\System32\dimension4.dll [x]​
    2 mcmispupdmgr; C:\Windows\System32\personalsecuredriveservice.dll [x]​
    2 mdvrmng; C:\Windows\System32\pxfhbus.dll [x]​
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]​
    2 nalntservice; C:\Windows\System32\scramby.dll [x]​
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]​
    2 nod32krn; C:\Windows\System32\eloggersvc6.dll [x]​
    2 NVNET; C:\Windows\System32\ptserial.dll [x]​
    2 NxSysMon; C:\Windows\System32\monfilt.dll [x]​
    2 OEM02Dev; C:\Windows\System32\dot4print.dll [x]​
    2 olregcap; C:\Windows\System32\sonypvu1.dll [x]​
    2 PAC7302; C:\Windows\System32\sprtsvc_ddoctorv2.dll [x]​
    2 PD0620VID; C:\Windows\System32\Epfwndis.dll [x]​
    2 qcdonner; C:\Windows\System32\SE2Emdm.dll [x]​
    2 roxwatch; C:\Windows\System32\LUsbFilt.dll [x]​
    2 s7otranx; C:\Windows\System32\rt2870.dll [x]​
    2 SaiH040B; C:\Windows\System32\IntelC53.dll [x]​
    2 se44unic; C:\Windows\System32\WmiAcpi.dll [x]​
    2 sfilter; C:\Windows\System32\jobserver_report.dll [x]​
    2 SiRemFil; C:\Windows\System32\MA_CMIDI.dll [x]​
    2 Sk9920nt; C:\Windows\System32\DCamUSBEMPIA.dll [x]​
    2 Slntamr; C:\Windows\System32\vproeventmonitor.dll [x]​
    2 Sntnlusb; C:\Windows\System32\msfs.dll [x]​
    2 spcsutilityservice; C:\Windows\System32\aawservice.dll [x]​
    2 SRTSPL; C:\Windows\System32\hSONYPVh.dll [x]​
    2 suservice; C:\Windows\System32\X10UIF.dll [x]​
    2 swmidi; C:\Windows\System32\ZSMC211.dll [x]​
    2 symtdi; C:\Windows\System32\lxrsge10s.dll [x]​
    2 tosrfbnp; C:\Windows\System32\askernel.dll [x]​
    2 transcode360; C:\Windows\System32\tosrfbnp.dll [x]​
    2 trioservice; C:\Windows\System32\toddsrv.dll [x]​
    2 USBCCID; C:\Windows\System32\Intels51.dll [x]​
    2 usbmate; C:\Windows\System32\pavagente.dll [x]​
    2 vetmsgnt; C:\Windows\System32\se59mdfl.dll [x]​
    2 Via4in1; C:\Windows\System32\tdcmdpst.dll [x]​
    2 zBackupAssistService; C:\Windows\System32\XTrapD12.dll [x]​
    ==================== Drivers (Whitelisted) ====================​
    2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)​
    3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2010-09-17] (LogMeIn, Inc.)​
    2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)​
    3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [74648 2008-09-29] (McAfee, Inc.)​
    3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [90360 2008-09-29] (McAfee, Inc.)​
    3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [42424 2008-09-29] (McAfee, Inc.)​
    0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [340592 2008-09-29] (McAfee, Inc.)​
    3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [64432 2008-09-29] (McAfee, Inc.)​
    1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [62704 2008-09-29] (McAfee, Inc.)​
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)​
    2 mysql; C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql [9584 2012-04-08] ()​
    3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2006-09-26] (Syntek America Inc.)​
    3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-08-01] (Syntek America Inc.)​
    4 LMIRfsClientNP; [x]​
    3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]​
    3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]​
    1 saeawbby; \??\C:\Windows\system32\drivers\saeawbby.sys [x]​
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]​
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]​
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]​
    ==================== NetSvcs (Whitelisted) ===================​
    NETSVC: SiRemFil -> C:\Windows\system32\MA_CMIDI.dll ==> No File.​
    NETSVC: Slntamr -> C:\Windows\system32\vproeventmonitor.dll ==> No File.​
    NETSVC: relational -> No Registry Path.​
    NETSVC: tsmservice -> No Registry Path.​
    NETSVC: ASUSVRC -> No Registry Path.​
    NETSVC: incdrec -> No Registry Path.​
    NETSVC: XUIF -> No Registry Path.​
    NETSVC: sbiesvc -> No Registry Path.​
    NETSVC: emu10k -> No Registry Path.​
    NETSVC: wintabservice -> No Registry Path.​
    NETSVC: C-Dilla -> No Registry Path.​
    NETSVC: slpmonx -> No Registry Path.​
    NETSVC: netrcacm -> No Registry Path.​
    NETSVC: pinnaclesys.mediaserver -> No Registry Path.​
    NETSVC: utilman -> No Registry Path.​
    NETSVC: pageserver -> No Registry Path.​
    NETSVC: pnrouter -> No Registry Path.​
    NETSVC: WISTechVIDCAP -> No Registry Path.​
    NETSVC: ipinip -> No Registry Path.​
    NETSVC: DC21x4 -> No Registry Path.​
    NETSVC: USRpdA -> No Registry Path.​
    NETSVC: milshieldcleaner -> No Registry Path.​
    NETSVC: XBCD -> No Registry Path.​
    NETSVC: dlaboiom -> No Registry Path.​
    NETSVC: agnfilt -> No Registry Path.​
    NETSVC: lightscribeservice -> No Registry Path.​
    NETSVC: zebrmdmc -> No Registry Path.​
    NETSVC: TMKEmu -> No Registry Path.​
    NETSVC: nhcDriverDevice -> No Registry Path.​
    NETSVC: clr_optimization_v2.0.50215_32 -> No Registry Path.​
    NETSVC: alertservice -> No Registry Path.​
    NETSVC: mssql$microsoftsmlbiz -> No Registry Path.​
    NETSVC: CAM1210 -> No Registry Path.​
    NETSVC: DMUSBUSBDCam -> No Registry Path.​
    NETSVC: W700mdm -> No Registry Path.​
    NETSVC: tosrfec -> No Registry Path.​
    NETSVC: A88xXBar -> No Registry Path.​
    NETSVC: atimpab -> No Registry Path.​
    NETSVC: PD0620VID -> C:\Windows\system32\Epfwndis.dll ==> No File.​
    NETSVC: QV2KUX -> No Registry Path.​
    NETSVC: ms_mpu401 -> No Registry Path.​
    NETSVC: edspport -> No Registry Path.​
    NETSVC: DCamUSBEMPIA -> No Registry Path.​
    NETSVC: lxrsge10s -> No Registry Path.​
    NETSVC: cpqdmi -> No Registry Path.​
    NETSVC: adaptecstoragemanageragent -> No Registry Path.​
    NETSVC: toscosrv -> No Registry Path.​
    NETSVC: U81xmgmt -> No Registry Path.​
    NETSVC: winachsf -> No Registry Path.​
    NETSVC: HSXHWBS2 -> No Registry Path.​
    NETSVC: IJPLMSVC -> No Registry Path.​
    NETSVC: NICSer_WPC54G -> No Registry Path.​
    NETSVC: bc_tdi_f -> No Registry Path.​
    NETSVC: abp480n5 -> No Registry Path.​
    NETSVC: clnt_clientman -> No Registry Path.​
    NETSVC: maxbackserviceint -> C:\Windows\system32\dimension4.dll ==> No File.​
    NETSVC: sysaidagent -> No Registry Path.​
    NETSVC: GameConsoleService -> No Registry Path.​
    NETSVC: ICAM5USB -> No Registry Path.​
    NETSVC: SE27mdm -> No Registry Path.​
    NETSVC: avinitnt -> No Registry Path.​
    NETSVC: fgdxbus -> No Registry Path.​
    NETSVC: CYGF32X -> No Registry Path.​
    NETSVC: mssql$sony_mediamgr -> No Registry Path.​
    NETSVC: iaimtv2 -> No Registry Path.​
    NETSVC: aeaudio -> C:\Windows\system32\a016mdm.dll ==> No File.​
    NETSVC: wfxsvc -> No Registry Path.​
    NETSVC: Shockprf -> No Registry Path.​
    NETSVC: pxfhmdfl -> No Registry Path.​
    NETSVC: Wuser32 -> No Registry Path.​
    NETSVC: sbcssvc -> No Registry Path.​
    NETSVC: SE2Cbus -> No Registry Path.​
    NETSVC: viagfx -> No Registry Path.​
    NETSVC: vcsw -> No Registry Path.​
    NETSVC: mpservice -> No Registry Path.​
    NETSVC: avc -> No Registry Path.​
    NETSVC: ossrv -> No Registry Path.​
    NETSVC: pae_1394 -> No Registry Path.​
    NETSVC: idrivert -> No Registry Path.​
    NETSVC: nmservice -> No Registry Path.​
    NETSVC: trayman -> No Registry Path.​
    NETSVC: itmrtsvc -> No Registry Path.​
    NETSVC: hpqwmiex -> No Registry Path.​
    NETSVC: ipsecmon -> No Registry Path.​
    NETSVC: w810mdm -> No Registry Path.​
    NETSVC: pid_0928 -> No Registry Path.​
    NETSVC: roxupnpserver -> No Registry Path.​
    NETSVC: se45mdfl -> No Registry Path.​
    NETSVC: tpkd -> No Registry Path.​
    NETSVC: sym_u3 -> No Registry Path.​
    NETSVC: SE2Cmdfl -> No Registry Path.​
    NETSVC: GoToAssist -> No Registry Path.​
    NETSVC: PAR1284 -> No Registry Path.​
    NETSVC: mctskshd.exe -> No Registry Path.​
    NETSVC: rt2500 -> No Registry Path.​
    NETSVC: point32 -> No Registry Path.​
    NETSVC: oracle_load_balancer_60_server-forms6ip14 -> No Registry Path.​
    NETSVC: hotspotshieldservice -> No Registry Path.​
    NETSVC: asp.net_1.1.4322 -> No Registry Path.​
    NETSVC: caboagp -> No Registry Path.​
    NETSVC: GVCplDrv -> No Registry Path.​
    NETSVC: NvNdis -> No Registry Path.​
    NETSVC: firesvc -> No Registry Path.​
    NETSVC: sqlagent$sony_mediamgr -> No Registry Path.​
    NETSVC: USB_NDIS_51 -> No Registry Path.​
    NETSVC: PNDIS5 -> No Registry Path.​
    NETSVC: hpqddsvc -> No Registry Path.​
    NETSVC: iwebcal -> No Registry Path.​
    NETSVC: oracleorahometnslistener -> No Registry Path.​
    NETSVC: pdlnemap -> No Registry Path.​
    NETSVC: genregistrar -> No Registry Path.​
    NETSVC: fasttx2k -> No Registry Path.​
    NETSVC: wanminiportservice -> No Registry Path.​
    NETSVC: savrtpel -> No Registry Path.​
    NETSVC: w810mdfl -> No Registry Path.​
    NETSVC: ctxcpusched -> No Registry Path.​
    NETSVC: AEAudioService -> No Registry Path.​
    NETSVC: driverhardwarev2 -> No Registry Path.​
    NETSVC: s217unic -> No Registry Path.​
    NETSVC: Evian -> No Registry Path.​
    NETSVC: BCMModem -> No Registry Path.​
    NETSVC: WinDriver6 -> No Registry Path.​
    NETSVC: asc3550 -> No Registry Path.​
    NETSVC: w200mgmt -> No Registry Path.​
    NETSVC: PSDNServ -> No Registry Path.​
    NETSVC: rksample -> No Registry Path.​
    NETSVC: yukonwxp -> No Registry Path.​
    NETSVC: minilog -> No Registry Path.​
    NETSVC: belgium_id_card_service -> No Registry Path.​
    NETSVC: dirms_defragmentation -> No Registry Path.​
    NETSVC: zendcoreapache -> No Registry Path.​
    NETSVC: wdelmgr20 -> No Registry Path.​
    NETSVC: rwbackupsrv -> No Registry Path.​
    NETSVC: TNaviSrv -> No Registry Path.​
    NETSVC: ami0nt -> No Registry Path.​
    NETSVC: NWSNS -> No Registry Path.​
    NETSVC: p1131vid -> No Registry Path.​
    NETSVC: vcommmgr -> No Registry Path.​
    NETSVC: e1000 -> No Registry Path.​
    NETSVC: s3psddr -> No Registry Path.​
    NETSVC: nHancer -> No Registry Path.​
    NETSVC: SimpTcp -> No Registry Path.​
    NETSVC: aaksrv -> No Registry Path.​
    NETSVC: MRENDIS5 -> No Registry Path.​
    NETSVC: p17xfilt -> No Registry Path.​
    NETSVC: OEM02Dev -> C:\Windows\system32\dot4print.dll ==> No File.​
    NETSVC: blueletaudio -> No Registry Path.​
    NETSVC: bb-run -> No Registry Path.​
    NETSVC: vpcnfltr -> No Registry Path.​
    NETSVC: samfilt -> No Registry Path.​
    NETSVC: suservice -> C:\Windows\system32\X10UIF.dll ==> No File.​
    NETSVC: NETw5x32 -> No Registry Path.​
    NETSVC: oraclemtsrecoveryservice -> No Registry Path.​
    NETSVC: w800obex -> No Registry Path.​
    NETSVC: logonsvcid -> No Registry Path.​
    NETSVC: pduip6000dmemcrdmgr -> No Registry Path.​
    NETSVC: vmsprog -> No Registry Path.​
    NETSVC: db2licd -> No Registry Path.​
    NETSVC: PQNTDrv -> No Registry Path.​
    NETSVC: BRGSp50 -> No Registry Path.​
    NETSVC: itchfltr -> No Registry Path.​
    NETSVC: CoachVc -> No Registry Path.​
    NETSVC: tvtfilter -> No Registry Path.​
    NETSVC: risdptsk -> No Registry Path.​
    NETSVC: tosrfsnd -> No Registry Path.​
    NETSVC: SunkFilt -> No Registry Path.​
    NETSVC: DLARTL_M -> No Registry Path.​
    NETSVC: btwmodem -> No Registry Path.​
    NETSVC: ADIDTSFiltService -> No Registry Path.​
    NETSVC: pivot -> No Registry Path.​
    NETSVC: rkhdrv31 -> No Registry Path.​
    NETSVC: deltafw -> No Registry Path.​
    NETSVC: TMMEmu -> No Registry Path.​
    NETSVC: NtMtlFax -> No Registry Path.​
    NETSVC: sysaudio -> No Registry Path.​
    NETSVC: UlSata -> No Registry Path.​
    NETSVC: JGOGO -> No Registry Path.​
    NETSVC: dbmanagerscheduler -> No Registry Path.​
    NETSVC: pdlndqll -> No Registry Path.​
    NETSVC: elbydelay -> No Registry Path.​
    NETSVC: wmccdsls -> No Registry Path.​
    NETSVC: apfiltrservice -> No Registry Path.​
    NETSVC: vnxservice -> No Registry Path.​
    NETSVC: cachemanxp -> No Registry Path.​
    NETSVC: zebrmdm -> No Registry Path.​
    NETSVC: CADlink -> No Registry Path.​
    NETSVC: SGIR -> No Registry Path.​
    NETSVC: MA8032C -> No Registry Path.​
    NETSVC: rbfilter -> No Registry Path.​
    NETSVC: pmem -> No Registry Path.​
    NETSVC: agpcpq -> No Registry Path.​
    NETSVC: yats32 -> No Registry Path.​
    NETSVC: DcLps -> No Registry Path.​
    NETSVC: s7oppitx -> No Registry Path.​
    NETSVC: se2Dnd5 -> No Registry Path.​
    NETSVC: SiS300i -> No Registry Path.​
    NETSVC: EKECioCtl -> No Registry Path.​
    NETSVC: admjoy -> No Registry Path.​
    NETSVC: CAMCAUD -> No Registry Path.​
    NETSVC: CTEDSPFX.DLL -> No Registry Path.​
    NETSVC: z800mdm -> No Registry Path.​
    NETSVC: SaiH040B -> C:\Windows\system32\IntelC53.dll ==> No File.​
    NETSVC: DniVad -> C:\Windows\system32\c-dillasrv.dll ==> No File.​
    ==================== One Month Created Files and Folders ========​
    2012-09-22 07:12 - 2012-09-22 07:12 - 00000000 ____D C:\FRST​
    2012-09-22 05:54 - 2012-09-22 05:54 - 00001901 ____A C:\Users\ayee\Documents\frst notes.txt​
    2012-09-22 05:50 - 2012-09-22 05:50 - 00904282 ____A (Farbar) C:\Users\ayee\Documents\FRST.exe​
    2012-09-22 05:23 - 2012-09-22 05:23 - 00190479 ____A C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip​
    2012-09-21 21:09 - 2012-09-21 21:09 - 00001519 ____A C:\Users\ayee\Documents\check permissions.txt​
    2012-09-21 20:16 - 2012-09-21 20:17 - 199468312 ____A C:\Users\ayee\Documents\eusing_2012_09_21.reg​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\ayee\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 19:44 - 2012-09-21 19:45 - 00000000 ____D C:\Program Files\Microsoft Security Client​
    2012-09-21 19:25 - 2012-09-21 19:27 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1​
    2012-09-21 19:15 - 2009-07-13 15:45 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys​
    2012-09-20 19:34 - 2012-09-21 20:46 - 00000000 ____D C:\Program Files\Eusing Free Registry Cleaner​
    2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\ayee\AppData\Roaming\PCPro​
    2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\ayee\AppData\Roaming\PC Cleaners​
    2012-09-20 19:01 - 2012-09-20 19:01 - 00000000 ____D C:\Users\All Users\PC1Data​
    2012-09-19 18:36 - 2012-09-19 18:36 - 00000000 ____D C:\Windows\System32\appmgmt​
    2012-09-19 17:49 - 2012-09-20 18:34 - 46596096 ____A C:\Windows\System32\config\SOFTWARE.iobit​
    2012-09-19 17:49 - 2012-09-20 18:34 - 36536320 ____A C:\Windows\System32\config\SYSTEM.iobit​
    2012-09-19 17:49 - 2012-09-20 18:34 - 01769472 ____A C:\Windows\System32\config\DEFAULT.iobit​
    2012-09-19 17:49 - 2012-09-20 18:34 - 00032768 ____A C:\Windows\System32\config\SAM.iobit​
    2012-09-19 17:49 - 2012-09-20 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit​
    2012-09-19 03:58 - 2012-09-19 04:19 - 78545304 ____A (Apple Inc.) C:\Users\ayee\Documents\iTunesSetup.exe​
    2012-09-18 20:19 - 2012-09-18 20:19 - 00000000 ____D C:\Users\ayee\Documents\Iphone 3gs 5.1​
    2012-09-18 20:13 - 2012-09-18 20:14 - 00000000 ____D C:\Users\ayee\Documents\Iphone 3gs 5.1.1​
    2012-09-15 21:19 - 2012-09-15 21:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk​
    2012-09-15 19:19 - 2012-09-15 19:19 - 00000077 ____A C:\Users\ayee\Documents\mcupdate.exec-ordinal not found.txt​
    2012-09-15 16:47 - 2012-09-22 06:02 - 00001456 ____A C:\Windows\setupact.log​
    2012-09-15 16:47 - 2012-09-17 20:47 - 00205694 ____A C:\Windows\PFRO.log​
    2012-09-15 16:47 - 2012-09-15 16:47 - 00000000 ____A C:\Windows\setuperr.log​
    2012-09-15 15:40 - 2012-07-23 14:59 - 00022400 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe​
    2012-09-15 12:47 - 2012-09-21 18:28 - 00000000 ____D C:\Users\ayee\AppData\Roaming\IObit​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whqvndhd.sys​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00001230 ____A C:\Users\Public\Desktop\Uninstaller.lnk​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00001179 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00000000 ____D C:\Users\All Users\IObit​
    2012-09-15 12:43 - 2012-09-15 12:43 - 00000000 ____D C:\Program Files\IObit​
    2012-09-15 12:06 - 2012-09-21 19:27 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk​
    2012-09-15 12:05 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys​
    2012-09-15 12:03 - 2012-09-21 19:25 - 00000000 ____D C:\Program Files\iTunes​
    2012-09-15 12:03 - 2012-09-21 19:25 - 00000000 ____D C:\Program Files\iPod​
    2012-09-15 11:50 - 2012-09-21 19:45 - 00001945 ____A C:\Windows\epplauncher.mif​
    2012-09-15 11:50 - 2012-09-15 11:50 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk​
    2012-09-15 11:49 - 2012-09-21 18:34 - 00000000 ____D C:\Program Files\QuickTime​
    2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____D C:\Users\ayee\AppData\Roaming\Opera​
    2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____D C:\Users\ayee\AppData\Local\Opera​
    2012-09-15 08:30 - 2012-09-15 08:31 - 00000000 ____D C:\Program Files\Opera​
    2012-09-15 08:30 - 2012-09-15 08:30 - 00001775 ____A C:\Users\Public\Desktop\Opera.lnk​
    2012-09-12 18:08 - 2012-09-12 19:21 - 00005586 ____A C:\Users\ayee\Documents\startup bad dlls.txt​
    2012-09-11 20:42 - 2012-09-11 20:42 - 198359374 ____A C:\Users\ayee\Documents\BACKUP.REG​
    2012-09-09 12:52 - 2012-09-09 12:52 - 16144455 ____A (Rockers Team) C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe​
    2012-09-02 14:27 - 2012-09-02 14:27 - 00000000 ____D C:\Users\ayee\Documents\Redsn0w0.9.14b2​
    2012-09-01 13:00 - 2012-09-01 13:00 - 00120044 ____A C:\Users\ayee\Documents\blued-gui.rar​
    2012-08-26 12:42 - 2012-08-26 12:42 - 365230920 ____A (Microsoft Corporation) C:\Users\ayee\Documents\Windows6.0-KB948465-X86_vista_sp2.exe​
    ==================== 3 Months Modified Files ==================​
    2012-09-22 06:07 - 2009-07-13 20:34 - 00016448 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0​
    2012-09-22 06:07 - 2009-07-13 20:34 - 00016448 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0​
    2012-09-22 06:04 - 2010-11-22 20:53 - 02027749 ____A C:\Windows\WindowsUpdate.log​
    2012-09-22 06:03 - 2010-12-31 16:06 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job​
    2012-09-22 06:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT​
    2012-09-22 06:02 - 2012-09-15 16:47 - 00001456 ____A C:\Windows\setupact.log​
    2012-09-22 05:54 - 2012-09-22 05:54 - 00001901 ____A C:\Users\ayee\Documents\frst notes.txt​
    2012-09-22 05:50 - 2012-09-22 05:50 - 00904282 ____A (Farbar) C:\Users\ayee\Documents\FRST.exe​
    2012-09-22 05:23 - 2012-09-22 05:23 - 00190479 ____A C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip​
    2012-09-22 05:20 - 2010-12-31 16:06 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job​
    2012-09-21 21:09 - 2012-09-21 21:09 - 00001519 ____A C:\Users\ayee\Documents\check permissions.txt​
    2012-09-21 21:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At47.job​
    2012-09-21 20:17 - 2012-09-21 20:16 - 199468312 ____A C:\Users\ayee\Documents\eusing_2012_09_21.reg​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\LogMeInRemoteUser\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\Guest\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 20:15 - 2012-09-21 20:15 - 00001023 ____A C:\Users\ayee\Desktop\Eusing Free Registry Cleaner.lnk​
    2012-09-21 20:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At46.job​
    2012-09-21 19:45 - 2012-09-15 11:50 - 00001945 ____A C:\Windows\epplauncher.mif​
    2012-09-21 19:44 - 2010-11-22 21:09 - 00005348 ____A C:\Windows\System32\PerfStringBackup.INI​
    2012-09-21 19:27 - 2012-09-15 12:06 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk​
    2012-09-21 19:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At45.job​
    2012-09-21 18:12 - 2011-05-20 10:35 - 00063369 ____A C:\Users\ayee\Documents\news.zip​
    2012-09-21 18:10 - 2011-05-20 08:07 - 00139151 ____A C:\Users\ayee\Documents\news.txt​
    2012-09-21 17:58 - 2011-12-15 06:46 - 00015439 ____A C:\Users\ayee\Documents\short.txt​
    2012-09-20 18:34 - 2012-09-19 17:49 - 46596096 ____A C:\Windows\System32\config\SOFTWARE.iobit​
    2012-09-20 18:34 - 2012-09-19 17:49 - 36536320 ____A C:\Windows\System32\config\SYSTEM.iobit​
    2012-09-20 18:34 - 2012-09-19 17:49 - 01769472 ____A C:\Windows\System32\config\DEFAULT.iobit​
    2012-09-20 18:34 - 2012-09-19 17:49 - 00032768 ____A C:\Windows\System32\config\SAM.iobit​
    2012-09-20 18:34 - 2012-09-19 17:49 - 00028672 ____A C:\Windows\System32\config\SECURITY.iobit​
    2012-09-19 04:19 - 2012-09-19 03:58 - 78545304 ____A (Apple Inc.) C:\Users\ayee\Documents\iTunesSetup.exe​
    2012-09-19 04:00 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At30.job​
    2012-09-18 20:23 - 2012-03-05 10:00 - 00323072 __ASH C:\Users\ayee\Documents\Thumbs.db​
    2012-09-17 20:47 - 2012-09-15 16:47 - 00205694 ____A C:\Windows\PFRO.log​
    2012-09-16 15:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At41.job​
    2012-09-16 14:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At40.job​
    2012-09-16 13:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At39.job​
    2012-09-16 12:08 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At38.job​
    2012-09-16 11:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At37.job​
    2012-09-16 10:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At36.job​
    2012-09-16 09:05 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At35.job​
    2012-09-16 08:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At34.job​
    2012-09-16 07:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At33.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At32.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At31.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At29.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At28.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At27.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At26.job​
    2012-09-16 06:42 - 2012-04-12 05:15 - 00000342 ____A C:\Windows\Tasks\At25.job​
    2012-09-15 22:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At48.job​
    2012-09-15 21:19 - 2012-09-15 21:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk​
    2012-09-15 19:19 - 2012-09-15 19:19 - 00000077 ____A C:\Users\ayee\Documents\mcupdate.exec-ordinal not found.txt​
    2012-09-15 18:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At44.job​
    2012-09-15 17:00 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At43.job​
    2012-09-15 16:47 - 2012-09-15 16:47 - 00000000 ____A C:\Windows\setuperr.log​
    2012-09-15 16:01 - 2012-04-12 05:16 - 00000342 ____A C:\Windows\Tasks\At42.job​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\whqvndhd.sys​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00001230 ____A C:\Users\Public\Desktop\Uninstaller.lnk​
    2012-09-15 12:47 - 2012-09-15 12:47 - 00001179 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk​
    2012-09-15 11:50 - 2012-09-15 11:50 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk​
    2012-09-15 08:30 - 2012-09-15 08:30 - 00001775 ____A C:\Users\Public\Desktop\Opera.lnk​
    2012-09-12 19:21 - 2012-09-12 18:08 - 00005586 ____A C:\Users\ayee\Documents\startup bad dlls.txt​
    2012-09-11 20:58 - 2011-02-08 19:50 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll​
    2012-09-11 20:58 - 2011-02-08 19:50 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll​
    2012-09-11 20:58 - 2011-02-08 19:50 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll​
    2012-09-11 20:42 - 2012-09-11 20:42 - 198359374 ____A C:\Users\ayee\Documents\BACKUP.REG​
    2012-09-09 12:52 - 2012-09-09 12:52 - 16144455 ____A (Rockers Team) C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe​
    2012-09-07 16:04 - 2010-11-22 21:29 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys​
    2012-09-01 13:00 - 2012-09-01 13:00 - 00120044 ____A C:\Users\ayee\Documents\blued-gui.rar​
    2012-08-26 12:42 - 2012-08-26 12:42 - 365230920 ____A (Microsoft Corporation) C:\Users\ayee\Documents\Windows6.0-KB948465-X86_vista_sp2.exe​
    2012-08-21 12:01 - 2012-09-15 12:05 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys​
    2012-08-21 12:01 - 2010-11-23 19:49 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll​
    2012-08-19 12:35 - 2012-08-19 12:35 - 05034606 ____A C:\Users\ayee\Documents\com.pragmatixconsulting.packagebackup_4.3.12_iphoneos-arm_fabius.deb​
    2012-08-18 19:56 - 2012-08-18 19:55 - 00065495 ____A C:\Users\ayee\Documents\resume etc.zip​
    2012-08-12 14:28 - 2012-08-12 14:28 - 00001301 ____A C:\Users\ayee\Documents\new old bootrom.txt​
    2012-08-12 09:57 - 2012-08-12 09:56 - 711494134 ____A C:\Users\ayee\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206_oldbootrom.ipsw​
    2012-08-12 09:30 - 2012-08-12 09:30 - 711381881 ____A C:\Users\ayee\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206_new_bootrom.ipsw​
    2012-08-04 12:32 - 2012-05-20 12:56 - 3047718912 ____A C:\Users\ayee\Downloads\Windows Vista Business__Dell OEM.iso​
    2012-07-23 14:59 - 2012-09-15 15:40 - 00022400 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe​
    2012-07-07 09:01 - 2012-04-01 20:58 - 00020992 ____A C:\Users\ayee\Documents\Calc Return.xls​
    ZeroAccess:​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L\00000004.@​
    C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L\201d3dde​
    ZeroAccess:​
    C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}​
    C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@​
    C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\L​
    C:\Windows\System32\config\systemprofile\AppData\Local\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U​
    ==================== Known DLLs (Whitelisted) =================​
    ==================== Bamital & volsnap Check =================​
    C:\Windows\explorer.exe => MD5 is legit​
    C:\Windows\System32\winlogon.exe => MD5 is legit​
    C:\Windows\System32\wininit.exe => MD5 is legit​
    C:\Windows\System32\svchost.exe => MD5 is legit​
    C:\Windows\System32\services.exe => MD5 is legit​
    C:\Windows\System32\User32.dll => MD5 is legit​
    C:\Windows\System32\userinit.exe => MD5 is legit​
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit​
    ==================== EXE ASSOCIATION =====================​
    HKLM\...\.exe: exefile => OK​
    HKLM\...\exefile\DefaultIcon: %1 => OK​
    HKLM\...\exefile\open\command: "%1" %* => OK​
    ==================== Restore Points =========================​
    Restore point made on: 2012-09-15 11:51:52​
    Restore point made on: 2012-09-15 11:55:40​
    Restore point made on: 2012-09-19 04:27:32​
    Restore point made on: 2012-09-19 18:33:41​
    Restore point made on: 2012-09-19 18:36:43​
    Restore point made on: 2012-09-19 18:39:42​
    Restore point made on: 2012-09-19 18:41:55​
    Restore point made on: 2012-09-20 18:19:45​
    Restore point made on: 2012-09-20 18:21:23​
    Restore point made on: 2012-09-20 18:22:12​
    Restore point made on: 2012-09-20 18:23:22​
    Restore point made on: 2012-09-20 18:24:11​
    Restore point made on: 2012-09-20 19:53:50​
    Restore point made on: 2012-09-20 20:35:48​
    Restore point made on: 2012-09-20 20:50:04​
    Restore point made on: 2012-09-20 20:55:30​
    Restore point made on: 2012-09-20 20:56:36​
    Restore point made on: 2012-09-20 20:57:10​
    Restore point made on: 2012-09-20 20:57:46​
    Restore point made on: 2012-09-21 17:27:27​
    Restore point made on: 2012-09-21 17:37:26​
    Restore point made on: 2012-09-21 17:37:49​
    Restore point made on: 2012-09-21 17:40:59​
    Restore point made on: 2012-09-21 17:43:45​
    Restore point made on: 2012-09-21 17:45:02​
    Restore point made on: 2012-09-21 18:23:20​
    ==================== Memory info ===========================​
    Percentage of memory in use: 16%​
    Total physical RAM: 3062.44 MB​
    Available physical RAM: 2563.54 MB​
    Total Pagefile: 3060.72 MB​
    Available Pagefile: 2573.64 MB​
    Total Virtual: 2047.88 MB​
    Available Virtual: 1968.7 MB​
    ==================== Partitions =============================​
    1 Drive c: () (Fixed) (Total:232.79 GB) (Free:141.05 GB) NTFS​
    3 Drive f: () (Removable) (Total:3.73 GB) (Free:1.43 GB) NTFS​
    4 Drive g: () (Removable) (Total:0.94 GB) (Free:0.02 GB) FAT​
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS​
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]​
    Disk ### Status Size Free Dyn Gpt​
    -------- ------------- ------- ------- --- ---​
    Disk 0 Online 232 GB 0 B​
    Disk 1 Online 3822 MB 0 B​
    Disk 2 Online 967 MB 0 B​
    Partitions of Disk 0:​
    ===============​
    Partition ### Type Size Offset​
    ------------- ---------------- ------- -------​
    Partition 1 Primary 100 MB 1024 KB​
    Partition 2 Primary 232 GB 101 MB​
    =========================================================​
    Disk: 0​
    Partition 1​
    Type : 07​
    Hidden: No​
    Active: Yes​
    Volume ### Ltr Label Fs Type Size Status Info​
    ---------- --- ----------- ----- ---------- ------- --------- --------​
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy​
    =========================================================​
    Disk: 0​
    Partition 2​
    Type : 07​
    Hidden: No​
    Active: No​
    Volume ### Ltr Label Fs Type Size Status Info​
    ---------- --- ----------- ----- ---------- ------- --------- --------​
    * Volume 2 C NTFS Partition 232 GB Healthy​
    =========================================================​
    Partitions of Disk 1:​
    ===============​
    Partition ### Type Size Offset​
    ------------- ---------------- ------- -------​
    Partition 1 Primary 3818 MB 4032 KB​
    =========================================================​
    Disk: 1​
    Partition 1​
    Type : 07​
    Hidden: No​
    Active: Yes​
    Volume ### Ltr Label Fs Type Size Status Info​
    ---------- --- ----------- ----- ---------- ------- --------- --------​
    * Volume 3 F NTFS Removable 3818 MB Healthy​
    =========================================================​
    Partitions of Disk 2:​
    ===============​
    Partition ### Type Size Offset​
    ------------- ---------------- ------- -------​
    Partition 1 Primary 967 MB 16 KB​
    =========================================================​
    Disk: 2​
    Partition 1​
    Type : 06​
    Hidden: No​
    Active: Yes​
    Volume ### Ltr Label Fs Type Size Status​
    ---------- --- ----------- ----- ---------- ------- --------- --------​
    * Volume 4 G FAT Removable 967 MB Healthy​
    =========================================================​
    Last Boot: 2012-09-16 11:52​
    ==================== End Of Log ============================​
    search.txt​
    ---------------​
    Farbar Recovery Scan Tool (x86) Version: 22-09-2012​
    Ran by SYSTEM at 2012-09-22 07:16:39​
    Running from G:\​
    ================== Search: "services.exe" ===================​
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe​
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6​
    C:\Windows\System32\services.exe​
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6​
    === End Of Search ===​
    -​
     
  4. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     

    Attached Files:

  5. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Broni,
    here is 1/3 of logs>Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.22.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    ayee :: AYEE-PC [administrator]

    9/22/2012 10:42:11 AM
    mbam-log-2012-09-22 (10-42-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238145
    Time elapsed: 25 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------
    gmer -
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-22 11:16:35
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2250BH rev.0000000B
    Running: gmer.exe; Driver: C:\Users\ayee\AppData\Local\Temp\kxldrpow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8CC5409A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CC53FF8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CC5400C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CC54022]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8CC5405E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8CC540AE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CC54086]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CC54072]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CC5404A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CC54036]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CC53FE4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
    -------------------------------------------------------------
    dds -
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Run by ayee at 11:19:52 on 2012-09-22
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1648 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\AppServ\Apache2.2\bin\httpd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\AppServ\Apache2.2\bin\httpd.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\AppServ\MySQL\bin\mysqld.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\StkASv2K.exe
    C:\Program Files\AirPrint\airprint.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Opera\opera.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\explorer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\ayee\Desktop\gmer.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
    mRun: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
    mRun: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
    mRun: [NeroCheck] EROCHECK.EXE
    mRun: [McAfeeUpdaterUI] KEY
    mRun: [ShStatEXE] E
    mRun: [AppleSyncNotifier] OTIFIER.EXE
    mRun: [GrooveMonitor] ITOR.EXE"
    mRun: [LogMeIn GUI] SYSTRAY.EXE"
    mRun: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
    mRun: [APSDaemon] .EXE"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"
    mRun: [CSESRE] DOWS\TEMP\CSESRE.DLL",LOADBITMAPRESIZE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
    StartupFolder: c:\users\ayee\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{45A86153-9909-4614-BE95-1CC5BD995AD2} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\0554544535 : DhcpNameServer = 66.7.224.17 66.7.224.18 4.2.2.3
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\2375942554238343 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\34F6C6566516C6C6569734166656 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\356405C4D275942554C4543535 : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}\4586567516272796F6276313 : DhcpNameServer = 192.168.7.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ayee\appdata\roaming\mozilla\firefox\profiles\dpqx62sf.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-connections-per-server - 6
    FF - user.js: network.http.max-persistent-connections-per-server - 3
    FF - user.js: content.max.tokenizing.time - 1500000
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 100
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-22 340592]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 MpKsl734ab8a9;MpKsl734ab8a9;c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\MpKsl734ab8a9.sys [2012-9-22 29904]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-15 913792]
    R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -r _ipp._tcp,_universal -s --> c:\program files\airprint\airprint.exe -R _ipp._tcp,_universal -s [?]
    R2 Apache2.2;Apache2.2;c:\appserv\apache2.2\bin\httpd.exe [2008-1-17 24635]
    R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374184]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-8 47640]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-22 67904]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-22 90360]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-22 42424]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 nod32krn;MA8032M;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 vetmsgnt;Sfcure01;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-22 64432]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-3 15872]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-3 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-22 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-09-22 17:27:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\MpKsl734ab8a9.sys
    2012-09-22 15:12:31 -------- d-----w- C:\FRST
    2012-09-22 04:12:08 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{983c5926-9641-404a-b15f-506df954d71a}\gapaengine.dll
    2012-09-22 04:11:24 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6cd5b4e2-e2d4-45d3-b7aa-eef0d03acaca}\mpengine.dll
    2012-09-22 03:44:46 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-22 03:25:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-22 03:15:41 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-09-21 03:34:57 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2012-09-21 03:01:33 -------- d-----w- c:\users\ayee\appdata\roaming\PC Cleaners
    2012-09-21 03:01:22 -------- d-----w- c:\users\ayee\appdata\roaming\PCPro
    2012-09-21 03:01:22 -------- d-----w- c:\programdata\PC1Data
    2012-09-20 02:36:19 -------- d-----w- c:\windows\system32\appmgmt
    2012-09-15 23:40:15 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-09-15 20:47:41 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
    2012-09-15 20:47:36 -------- d-----w- c:\programdata\IObit
    2012-09-15 20:47:23 -------- d-----w- c:\users\ayee\appdata\roaming\IObit
    2012-09-15 20:43:10 -------- d-----w- c:\program files\IObit
    2012-09-15 20:05:34 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-15 20:03:36 -------- d-----w- c:\program files\iPod
    2012-09-15 20:03:35 -------- d-----w- c:\program files\iTunes
    2012-09-15 16:31:37 -------- d-----w- c:\users\ayee\appdata\local\Opera
    .
    ==================== Find3M ====================
    .
    2012-09-12 04:58:28 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-09-12 04:58:27 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2012-09-12 04:58:23 30624 ----a-w- c:\windows\system32\LMIport.dll
    2012-09-12 04:58:22 87456 ----a-w- c:\windows\system32\LMIinit.dll
    2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    ============= FINISH: 11:25:18.64 ===============
    -------------------------------------
    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/22/2010 9:06:05 PM
    System Uptime: 9/22/2012 10:24:03 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0NF743
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 140.521 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Storage media
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_STORAGE_MEDIA&REV_0100#0F07020109746&0#
    Manufacturer: Sony
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SONY&PROD_STORAGE_MEDIA&REV_0100#0F07020109746&0#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP102: 9/15/2012 12:51:32 PM - Removed AVG 2012
    RP103: 9/15/2012 12:55:31 PM - Removed AVG 2012
    RP104: 9/19/2012 5:27:15 AM - good starting point
    RP105: 9/19/2012 7:33:23 PM - Removed iTunes
    RP106: 9/19/2012 7:36:30 PM - Removed QuickTime
    RP107: 9/19/2012 7:39:33 PM - Removed Bonjour
    RP108: 9/19/2012 7:41:48 PM - Installed iTunes
    RP109: 9/20/2012 7:19:30 PM - Removed Apple Application Support
    RP110: 9/20/2012 7:21:15 PM - Removed Apple Software Update
    RP111: 9/20/2012 7:22:04 PM - Removed Apple Mobile Device Support
    RP112: 9/20/2012 7:23:13 PM - Removed Bonjour
    RP113: 9/20/2012 7:24:04 PM - Removed iTunes
    RP114: 9/20/2012 8:53:34 PM - Installed iTunes
    RP115: 9/20/2012 9:35:22 PM - Windows Update
    RP116: 9/20/2012 9:49:56 PM - Removed iTunes
    RP117: 9/20/2012 9:55:23 PM - Removed Apple Application Support
    RP118: 9/20/2012 9:56:29 PM - Removed Bonjour
    RP119: 9/20/2012 9:57:03 PM - Removed Apple Software Update
    RP120: 9/20/2012 9:57:39 PM - Removed Apple Mobile Device Support
    RP121: 9/21/2012 6:27:06 PM - Installed iTunes
    RP123: 9/21/2012 6:37:19 PM - IObit Uninstaller restore point
    RP124: 9/21/2012 6:37:35 PM - Removed Apple Mobile Device Support
    RP125: 9/21/2012 6:40:51 PM - Removed Apple Application Support
    RP126: 9/21/2012 6:43:30 PM - Removed Apple Software Update
    RP127: 9/21/2012 6:44:55 PM - Removed Bonjour
    RP128: 9/21/2012 7:23:07 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.0
    Advanced SystemCare 5
    Ahead Nero Burning ROM
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AppServ 2.6.0 (remove only)
    Bonjour
    Dell Driver Download Manager
    DivX
    Eusing Free Registry Cleaner
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    LogMeIn
    Malwarebytes Anti-Malware version 1.65.0.1400
    McAfee Agent
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox (3.6.12)
    Opera 12.02
    QuickTime
    Safari
    ScanToPDF 4.1
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Symtrax - Telnet
    TuneUp Utilities 2008
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VH Toolkit 1.0.46.0
    VideoLAN VLC media player 0.8.6c
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/22/2012 10:29:36 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    9/22/2012 10:29:36 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    9/22/2012 10:29:33 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    9/22/2012 10:25:49 AM, Error: Service Control Manager [7023] - The Symc810 service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:47 AM, Error: Service Control Manager [7023] - The Db2ntsecserver service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: The system cannot find the file specified.
    9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The Iaimtv3 service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:46 AM, Error: Service Control Manager [7023] - The Ec2007service service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:45 AM, Error: Service Control Manager [7023] - The TUWinStylerThemeSvc service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:45 AM, Error: Service Control Manager [7023] - The Fsks service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:20 AM, Error: Service Control Manager [7023] - The Zntport service terminated with the following error: The specified module could not be found.
    9/22/2012 10:25:06 AM, Error: Service Control Manager [7023] - The Flutilssvc service terminated with the following error: The system cannot find the file specified.
    9/22/2012 10:25:06 AM, Error: Service Control Manager [7023] - The Cpqrcmc service terminated with the following error: The specified module could not be found.
    9/22/2012 10:24:53 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    9/22/2012 10:24:51 AM, Error: Service Control Manager [7023] - The U81xobex service terminated with the following error: The specified module could not be found.
    9/22/2012 10:24:40 AM, Error: Service Control Manager [7023] - The TuneUp Theme Extension service terminated with the following error: The specified procedure could not be found.
    9/22/2012 10:06:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/21/2012 9:18:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.189.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    9/21/2012 8:45:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/21/2012 8:45:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/21/2012 8:30:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/21/2012 7:46:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/21/2012 7:01:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/21/2012 7:01:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/21/2012 6:50:50 PM, Error: Service Control Manager [7003] - The AirPrint service depends the following service: Bonjour Service. This service might not be installed.
    9/21/2012 6:38:00 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2012 6:15:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/21/2012 6:15:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    9/20/2012 9:37:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
    9/20/2012 8:31:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/20/2012 7:21:02 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
    9/20/2012 6:13:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1524.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 9:00:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: ayee-PC\ayee Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/18/2012 9:00:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: ayee-PC\ayee Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/18/2012 8:59:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...:Win32/PossibleHostsFileHijack&threatid=14994 Name: SettingsModifier:Win32/PossibleHostsFileHijack ID: 14994 Severity: Medium Category: Settings Modifier Path: file:_C:\Windows\System32\drivers\etc\hosts Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1524.0, AS: 1.135.1524.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/18/2012 8:36:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:35:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:25:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:20:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
    9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin....0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-
     
  6. gordon low

    gordon low TS Member Topic Starter Posts: 17

    8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:19:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:18:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: ayee-PC\ayee Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 8:08:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 8:07:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 8:02:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    9/18/2012 7:54:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/18/2012 7:51:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    9/17/2012 9:53:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/17/2012 9:53:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/17/2012 9:53:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/17/2012 9:53:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/17/2012 9:53:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/17/2012 9:53:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/17/2012 9:53:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:07 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 9:53:06 PM, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:53:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/17/2012 9:43:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/17/2012 9:24:00 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/17/2012 8:50:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/17/2012 10:03:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/16/2012 9:41:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 9:12:36 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 8:56:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 8:42:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 8:31:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 8:14:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\shuttleengine.dll;containerfile:_C:\Windows\System32\SiS7018.dll;containerfile:_C:\Windows\System32\Sk99202k.dll;containerfile:_C:\Windows\System32\slabser.dll;containerfile:_C:\Windows\System32\smartscaps.dll;containerfile:_C:\Windows\System32\sonicwall_netextender.dll;containerfile:_C:\Windows\System32\spcstb.dll;containerfile:_C:\Windows\System32\sprtsvc_smartagent.dll;containerfile:_C:\Windows\System32\sp_rssrv.dll;containerfile:_C:\Windows\System32\SQLAgent$ABBEYIIOFFLINE.dll;containerfile:_C:\Windows\System32\ssdiagn.dll;containerfile:_C:\Windows\System32\STEC3.dll;containerfile:_C:\Windows\System32\STV672.dll;containerfile:_C:\Windows\System32\stylexpservice.dll;containerfile:_C:\Windows\System32\surveyor.dll;containerfile:_C:\Windows\System32\suservice.dll;containerfile:_C:\Windows\System32\tb2launch.dll;containerfile:_C:\Windows\System32\tbiosdrv.dll;containerfile:_C:\Windows\System32\tcpip.dll;containerfile:_C:\Windows\System32\tdrpman174.dll;containerfile:_C:\Win Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 8:14:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\shuttleengine.dll;file:_C:\Windows\System32\SiS7018.dll;file:_C:\Windows\System32\Sk99202k.dll;file:_C:\Windows\System32\slabser.dll;file:_C:\Windows\System32\smartscaps.dll;file:_C:\Windows\System32\sonicwall_netextender.dll;file:_C:\Windows\System32\spcstb.dll;file:_C:\Windows\System32\sprtsvc_smartagent.dll;file:_C:\Windows\System32\sp_rssrv.dll;file:_C:\Windows\System32\SQLAgent$ABBEYIIOFFLINE.dll;file:_C:\Windows\System32\ssdiagn.dll;file:_C:\Windows\System32\STEC3.dll;file:_C:\Windows\System32\STV672.dll;file:_C:\Windows\System32\stylexpservice.dll;file:_C:\Windows\System32\surveyor.dll;file:_C:\Windows\System32\suservice.dll;file:_C:\Windows\System32\tb2launch.dll;file:_C:\Windows\System32\tbiosdrv.dll;file:_C:\Windows\System32\tcpip.dll;file:_C:\Windows\System32\tdrpman174.dll;file:_C:\Windows\System32\tmesbs32.dll;file:_C:\Windows\System32\TMKEmu.dll;file:_C:\Windows\System32\tosrfhid.dll;file:_C:\Windows\System32\tosrfsnd.dll;file:_C:\Windows\System32\tpkmpsvc.dll;file:_C: Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 7:51:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 4:11:31 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
    9/16/2012 4:10:44 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The system cannot find the path specified.
    9/16/2012 4:09:19 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.
    9/16/2012 3:51:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 3:08:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1322.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    9/16/2012 2:59:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The system cannot find the path specified.
    9/16/2012 2:59:58 PM, Error: Service Control Manager [7000] - The Function Discovery Provider Host service failed to start due to the following error: The system cannot find the path specified.
    9/16/2012 2:14:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 12:12:40 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    9/16/2012 12:08:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 11:29:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 11:14:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 10:34:02 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\zz-services.tmp Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 10:34:02 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\system32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 10:34:01 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef!cfg&threatid=2147654414 Name: Trojan:Win32/Sirefef!cfg ID: 2147654414 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 10:34:01 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.FR&threatid=2147656060 Name: Trojan:Win32/Alureon.FR ID: 2147656060 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\afacadfbeadct.exe;regkey:_HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AFACADFBEADCT;runkey:_HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AFACADFBEADCT Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/16/2012 10:26:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 10:16:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 10:05:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/16/2012 1:01:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 9:55:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 9:34:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 9:29:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 9:29:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef&threatid=2147646306 Name: Trojan:Win32/Sirefef ID: 2147646306 Severity: Severe Category: Trojan Path: file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U\00000004.@;file:_C:\Windows\Installer\{977809e1-741e-8a84-ad21-3ce75b144dc5}\U\000000cb.@ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
     
  7. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Site wont let me past any more can I pls senundefined
     
  8. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Through mode. This may be due to low resource conditions.
    9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows\System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows\System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows\System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows\System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows\System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows\System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows\System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows\System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows\System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows\System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows\System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows\System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows\System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows\System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows\System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
     
  9. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Through mode. This may be due to low resource conditions.
    9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

    feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005

    Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass

    through mode. This may be due to low resource conditions.
    9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

    critical error when taking action on malware or other potentially unwanted software. For more information

    please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID:

    2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll

    Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time

    Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise

    \Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code:

    0x80070021 Error description: The process cannot access the file because another process has locked a

    portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0

    Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

    critical error when taking action on malware or other potentially unwanted software. For more information

    please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID:

    2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows

    \System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type:

    Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows

    \system32\services.exe Action: Clean Action Status: To see how to finish removing malware and

    other potentially unwanted software, see the support article on the Microsoft Security website.

    Error Code: 0x800704ec Error description: This program is blocked by group policy. For more

    information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS:

    1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

    critical error when taking action on malware or other potentially unwanted software. For more information

    please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID:

    2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows

    \System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows

    \System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows

    \System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows

    \System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows

    \System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows

    \System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows

    \System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows

    \System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows

    \System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows

    \System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows

    \System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection

    Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:

    \Windows\system32\services.exe Action: Quarantine Action Status: No additional actions

    required Error Code: 0x80070021 Error description: The process cannot access the file

    because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS:

    1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a

    critical error when taking action on malware or other potentially unwanted software. For more information

    please see the following: http://go.microsoft.com/fwlink/?

    linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID:

    2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows

    \System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows

    \System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows

    \System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows

    \System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows

    \System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows

    \System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
     
  10. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070102 Error description: The wait operation timed out. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 7:11:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 7:05:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070102 Error description: The wait operation timed out. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 7:02:46 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    9/15/2012 7:02:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    9/15/2012 7:02:15 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
    9/15/2012 6:55:19 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows
     
  11. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Through mode. This may be due to low resource conditions.
    9/15/2012 9:09:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 8:44:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 8:39:29 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:480 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\ftsata2.dll;containerfile:_C:\Windows\System32\GENERICDRV.dll;containerfile:_C:\Windows\System32\GTSCSER.dll;containerfile:_C:\Windows\System32\hnmsvc.dll;containerfile:_C:\Windows\System32\houdiniserver.dll;containerfile:_C:\Windows\System32\hpdskflt.dll;containerfile:_C:\Windows\System32\igateway.dll;containerfile:_C:\Windows\System32\imap4d32.dll;containerfile:_C:\Windows\System32\imonnt.dll;containerfile:_C:\Windows\System32\ivscheduler.dll;containerfile:_C:\Windows\System32\k750bus.dll;containerfile:_C:\Windows\System32\ksecdd.dll;containerfile:_C:\Windows\System32\lemsgt.dll;containerfile:_C:\Windows\System32\lhidflt2.dll;containerfile:_C:\Windows\System32\livesrv.dll;containerfile:_C:\Windows\System32\LMS.dll;containerfile:_C:\Windows\System32\lvhidsvc.dll;containerfile:_C:\Windows\System32\lxrsii1s.dll;containerfile:_C:\Windows\System32\M2500.dll;containerfile:_C:\Windows\System32\mail2ec.dll;containerfile:_C:\Windows\System32\MaRdPnp.dll;containerfile:_C:\Windows\S Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 8:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AC&threatid=2147654484 Name: Trojan:Win32/Sirefef.AC ID: 2147654484 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\ftsata2.dll;file:_C:\Windows\System32\GENERICDRV.dll;file:_C:\Windows\System32\GTSCSER.dll;file:_C:\Windows\System32\hnmsvc.dll;file:_C:\Windows\System32\houdiniserver.dll;file:_C:\Windows\System32\hpdskflt.dll;file:_C:\Windows\System32\igateway.dll;file:_C:\Windows\System32\imap4d32.dll;file:_C:\Windows\System32\imonnt.dll;file:_C:\Windows\System32\ivscheduler.dll;file:_C:\Windows\System32\k750bus.dll;file:_C:\Windows\System32\ksecdd.dll;file:_C:\Windows\System32\lemsgt.dll;file:_C:
     
     
  12. gordon low

    gordon low TS Member Topic Starter Posts: 17

    $ABBEYIIOFFLINE.dll;containerfile:_C:\Windows\System32\ssdiagn.dll;containerfile:_C:\Windows\System32\STEC3.dll;containerfile:_C:\Windows\System32\STV672.dll;containerfile:_C:\Windows\System32\stylexpservice.dll;containerfile:_C:\Windows\System32\surveyor.dll;containerfile:_C:\Windows\System32\suservice.dll;containerfile:_C:\Windo Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8704.0, NIS: 0.0.0.0
    9/15/2012 10:25:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LMIMaint service.
    9/15/2012 10:25:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    9/15/2012 10:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    9/15/2012 10:24:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wercplsupport service.
    9/15/2012 10:24:50 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/15/2012 10:24:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:564 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 10:24:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/15/2012 10:06:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    9/15/2012 10:06:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 10:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/15/2012 10:01:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ayee-PC\ayee Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 10:01:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ayee-PC\ayee Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 10:01:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    9/15/2012 10:01:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\services.exe;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.135.1322.0, AS: 1.135.1322.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8704.0, NIS: 2.0.8001.0
    .
    ==== End Of File ===========================

    -------------------------------------
     
  13. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  14. gordon low

    gordon low TS Member Topic Starter Posts: 17

    1st part of tdss log
    16:28:19.0125 0600 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    16:28:20.0061 0600 ============================================================
    16:28:20.0061 0600 Current date / time: 2012/09/22 16:28:20.0061
    16:28:20.0061 0600 SystemInfo:
    16:28:20.0061 0600
    16:28:20.0061 0600 OS Version: 6.1.7601 ServicePack: 1.0
    16:28:20.0061 0600 Product type: Workstation
    16:28:20.0061 0600 ComputerName: AYEE-PC
    16:28:20.0061 0600 UserName: ayee
    16:28:20.0061 0600 Windows directory: C:\Windows
    16:28:20.0061 0600 System windows directory: C:\Windows
    16:28:20.0061 0600 Processor architecture: Intel x86
    16:28:20.0061 0600 Number of processors: 2
    16:28:20.0061 0600 Page size: 0x1000
    16:28:20.0061 0600 Boot type: Normal boot
    16:28:20.0061 0600 ============================================================
    16:28:23.0493 0600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:28:23.0493 0600 Drive \Device\Harddisk1\DR1 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:28:23.0493 0600 ============================================================
    16:28:23.0493 0600 \Device\Harddisk0\DR0:
    16:28:23.0571 0600 MBR partitions:
    16:28:23.0571 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:28:23.0571 0600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
    16:28:23.0571 0600 \Device\Harddisk1\DR1:
    16:28:23.0571 0600 MBR partitions:
    16:28:23.0571 0600 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
    16:28:23.0571 0600 ============================================================
    16:28:23.0571 0600 C: <-> \Device\Harddisk0\DR0\Partition2
    16:28:23.0571 0600 ============================================================
    16:28:23.0571 0600 Initialize success
    16:28:23.0571 0600 ============================================================
    16:28:31.0215 2056 ============================================================
    16:28:31.0215 2056 Scan started
    16:28:31.0215 2056 Mode: Manual;
    16:28:31.0215 2056 ============================================================
    16:28:31.0574 2056 ================ Scan system memory ========================
    16:28:31.0574 2056 System memory - ok
    16:28:31.0574 2056 ================ Scan services =============================
    16:28:31.0714 2056 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:28:31.0717 2056 1394ohci - ok
    16:28:31.0732 2056 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:28:31.0748 2056 ACPI - ok
    16:28:31.0763 2056 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:28:31.0826 2056 AcpiPmi - ok
    16:28:31.0857 2056 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:28:31.0888 2056 adp94xx - ok
    16:28:31.0919 2056 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:28:31.0919 2056 adpahci - ok
    16:28:31.0935 2056 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:28:31.0951 2056 adpu320 - ok
    16:28:32.0187 2056 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    16:28:32.0281 2056 AdvancedSystemCareService5 - ok
    16:28:32.0281 2056 aeaudio - ok
    16:28:32.0328 2056 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:28:32.0328 2056 AeLookupSvc - ok
    16:28:32.0406 2056 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    16:28:32.0468 2056 AFD - ok
    16:28:32.0499 2056 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:28:32.0515 2056 agp440 - ok
    16:28:32.0548 2056 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    16:28:32.0564 2056 aic78xx - ok
    16:28:32.0580 2056 AirPrint - ok
    16:28:32.0595 2056 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    16:28:32.0611 2056 ALG - ok
    16:28:32.0626 2056 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:28:32.0626 2056 aliide - ok
    16:28:32.0642 2056 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    16:28:32.0658 2056 amdagp - ok
    16:28:32.0673 2056 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    16:28:32.0673 2056 amdide - ok
    16:28:32.0704 2056 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:28:32.0704 2056 AmdK8 - ok
    16:28:32.0704 2056 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:28:32.0720 2056 AmdPPM - ok
    16:28:32.0736 2056 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:28:32.0845 2056 amdsata - ok
    16:28:32.0876 2056 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:28:32.0892 2056 amdsbs - ok
    16:28:32.0907 2056 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:28:33.0016 2056 amdxata - ok
    16:28:33.0126 2056 [ 97ED5AA5FBAA105EF614B8C240B62BA1 ] Apache2.2 C:\AppServ\Apache2.2\bin\httpd.exe
    16:28:33.0141 2056 Apache2.2 - ok
    16:28:33.0172 2056 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    16:28:33.0282 2056 AppID - ok
    16:28:33.0313 2056 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:28:33.0328 2056 AppIDSvc - ok
    16:28:33.0344 2056 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    16:28:33.0360 2056 Appinfo - ok
    16:28:33.0453 2056 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:28:33.0516 2056 Apple Mobile Device - ok
    16:28:33.0531 2056 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
    16:28:33.0547 2056 AppMgmt - ok
    16:28:33.0578 2056 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:28:33.0578 2056 arc - ok
    16:28:33.0594 2056 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:28:33.0609 2056 arcsas - ok
    16:28:33.0609 2056 astcc - ok
    16:28:33.0609 2056 AsusACPI - ok
    16:28:33.0656 2056 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:28:33.0672 2056 AsyncMac - ok
    16:28:33.0703 2056 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    16:28:33.0703 2056 atapi - ok
    16:28:33.0718 2056 atkdisplf - ok
    16:28:33.0718 2056 ATNT40K - ok
    16:28:33.0750 2056 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:28:33.0812 2056 AudioEndpointBuilder - ok
    16:28:33.0859 2056 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    16:28:33.0874 2056 Audiosrv - ok
    16:28:33.0906 2056 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:28:33.0952 2056 AxInstSV - ok
    16:28:33.0968 2056 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    16:28:34.0046 2056 b06bdrv - ok
    16:28:34.0108 2056 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    16:28:34.0155 2056 b57nd60x - ok
    16:28:34.0155 2056 basfipm - ok
    16:28:34.0311 2056 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    16:28:34.0311 2056 bcm4sbxp - ok
    16:28:34.0327 2056 bcserver - ok
    16:28:34.0358 2056 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:28:34.0374 2056 BDESVC - ok
    16:28:34.0405 2056 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:28:34.0420 2056 Beep - ok
    16:28:34.0467 2056 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:28:34.0467 2056 blbdrive - ok
    16:28:34.0530 2056 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:28:34.0609 2056 Bonjour Service - ok
    16:28:34.0655 2056 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:28:34.0702 2056 bowser - ok
    16:28:34.0718 2056 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:28:34.0733 2056 BrFiltLo - ok
    16:28:34.0733 2056 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:28:34.0749 2056 BrFiltUp - ok
    16:28:34.0780 2056 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
    16:28:34.0780 2056 Browser - ok
    16:28:34.0827 2056 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\system32\Drivers\Brserid.sys
    16:28:34.0827 2056 Brserid - ok
    16:28:34.0858 2056 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:28:34.0858 2056 BrSerWdm - ok
    16:28:34.0858 2056 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:28:34.0874 2056 BrUsbMdm - ok
    16:28:34.0889 2056 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
    16:28:34.0889 2056 BrUsbSer - ok
    16:28:34.0952 2056 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    16:28:34.0952 2056 BthEnum - ok
    16:28:34.0967 2056 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:28:34.0983 2056 BTHMODEM - ok
    16:28:34.0999 2056 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    16:28:34.0999 2056 BthPan - ok
    16:28:35.0030 2056 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    16:28:35.0077 2056 BTHPORT - ok
    16:28:35.0108 2056 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    16:28:35.0108 2056 bthserv - ok
    16:28:35.0123 2056 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    16:28:35.0233 2056 BTHUSB - ok
    16:28:35.0233 2056 btserial - ok
    16:28:35.0248 2056 btwdndis - ok
    16:28:35.0248 2056 caili - ok
    16:28:35.0326 2056 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:28:35.0326 2056 cdfs - ok
    16:28:35.0389 2056 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:28:35.0389 2056 cdrom - ok
    16:28:35.0451 2056 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:28:35.0498 2056 CertPropSvc - ok
    16:28:35.0529 2056 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:28:35.0545 2056 circlass - ok
    16:28:35.0607 2056 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    16:28:35.0607 2056 CLFS - ok
    16:28:35.0701 2056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:28:35.0701 2056 clr_optimization_v2.0.50727_32 - ok
    16:28:35.0732 2056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:28:35.0732 2056 clr_optimization_v4.0.30319_32 - ok
    16:28:35.0747 2056 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:28:35.0763 2056 CmBatt - ok
    16:28:35.0810 2056 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:28:35.0810 2056 cmdide - ok
    16:28:35.0872 2056 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
    16:28:35.0950 2056 CNG - ok
    16:28:35.0966 2056 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:28:35.0981 2056 Compbatt - ok
    16:28:35.0997 2056 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:28:36.0059 2056 CompositeBus - ok
    16:28:36.0059 2056 COMSysApp - ok
    16:28:36.0075 2056 cqcpu - ok
    16:28:36.0091 2056 cqmgstor - ok
    16:28:36.0106 2056 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:28:36.0122 2056 crcdisk - ok
    16:28:36.0137 2056 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:28:36.0184 2056 CryptSvc - ok
    16:28:36.0262 2056 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
    16:28:36.0325 2056 CSC - ok
    16:28:36.0371 2056 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
    16:28:36.0418 2056 CscService - ok
    16:28:36.0434 2056 curtainssyssvc - ok
    16:28:36.0465 2056 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:28:36.0465 2056 DcomLaunch - ok
    16:28:36.0512 2056 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    16:28:36.0512 2056 defragsvc - ok
    16:28:36.0590 2056 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:28:36.0652 2056 DfsC - ok
    16:28:36.0699 2056 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:28:36.0746 2056 Dhcp - ok
    16:28:36.0777 2056 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    16:28:36.0777 2056 discache - ok
    16:28:36.0793 2056 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:28:36.0793 2056 Disk - ok
    16:28:36.0793 2056 dmisrv - ok
    16:28:36.0808 2056 DniVad - ok
    16:28:36.0871 2056 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:28:36.0902 2056 Dnscache - ok
    16:28:36.0964 2056 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:28:37.0011 2056 dot3svc - ok
    16:28:37.0042 2056 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    16:28:37.0042 2056 DPS - ok
    16:28:37.0089 2056 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:28:37.0105 2056 drmkaud - ok
    16:28:37.0151 2056 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:28:37.0214 2056 DXGKrnl - ok
    16:28:37.0261 2056 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    16:28:37.0261 2056 EapHost - ok
    16:28:37.0417 2056 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    16:28:37.0526 2056 ebdrv - ok
    16:28:37.0557 2056 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    16:28:37.0619 2056 EFS - ok
    16:28:37.0697 2056 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:28:37.0822 2056 ehRecvr - ok
    16:28:37.0869 2056 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    16:28:37.0900 2056 ehSched - ok
    16:28:37.0947 2056 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:28:37.0963 2056 elxstor - ok
    16:28:37.0994 2056 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:28:37.0994 2056 ErrDev - ok
    16:28:38.0072 2056 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    16:28:38.0087 2056 EventSystem - ok
    16:28:38.0103 2056 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    16:28:38.0119 2056 exfat - ok
    16:28:38.0134 2056 F700isw - ok
    16:28:38.0181 2056 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:28:38.0181 2056 fastfat - ok
    16:28:38.0259 2056 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    16:28:38.0337 2056 Fax - ok
    16:28:38.0368 2056 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:28:38.0368 2056 fdc - ok
    16:28:38.0399 2056 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    16:28:38.0399 2056 fdPHost - ok
    16:28:38.0415 2056 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    16:28:38.0415 2056 FDResPub - ok
    16:28:38.0446 2056 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:28:38.0462 2056 FileInfo - ok
    16:28:38.0462 2056 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:28:38.0477 2056 Filetrace - ok
    16:28:38.0477 2056 fingrd32 - ok
    16:28:38.0493 2056 FireHook - ok
    16:28:38.0524 2056 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:28:38.0524 2056 flpydisk - ok
    16:28:38.0555 2056 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:28:38.0555 2056 FltMgr - ok
    16:28:38.0602 2056 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    16:28:38.0602 2056 FontCache - ok
    16:28:38.0696 2056 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:28:38.0696 2056 FontCache3.0.0.0 - ok
    16:28:38.0711 2056 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:28:38.0711 2056 FsDepends - ok
    16:28:38.0789 2056 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:28:38.0852 2056 Fs_Rec - ok
    16:28:38.0883 2056 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:28:38.0992 2056 fvevol - ok
    16:28:39.0023 2056 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:28:39.0023 2056 gagp30kx - ok
    16:28:39.0039 2056 GcKernel - ok
    16:28:39.0070 2056 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:28:39.0133 2056 GEARAspiWDM - ok
    16:28:39.0148 2056 genmcmn - ok
    16:28:39.0211 2056 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    16:28:39.0257 2056 gpsvc - ok
    16:28:39.0273 2056 gtndis5 - ok
    16:28:39.0335 2056 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    16:28:39.0335 2056 gupdate - ok
    16:28:39.0413 2056 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    16:28:39.0413 2056 gupdatem - ok
    16:28:39.0476 2056 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:28:39.0476 2056 hcw85cir - ok
    16:28:39.0617 2056 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:28:39.0680 2056 HdAudAddService - ok
    16:28:39.0695 2056 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    16:28:39.0742 2056 HDAudBus - ok
    16:28:39.0758 2056 hdthermal - ok
    16:28:39.0789 2056 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:28:39.0789 2056 HidBatt - ok
    16:28:39.0804 2056 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:28:39.0820 2056 HidBth - ok
    16:28:39.0820 2056 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:28:39.0836 2056 HidIr - ok
    16:28:39.0867 2056 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    16:28:39.0882 2056 hidserv - ok
    16:28:39.0914 2056 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:28:40.0023 2056 HidUsb - ok
    16:28:40.0054 2056 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:28:40.0101 2056 hkmsvc - ok
    16:28:40.0101 2056 hnmsvc - ok
    16:28:40.0132 2056 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:28:40.0179 2056 HomeGroupListener - ok
    16:28:40.0226 2056 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:28:40.0226 2056 HomeGroupProvider - ok
    16:28:40.0241 2056 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:28:40.0257 2056 HpSAMD - ok
    16:28:40.0304 2056 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:28:40.0382 2056 HTTP - ok
    16:28:40.0428 2056 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:28:40.0475 2056 hwpolicy - ok
    16:28:40.0491 2056 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    16:28:40.0506 2056 i8042prt - ok
    16:28:40.0553 2056 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:28:40.0662 2056 iaStorV - ok
    16:28:40.0678 2056 id2scaps - ok
    16:28:40.0740 2056 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:28:40.0834 2056 idsvc - ok
    16:28:41.0006 2056 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:28:41.0224 2056 igfx - ok
    16:28:41.0271 2056 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:28:41.0286 2056 iirsp - ok
    16:28:41.0349 2056 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    16:28:41.0427 2056 IKEEXT - ok
    16:28:41.0489 2056 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    16:28:41.0505 2056 intelide - ok
    16:28:41.0520 2056 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:28:41.0520 2056 intelppm - ok
    16:28:41.0552 2056 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:28:41.0567 2056 IPBusEnum - ok
    16:28:41.0583 2056 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:28:41.0598 2056 IpFilterDriver - ok
    16:28:41.0630 2056 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:28:41.0692 2056 IPMIDRV - ok
    16:28:41.0708 2056 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:28:41.0708 2056 IPNAT - ok
    16:28:41.0786 2056 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:28:41.0786 2056 iPod Service - ok
    16:28:41.0848 2056 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:28:41.0848 2056 IRENUM - ok
    16:28:41.0864 2056 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:28:41.0879 2056 isapnp - ok
    16:28:41.0926 2056 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:28:41.0988 2056 iScsiPrt - ok
    16:28:42.0004 2056 iwebmsg - ok
    16:28:42.0020 2056 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:28:42.0020 2056 kbdclass - ok
    16:28:42.0051 2056 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:28:42.0160 2056 kbdhid - ok
    16:28:42.0191 2056 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    16:28:42.0191 2056 KeyIso - ok
    16:28:42.0254 2056 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:28:42.0332 2056 KSecDD - ok
    16:28:42.0363 2056 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:28:42.0472 2056 KSecPkg - ok
    16:28:42.0519 2056 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:28:42.0550 2056 KtmRm - ok
    16:28:42.0581 2056 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:28:42.0581 2056 LanmanServer - ok
    16:28:42.0612 2056 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:28:42.0659 2056 LanmanWorkstation - ok
    16:28:42.0690 2056 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:28:42.0706 2056 lltdio - ok
    16:28:42.0737 2056 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:28:42.0753 2056 lltdsvc - ok
    16:28:42.0784 2056 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:28:42.0784 2056 lmhosts - ok
    16:28:42.0862 2056 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    16:28:42.0878 2056 LMIGuardianSvc - ok
    16:28:42.0924 2056 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
    16:28:43.0034 2056 LMIInfo - ok
    16:28:43.0080 2056 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
    16:28:43.0143 2056 LMIMaint - ok
    16:28:43.0190 2056 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
    16:28:43.0299 2056 lmimirr - ok
    16:28:43.0299 2056 LMIRfsClientNP - ok
    16:28:43.0330 2056 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
    16:28:43.0392 2056 LMIRfsDriver - ok
    16:28:43.0455 2056 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
    16:28:43.0455 2056 LogMeIn - ok
    16:28:43.0548 2056 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:28:43.0548 2056 LSI_FC - ok
    16:28:43.0564 2056 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:28:43.0580 2056 LSI_SAS - ok
    16:28:43.0611 2056 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:28:43.0611 2056 LSI_SAS2 - ok
    16:28:43.0626 2056 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:28:43.0642 2056 LSI_SCSI - ok
    16:28:43.0642 2056 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    16:28:43.0658 2056 luafv - ok
    16:28:43.0673 2056 lwwlicenseservice - ok
    16:28:43.0689 2056 maxbackserviceint - ok
    16:28:43.0736 2056 [ C3D7E3DCC470D0A5230A485549F21908 ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    16:28:43.0798 2056 McAfeeEngineService - ok
    16:28:43.0845 2056 [ 4CD3EE64736B4D156DAC5C1D6EB60C24 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    16:28:43.0907 2056 McAfeeFramework - ok
    16:28:43.0970 2056 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
    16:28:44.0032 2056 McciCMService - ok
    16:28:44.0048 2056 mcmispupdmgr - ok
    16:28:44.0079 2056 [ 291ADFCB72658349A929B903BC47F8EA ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    16:28:44.0141 2056 McShield - ok
    16:28:44.0172 2056 [ 9DF3A434657512B31549F8D20AFFAD5F ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    16:28:44.0235 2056 McTaskManager - ok
    16:28:44.0282 2056 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:28:44.0313 2056 Mcx2Svc - ok
    16:28:44.0328 2056 mdvrmng - ok
    16:28:44.0375 2056 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:28:44.0375 2056 megasas - ok
    16:28:44.0406 2056 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:28:44.0422 2056 MegaSR - ok
    16:28:44.0484 2056 [ D0813CF480E3D38A265F3BE86522BF3B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    16:28:44.0500 2056 mfeapfk - ok
    16:28:44.0516 2056 [ 04440CC0F5F89933BABD585CC5F2F70E ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    16:28:44.0516 2056 mfeavfk - ok
    16:28:44.0547 2056 [ F6E257C31E0C354A2ED22BF5026C2466 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
    16:28:44.0547 2056 mfebopk - ok
    16:28:44.0578 2056 [ 79FAE8CE9A478F79B74873A810C8227E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    16:28:44.0594 2056 mfehidk - ok
    16:28:44.0625 2056 [ F21BF10A3784E52EEC925BB5F7D3FFFA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    16:28:45.0077 2056 mferkdet - ok
    16:28:45.0124 2056 [ F2D4D0F8E230257A0BE36DF803B549D1 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys
    16:28:45.0561 2056 mfetdik - ok
    16:28:45.0608 2056 [ B87B41F2C05788F04A3B487902803FD2 ] mfevtp C:\Windows\system32\mfevtps.exe
    16:28:45.0670 2056 mfevtp - ok
    16:28:45.0732 2056 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    16:28:45.0795 2056 Microsoft Office Groove Audit Service - ok
    16:28:45.0857 2056 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    16:28:45.0857 2056 MMCSS - ok
    16:28:45.0873 2056 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    16:28:45.0873 2056 Modem - ok
    16:28:45.0951 2056 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:28:45.0951 2056 monitor - ok
    16:28:45.0982 2056 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:28:45.0982 2056 mouclass - ok
    16:28:46.0013 2056 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:28:46.0013 2056 mouhid - ok
    16:28:46.0044 2056 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:28:46.0107 2056 mountmgr - ok
    16:28:46.0169 2056 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    16:28:46.0294 2056 MpFilter - ok
    16:28:46.0341 2056 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:28:46.0450 2056 mpio - ok
    16:28:46.0653 2056 [ A69630D039C38018689190234F866D77 ] MpKsl78006687 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl78006687.sys
    16:28:46.0653 2056 MpKsl78006687 - ok
    16:28:46.0715 2056 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:28:46.0715 2056 mpsdrv - ok
    16:28:46.0731 2056 MREMP50 - ok
    16:28:46.0746 2056 MRESP50 - ok
    16:28:46.0809 2056 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:28:46.0934 2056 MRxDAV - ok
    16:28:46.0980 2056 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:28:47.0090 2056 mrxsmb - ok
    16:28:47.0136 2056 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:28:47.0230 2056 mrxsmb10 - ok
    16:28:47.0246 2056 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:28:47.0370 2056 mrxsmb20 - ok
    16:28:47.0433 2056 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    16:28:47.0573 2056 msahci - ok
    16:28:47.0620 2056 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:28:47.0729 2056 msdsm - ok
    16:28:47.0776 2056 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    16:28:47.0792 2056 MSDTC - ok
    16:28:47.0838 2056 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:28:47.0854 2056 Msfs - ok
    16:28:47.0870 2056 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:28:47.0885 2056 mshidkmdf - ok
    16:28:47.0901 2056 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:28:47.0901 2056 msisadrv - ok
    16:28:47.0932 2056 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:28:47.0948 2056 MSiSCSI - ok
    16:28:47.0963 2056 msiserver - ok
    16:28:47.0994 2056 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:28:47.0994 2056 MSKSSRV - ok
    16:28:48.0088 2056 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    16:28:48.0150 2056 MsMpSvc - ok
    16:28:48.0166 2056 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:28:48.0166 2056 MSPCLOCK - ok
    16:28:48.0182 2056 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:28:48.0197 2056 MSPQM - ok
    16:28:48.0228 2056 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:28:48.0244 2056 MsRPC - ok
    16:28:48.0275 2056 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:28:48.0275 2056 mssmbios - ok
    16:28:48.0306 2056 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:28:48.0306 2056 MSTEE - ok
    16:28:48.0322 2056 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:28:48.0322 2056 MTConfig - ok
    16:28:48.0353 2056 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:28:48.0353 2056 Mup - ok
    16:28:48.0400 2056 mysql - ok
    16:28:48.0416 2056 nalntservice - ok
    16:28:48.0478 2056 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    16:28:48.0478 2056 napagent - ok
    16:28:48.0525 2056 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:28:48.0540 2056 NativeWifiP - ok
    16:28:48.0587 2056 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:28:48.0587 2056 NDIS - ok
    16:28:48.0618 2056 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:28:48.0618 2056 NdisCap - ok
    16:28:48.0650 2056 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:28:48.0650 2056 NdisTapi - ok
    16:28:48.0712 2056 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:28:48.0774 2056 Ndisuio - ok
    16:28:48.0821 2056 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:28:48.0930 2056 NdisWan - ok
    16:28:48.0993 2056 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:28:49.0040 2056 NDProxy - ok
    16:28:49.0071 2056 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:28:49.0071 2056 NetBIOS - ok
    16:28:49.0118 2056 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:28:49.0227 2056 NetBT - ok
    16:28:49.0258 2056 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    16:28:49.0258 2056 Netlogon - ok
    16:28:49.0305 2056 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    16:28:49.0305 2056 Netman - ok
    16:28:49.0320 2056 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    16:28:49.0336 2056 netprofm - ok
    16:28:49.0352 2056 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:28:49.0430 2056 NetTcpPortSharing - ok
    16:28:49.0679 2056 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
    16:28:49.0913 2056 netw5v32 - ok
    16:28:49.0991 2056 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:28:49.0991 2056 nfrd960 - ok
    16:28:50.0038 2056 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:28:50.0100 2056 NisDrv - ok
    16:28:50.0163 2056 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    16:28:50.0241 2056 NisSrv - ok
    16:28:50.0288 2056 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:28:50.0334 2056 NlaSvc - ok
    16:28:50.0350 2056 nod32krn - ok
    16:28:50.0366 2056 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:28:50.0366 2056 Npfs - ok
    16:28:50.0428 2056 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    16:28:50.0428 2056 nsi - ok
    16:28:50.0459 2056 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:28:50.0475 2056 nsiproxy - ok
    16:28:50.0553 2056 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:28:50.0646 2056 Ntfs - ok
    16:28:50.0709 2056 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    16:28:50.0724 2056 Null - ok
    16:28:50.0740 2056 NVNET - ok
    16:28:50.0771 2056 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:28:50.0834 2056 nvraid - ok
    16:28:50.0880 2056 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:28:50.0990 2056 nvstor - ok
    16:28:51.0021 2056 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:28:51.0021 2056 nv_agp - ok
    16:28:51.0036 2056 NxSysMon - ok
    16:28:51.0114 2056 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:28:51.0208 2056 odserv - ok
    16:28:51.0224 2056 OEM02Dev - ok
    16:28:51.0270 2056 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:28:51.0270 2056 ohci1394 - ok
    16:28:51.0286 2056 olregcap - ok
    16:28:51.0333 2056 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:28:51.0395 2056 ose - ok
    16:28:51.0473 2056 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:28:51.0489 2056 p2pimsvc - ok
    16:28:51.0520 2056 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:28:51.0551 2056 p2psvc - ok
    16:28:51.0567 2056 PAC7302 - ok
    16:28:51.0614 2056 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:28:51.0614 2056 Parport - ok
    16:28:51.0645 2056 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:28:51.0754 2056 partmgr - ok
    16:28:51.0785 2056 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    16:28:51.0785 2056 Parvdm - ok
    16:28:51.0816 2056 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:28:51.0816 2056 PcaSvc - ok
    16:28:51.0848 2056 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    16:28:51.0910 2056 pci - ok
    16:28:51.0941 2056 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    16:28:51.0941 2056 pciide - ok
    16:28:51.0972 2056 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:28:51.0988 2056 pcmcia - ok
    16:28:52.0004 2056 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    16:28:52.0019 2056 pcw - ok
    16:28:52.0035 2056 PD0620VID - ok
    16:28:52.0082 2056 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:28:52.0097 2056 PEAUTH - ok
    16:28:52.0160 2056 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    16:28:52.0191 2056 PeerDistSvc - ok
    16:28:52.0331 2056 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    16:28:52.0425 2056 pla - ok
    16:28:52.0472 2056 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:28:52.0534 2056 PlugPlay - ok
    16:28:52.0565 2056 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:28:52.0565 2056 PNRPAutoReg - ok
    16:28:52.0596 2056 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:28:52.0596 2056 PNRPsvc - ok
    16:28:52.0674 2056 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:28:52.0721 2056 PolicyAgent - ok
    16:28:52.0768 2056 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    16:28:52.0815 2056 Power - ok
    16:28:52.0862 2056 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:28:52.0862 2056 PptpMiniport - ok
    16:28:52.0893 2056 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:28:52.0893 2056 Processor - ok
    16:28:52.0940 2056 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:28:52.0986 2056 ProfSvc - ok
    16:28:53.0018 2056 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:28:53.0018 2056 ProtectedStorage - ok
    16:28:53.0096 2056 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:28:53.0111 2056 Psched - ok
    16:28:53.0127 2056 qcdonner - ok
    16:28:53.0189 2056 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:28:53.0236 2056 ql2300 - ok
    16:28:53.0267 2056 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:28:53.0283 2056 ql40xx - ok
    16:28:53.0330 2056 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    16:28:53.0345 2056 QWAVE - ok
    16:28:53.0361 2056 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
     
  15. gordon low

    gordon low TS Member Topic Starter Posts: 17

    16:28:53.0376 2056 QWAVEdrv - ok
    16:28:53.0392 2056 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:28:53.0408 2056 RasAcd - ok
    16:28:53.0454 2056 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:28:53.0454 2056 RasAgileVpn - ok
    16:28:53.0486 2056 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    16:28:53.0486 2056 RasAuto - ok
    16:28:53.0517 2056 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:28:53.0517 2056 Rasl2tp - ok
    16:28:53.0564 2056 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    16:28:53.0610 2056 RasMan - ok
    16:28:53.0642 2056 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:28:53.0642 2056 RasPppoe - ok
    16:28:53.0688 2056 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:28:53.0704 2056 RasSstp - ok
    16:28:53.0766 2056 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:28:53.0876 2056 rdbss - ok
    16:28:53.0891 2056 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:28:53.0891 2056 rdpbus - ok
    16:28:53.0938 2056 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:28:54.0000 2056 RDPCDD - ok
    16:28:54.0047 2056 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    16:28:54.0110 2056 RDPDR - ok
    16:28:54.0125 2056 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:28:54.0125 2056 RDPENCDD - ok
    16:28:54.0156 2056 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:28:54.0172 2056 RDPREFMP - ok
    16:28:54.0219 2056 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    16:28:54.0281 2056 RdpVideoMiniport - ok
    16:28:54.0344 2056 [ 244C83332F44589AE98FC347F11B2693 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:28:54.0453 2056 RDPWD - ok
    16:28:54.0515 2056 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:28:54.0624 2056 rdyboost - ok
    16:28:54.0718 2056 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:28:54.0734 2056 RemoteAccess - ok
    16:28:54.0780 2056 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:28:54.0780 2056 RemoteRegistry - ok
    16:28:54.0874 2056 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    16:28:54.0874 2056 RFCOMM - ok
    16:28:54.0905 2056 roxwatch - ok
    16:28:54.0921 2056 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:28:54.0936 2056 RpcEptMapper - ok
    16:28:54.0983 2056 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    16:28:54.0983 2056 RpcLocator - ok
    16:28:55.0014 2056 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    16:28:55.0030 2056 RpcSs - ok
    16:28:55.0077 2056 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:28:55.0077 2056 rspndr - ok
    16:28:55.0124 2056 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    16:28:55.0186 2056 s3cap - ok
    16:28:55.0202 2056 s7otranx - ok
    16:28:55.0233 2056 saeawbby - ok
    16:28:55.0248 2056 SaiH040B - ok
    16:28:55.0280 2056 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    16:28:55.0295 2056 SamSs - ok
    16:28:55.0342 2056 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:28:55.0451 2056 sbp2port - ok
    16:28:55.0498 2056 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:28:55.0514 2056 SCardSvr - ok
    16:28:55.0545 2056 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:28:55.0592 2056 scfilter - ok
    16:28:55.0670 2056 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    16:28:55.0732 2056 Schedule - ok
    16:28:55.0779 2056 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:28:55.0810 2056 SCPolicySvc - ok
    16:28:55.0857 2056 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:28:55.0904 2056 SDRSVC - ok
    16:28:55.0935 2056 se44unic - ok
    16:28:55.0997 2056 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:28:55.0997 2056 secdrv - ok
    16:28:56.0028 2056 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    16:28:56.0044 2056 seclogon - ok
    16:28:56.0075 2056 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    16:28:56.0075 2056 SENS - ok
    16:28:56.0122 2056 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:28:56.0122 2056 SensrSvc - ok
    16:28:56.0169 2056 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:28:56.0184 2056 Serenum - ok
    16:28:56.0247 2056 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:28:56.0262 2056 Serial - ok
    16:28:56.0294 2056 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:28:56.0294 2056 sermouse - ok
    16:28:56.0387 2056 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:28:56.0434 2056 SessionEnv - ok
    16:28:56.0481 2056 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:28:56.0481 2056 sffdisk - ok
    16:28:56.0512 2056 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:28:56.0528 2056 sffp_mmc - ok
    16:28:56.0559 2056 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:28:56.0606 2056 sffp_sd - ok
    16:28:56.0637 2056 sfilter - ok
    16:28:56.0668 2056 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:28:56.0684 2056 sfloppy - ok
    16:28:56.0730 2056 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:28:56.0793 2056 ShellHWDetection - ok
    16:28:56.0808 2056 SiRemFil - ok
    16:28:56.0840 2056 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    16:28:56.0840 2056 sisagp - ok
    16:28:56.0871 2056 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:28:56.0871 2056 SiSRaid2 - ok
    16:28:56.0902 2056 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:28:56.0918 2056 SiSRaid4 - ok
    16:28:56.0933 2056 Sk9920nt - ok
    16:28:56.0964 2056 Slntamr - ok
    16:28:56.0996 2056 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:28:56.0996 2056 Smb - ok
    16:28:57.0089 2056 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:28:57.0089 2056 SNMPTRAP - ok
    16:28:57.0120 2056 Sntnlusb - ok
    16:28:57.0136 2056 spcsutilityservice - ok
    16:28:57.0198 2056 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:28:57.0198 2056 spldr - ok
    16:28:57.0261 2056 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
    16:28:57.0323 2056 Spooler - ok
    16:28:57.0526 2056 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    16:28:57.0557 2056 sppsvc - ok
    16:28:57.0588 2056 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:28:57.0651 2056 sppuinotify - ok
    16:28:57.0666 2056 SRTSPL - ok
    16:28:57.0760 2056 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:28:57.0869 2056 srv - ok
    16:28:57.0947 2056 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:28:58.0010 2056 srv2 - ok
    16:28:58.0056 2056 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    16:28:58.0072 2056 SrvHsfHDA - ok
    16:28:58.0119 2056 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    16:28:58.0150 2056 SrvHsfV92 - ok
    16:28:58.0197 2056 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    16:28:58.0212 2056 SrvHsfWinac - ok
    16:28:58.0244 2056 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:28:58.0353 2056 srvnet - ok
    16:28:58.0431 2056 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:28:58.0431 2056 SSDPSRV - ok
    16:28:58.0446 2056 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:28:58.0462 2056 SstpSvc - ok
    16:28:58.0493 2056 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:28:58.0509 2056 stexstor - ok
    16:28:58.0556 2056 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    16:28:58.0602 2056 StiSvc - ok
    16:28:58.0665 2056 [ 69A926DBCA12046633E3D6E6D46E7087 ] StkAMini C:\Windows\system32\Drivers\StkAMini.sys
    16:28:58.0727 2056 StkAMini - ok
    16:28:58.0774 2056 [ 5CCFE3B03F97005D221BA897C9A20B38 ] StkASSrv C:\Windows\System32\StkASv2K.exe
    16:28:58.0836 2056 StkASSrv - ok
    16:28:58.0868 2056 [ 83406FB18CB0ABFEC501ADD986D63572 ] StkScan C:\Windows\system32\Drivers\StkScan.sys
    16:28:58.0946 2056 StkScan - ok
    16:28:58.0992 2056 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    16:28:59.0055 2056 storflt - ok
    16:28:59.0086 2056 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
    16:28:59.0133 2056 StorSvc - ok
    16:28:59.0164 2056 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    16:28:59.0226 2056 storvsc - ok
    16:28:59.0242 2056 suservice - ok
    16:28:59.0289 2056 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:28:59.0289 2056 swenum - ok
    16:28:59.0304 2056 swmidi - ok
    16:28:59.0382 2056 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    16:28:59.0382 2056 swprv - ok
    16:28:59.0414 2056 symtdi - ok
    16:28:59.0445 2056 Synth3dVsc - ok
    16:28:59.0523 2056 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    16:28:59.0538 2056 SysMain - ok
    16:28:59.0570 2056 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:28:59.0616 2056 TabletInputService - ok
    16:28:59.0663 2056 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:28:59.0710 2056 TapiSrv - ok
    16:28:59.0741 2056 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    16:28:59.0757 2056 TBS - ok
    16:28:59.0835 2056 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:28:59.0960 2056 Tcpip - ok
    16:29:00.0022 2056 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:29:00.0038 2056 TCPIP6 - ok
    16:29:00.0116 2056 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:29:00.0225 2056 tcpipreg - ok
    16:29:00.0287 2056 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:29:00.0396 2056 TDPIPE - ok
    16:29:00.0443 2056 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:29:00.0552 2056 TDTCP - ok
    16:29:00.0630 2056 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:29:00.0740 2056 tdx - ok
    16:29:00.0771 2056 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:29:00.0849 2056 TermDD - ok
    16:29:00.0942 2056 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    16:29:01.0020 2056 TermService - ok
    16:29:01.0083 2056 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    16:29:01.0083 2056 Themes - ok
    16:29:01.0114 2056 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    16:29:01.0130 2056 THREADORDER - ok
    16:29:01.0145 2056 tosrfbnp - ok
    16:29:01.0161 2056 transcode360 - ok
    16:29:01.0192 2056 trioservice - ok
    16:29:01.0223 2056 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    16:29:01.0239 2056 TrkWks - ok
    16:29:01.0317 2056 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:29:01.0426 2056 TrustedInstaller - ok
    16:29:01.0504 2056 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:29:01.0613 2056 tssecsrv - ok
    16:29:01.0644 2056 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:29:01.0707 2056 TsUsbFlt - ok
    16:29:01.0722 2056 tsusbhub - ok
    16:29:01.0785 2056 [ 233FCD3443CFBBAA27E7E463DCCBC528 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
    16:29:01.0863 2056 TuneUp.Defrag - ok
    16:29:01.0925 2056 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:29:01.0972 2056 tunnel - ok
    16:29:02.0019 2056 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:29:02.0019 2056 uagp35 - ok
    16:29:02.0066 2056 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:29:02.0128 2056 udfs - ok
    16:29:02.0206 2056 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:29:02.0206 2056 UI0Detect - ok
    16:29:02.0253 2056 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:29:02.0268 2056 uliagpkx - ok
    16:29:02.0300 2056 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
    16:29:02.0362 2056 umbus - ok
    16:29:02.0393 2056 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:29:02.0393 2056 UmPass - ok
    16:29:02.0456 2056 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
    16:29:02.0502 2056 UmRdpService - ok
    16:29:02.0534 2056 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    16:29:02.0534 2056 upnphost - ok
    16:29:02.0580 2056 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    16:29:02.0721 2056 USBAAPL - ok
    16:29:02.0799 2056 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    16:29:02.0861 2056 usbaudio - ok
    16:29:02.0908 2056 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:29:02.0970 2056 usbccgp - ok
    16:29:02.0986 2056 USBCCID - ok
    16:29:03.0033 2056 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:29:03.0033 2056 usbcir - ok
    16:29:03.0095 2056 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    16:29:03.0204 2056 usbehci - ok
    16:29:03.0236 2056 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:29:03.0345 2056 usbhub - ok
    16:29:03.0376 2056 usbmate - ok
    16:29:03.0423 2056 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:29:03.0516 2056 usbohci - ok
    16:29:03.0563 2056 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:29:03.0579 2056 usbprint - ok
    16:29:03.0626 2056 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    16:29:03.0626 2056 usbscan - ok
    16:29:03.0657 2056 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:29:03.0766 2056 USBSTOR - ok
    16:29:03.0797 2056 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    16:29:03.0906 2056 usbuhci - ok
    16:29:03.0953 2056 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    16:29:03.0953 2056 UxSms - ok
    16:29:04.0000 2056 [ 25895CC7C3F101419A9ED1BF65A8BD62 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
    16:29:04.0047 2056 UxTuneUp - ok
    16:29:04.0078 2056 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    16:29:04.0078 2056 VaultSvc - ok
    16:29:04.0109 2056 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:29:04.0125 2056 vdrvroot - ok
    16:29:04.0172 2056 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    16:29:04.0265 2056 vds - ok
    16:29:04.0281 2056 vetmsgnt - ok
    16:29:04.0328 2056 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:29:04.0328 2056 vga - ok
    16:29:04.0390 2056 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:29:04.0390 2056 VgaSave - ok
    16:29:04.0421 2056 VGPU - ok
    16:29:04.0468 2056 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:29:04.0530 2056 vhdmp - ok
    16:29:04.0546 2056 Via4in1 - ok
    16:29:04.0593 2056 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    16:29:04.0593 2056 viaagp - ok
    16:29:04.0640 2056 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    16:29:04.0640 2056 ViaC7 - ok
    16:29:04.0671 2056 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    16:29:04.0686 2056 viaide - ok
    16:29:04.0702 2056 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
    16:29:04.0764 2056 vmbus - ok
    16:29:04.0811 2056 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    16:29:04.0858 2056 VMBusHID - ok
    16:29:04.0889 2056 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:29:04.0952 2056 volmgr - ok
    16:29:05.0014 2056 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:29:05.0030 2056 volmgrx - ok
    16:29:05.0061 2056 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:29:05.0123 2056 volsnap - ok
    16:29:05.0154 2056 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:29:05.0170 2056 vsmraid - ok
    16:29:05.0232 2056 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    16:29:05.0326 2056 VSS - ok
    16:29:05.0388 2056 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    16:29:05.0388 2056 vwifibus - ok
    16:29:05.0466 2056 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    16:29:05.0498 2056 W32Time - ok
    16:29:05.0560 2056 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:29:05.0560 2056 WacomPen - ok
    16:29:05.0607 2056 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:29:05.0716 2056 WANARP - ok
    16:29:05.0763 2056 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:29:05.0763 2056 Wanarpv6 - ok
    16:29:05.0872 2056 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:29:05.0997 2056 WatAdminSvc - ok
    16:29:06.0075 2056 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    16:29:06.0200 2056 wbengine - ok
    16:29:06.0262 2056 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:29:06.0262 2056 WbioSrvc - ok
    16:29:06.0309 2056 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:29:06.0387 2056 wcncsvc - ok
    16:29:06.0418 2056 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:29:06.0434 2056 WcsPlugInService - ok
    16:29:06.0465 2056 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:29:06.0480 2056 Wd - ok
    16:29:06.0527 2056 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:29:06.0558 2056 Wdf01000 - ok
    16:29:06.0590 2056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:29:06.0590 2056 WdiServiceHost - ok
    16:29:06.0621 2056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:29:06.0621 2056 WdiSystemHost - ok
    16:29:06.0668 2056 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    16:29:06.0714 2056 WebClient - ok
    16:29:06.0761 2056 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:29:06.0777 2056 Wecsvc - ok
    16:29:06.0792 2056 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:29:06.0792 2056 wercplsupport - ok
    16:29:06.0824 2056 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:29:06.0839 2056 WerSvc - ok
    16:29:06.0902 2056 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:29:06.0902 2056 WfpLwf - ok
    16:29:06.0948 2056 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:29:06.0948 2056 WIMMount - ok
    16:29:06.0995 2056 WinHttpAutoProxySvc - ok
    16:29:07.0073 2056 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:29:07.0073 2056 Winmgmt - ok
    16:29:07.0151 2056 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    16:29:07.0245 2056 WinRM - ok
    16:29:07.0338 2056 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    16:29:07.0385 2056 WinUsb - ok
    16:29:07.0479 2056 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:29:07.0494 2056 Wlansvc - ok
    16:29:07.0541 2056 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:29:07.0541 2056 WmiAcpi - ok
    16:29:07.0604 2056 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:29:07.0650 2056 wmiApSrv - ok
    16:29:07.0728 2056 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    16:29:07.0744 2056 WMPNetworkSvc - ok
    16:29:07.0775 2056 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:29:07.0791 2056 WPCSvc - ok
    16:29:07.0838 2056 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:29:07.0838 2056 WPDBusEnum - ok
    16:29:07.0884 2056 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:29:07.0900 2056 ws2ifsl - ok
    16:29:07.0916 2056 WSearch - ok
    16:29:07.0994 2056 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:29:08.0118 2056 WudfPf - ok
    16:29:08.0150 2056 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:29:08.0274 2056 WUDFRd - ok
    16:29:08.0306 2056 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:29:08.0352 2056 wudfsvc - ok
    16:29:08.0399 2056 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:29:08.0415 2056 WwanSvc - ok
    16:29:08.0462 2056 zBackupAssistService - ok
    16:29:08.0555 2056 ================ Scan global ===============================
    16:29:08.0665 2056 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    16:29:08.0743 2056 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    16:29:08.0805 2056 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    16:29:08.0836 2056 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    16:29:08.0852 2056 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    16:29:08.0867 2056 [Global] - ok
    16:29:08.0867 2056 ================ Scan MBR ==================================
    16:29:08.0867 2056 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:29:09.0086 2056 \Device\Harddisk0\DR0 - ok
    16:29:09.0086 2056 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    16:29:12.0019 2056 \Device\Harddisk1\DR1 - ok
    16:29:12.0034 2056 ================ Scan VBR ==================================
    16:29:12.0034 2056 [ 45D9FAE720141F33F48B303940591B39 ] \Device\Harddisk0\DR0\Partition1
    16:29:12.0034 2056 \Device\Harddisk0\DR0\Partition1 - ok
    16:29:12.0065 2056 [ 5ADE49C750A59FA1E80BF8B0799F2ABF ] \Device\Harddisk0\DR0\Partition2
    16:29:12.0065 2056 \Device\Harddisk0\DR0\Partition2 - ok
    16:29:12.0081 2056 [ A9D9BA7F30D4384CC10CEEF5464B8CC0 ] \Device\Harddisk1\DR1\Partition1
    16:29:12.0081 2056 \Device\Harddisk1\DR1\Partition1 - ok
    16:29:12.0081 2056 ============================================================
    16:29:12.0081 2056 Scan finished
    16:29:12.0081 2056 ============================================================
    16:29:12.0097 1648 Detected object count: 0
    16:29:12.0097 1648 Actual detected object count: 0
    --------------------------
    roguekiller -
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : ayee [Admin rights]
    Mode : Remove -- Date : 09/22/2012 16:36:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 67 ¤¤¤
    [TASK][SUSP PATH] At33.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At32.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At31.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At30.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At29.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At28.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At27.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At26.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At25.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At43.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At42.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At41.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At40.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At39.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At38.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At37.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At36.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At35.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At34.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At48.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At47.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At46.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At45.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At44.job : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At25 : C:\ProgramData\ERQE3II7.exe_ -> DELETED
    [TASK][SUSP PATH] At26 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At27 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At28 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At29 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At30 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At31 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At32 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At33 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At34 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At35 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At36 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At37 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At38 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At39 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At40 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At41 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At42 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At43 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At44 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At45 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At46 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At47 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [TASK][SUSP PATH] At48 : C:\ProgramData\ERQE3II7.exe_ -> ERROR
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
    --- User ---
    [MBR] c7640912f808a4048c3c310872317f92
    [BSP] d500636d65bd83825c9fb5c8063422b9 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    --------------------------
    aswmbr-
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-22 16:39:57
    -----------------------------
    16:39:57.298 OS Version: Windows 6.1.7601 Service Pack 1
    16:39:57.298 Number of processors: 2 586 0xF06
    16:39:57.298 ComputerName: AYEE-PC UserName: ayee
    16:39:59.045 Initialize success
    16:55:10.328 AVAST engine defs: 12092201
    16:55:52.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:55:52.798 Disk 0 Vendor: FUJITSU_MHY2250BH 0000000B Size: 238475MB BusType: 3
    16:55:52.829 Disk 0 MBR read successfully
    16:55:52.829 Disk 0 MBR scan
    16:55:52.844 Disk 0 Windows 7 default MBR code
    16:55:52.860 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:55:52.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
    16:55:52.969 Disk 0 scanning sectors +488394752
    16:55:53.094 Disk 0 scanning C:\Windows\system32\drivers
    16:56:29.209 Service scanning
    16:56:56.868 Service MpKsl78006687 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl78006687.sys **LOCKED** 32
    16:57:27.470 Modules scanning
    16:57:33.944 Module: C:\Windows\System32\iertutil.dll **SUSPICIOUS**
    16:57:34.802 Module: C:\Windows\System32\imagehlp.dll **SUSPICIOUS**
    16:57:39.326 Module: C:\Windows\System32\wintrust.dll **SUSPICIOUS**
    16:57:40.074 Disk 0 trace - called modules:
    16:57:40.106 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys intelppm.sys
    16:57:40.106 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8777e460]
    16:57:40.121 3 CLASSPNP.SYS[8cc6959e] -> nt!IofCallDriver -> [0x876b4918]
    16:57:40.121 5 ACPI.sys[8c4ac3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x869de610]
    16:57:41.010 AVAST engine scan C:\Windows
    16:57:45.675 AVAST engine scan C:\Windows\system32
    17:08:14.296 AVAST engine scan C:\Windows\system32\drivers
    17:09:05.386 AVAST engine scan C:\Users\ayee
    18:02:24.237 AVAST engine scan C:\ProgramData
    18:05:23.648 Scan finished successfully
    18:07:39.722 Disk 0 MBR has been saved successfully to "C:\Users\ayee\Documents\MBR.dat"
    18:07:39.738 The log file has been saved successfully to "C:\Users\ayee\Documents\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Broni, the log from combofix:
    ComboFix 12-09-22.02 - ayee 09/22/2012 20:34:18.1.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1736 [GMT -7:00]
    Running from: c:\users\ayee\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\85028134
    c:\programdata\ERQE3II7.exe.b
    c:\users\ayee\Desktop\Internet Explorer.lnk
    c:\users\ayee\Documents\~WRL0001.tmp
    c:\users\ayee\g2mdlhlpx.exe
    c:\windows\$NtUninstallKB30596$
    c:\windows\$NtUninstallKB30596$\1066223625\@
    c:\windows\$NtUninstallKB30596$\1066223625\cfg.ini
    c:\windows\$NtUninstallKB30596$\1066223625\Desktop.ini
    c:\windows\$NtUninstallKB30596$\1066223625\L\xadqgnnk
    c:\windows\$NtUninstallKB30596$\1066223625\oemid
    c:\windows\$NtUninstallKB30596$\1066223625\U\00000001.@
    c:\windows\$NtUninstallKB30596$\1066223625\U\00000002.@
    c:\windows\$NtUninstallKB30596$\1066223625\U\00000004.@
    c:\windows\$NtUninstallKB30596$\1066223625\U\80000000.@
    c:\windows\$NtUninstallKB30596$\1066223625\U\80000004.@
    c:\windows\$NtUninstallKB30596$\1066223625\U\80000032.@
    c:\windows\$NtUninstallKB30596$\1066223625\version
    c:\windows\$NtUninstallKB30596$\2411358654
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-23 03:51 . 2012-09-23 03:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys
    2012-09-23 03:48 . 2012-09-23 03:52 -------- d-----w- c:\users\ayee\AppData\Local\temp
    2012-09-23 03:48 . 2012-09-23 03:48 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-09-23 03:48 . 2012-09-23 03:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-09-22 15:12 . 2012-09-22 15:12 -------- d-----w- C:\FRST
    2012-09-22 04:12 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{983C5926-9641-404A-B15F-506DF954D71A}\gapaengine.dll
    2012-09-22 04:11 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\mpengine.dll
    2012-09-22 03:44 . 2012-09-22 03:45 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-22 03:25 . 2012-09-22 03:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-22 03:15 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-09-21 03:34 . 2012-09-22 04:46 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PC Cleaners
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PCPro
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\programdata\PC1Data
    2012-09-15 23:40 . 2012-07-23 22:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-09-15 20:47 . 2012-09-15 20:47 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
    2012-09-15 20:47 . 2012-09-15 20:47 -------- d-----w- c:\programdata\IObit
    2012-09-15 20:47 . 2012-09-22 02:28 -------- d-----w- c:\users\ayee\AppData\Roaming\IObit
    2012-09-15 20:43 . 2012-09-15 20:43 -------- d-----w- c:\program files\IObit
    2012-09-15 20:05 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iPod
    2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iTunes
    2012-09-15 19:49 . 2012-09-22 02:34 -------- d-----w- c:\program files\QuickTime
    2012-09-15 16:31 . 2012-09-15 16:31 -------- d-----w- c:\users\ayee\AppData\Local\Opera
    2012-09-15 16:30 . 2012-09-15 16:31 -------- d-----w- c:\program files\Opera
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-12 04:58 . 2011-02-09 03:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-09-12 04:58 . 2011-02-09 03:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-09-12 04:58 . 2011-02-09 03:50 30624 ----a-w- c:\windows\system32\LMIport.dll
    2012-09-12 04:58 . 2011-02-09 03:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
    2012-09-08 00:04 . 2010-11-23 05:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:01 . 2010-11-24 03:49 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-02-28 . 384CEE4A16E93BBDB72B2F45295C8D78 . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21158_none_2e80a0ea1381c332\mshtml.dll
    [-] 2012-02-28 . A02495541347031DA24D19806B147B3F . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16968_none_2dec5c10fa6c0c17\mshtml.dll
    [-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll
    [-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17785_none_2fba1860f7a563e0\mshtml.dll
    [-] 2012-02-28 . 07B90528507189F3DD6AA132FDAA23BB . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21931_none_3075c586109e0fc0\mshtml.dll
    [7] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
    [7] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
    [7] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
    [7] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
    [7] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll
    [7] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll
    [7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll
    [7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll
    [7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll
    [7] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll
    [7] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll
    [7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll
    [7] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll
    [7] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll
    [7] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll
    [7] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll
    [7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll
    [7] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll
    [7] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll
    [7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll
    [7] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll
    [7] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll
    [7] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll
    [7] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll
    [7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
    [7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
    [7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll
    [7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll
    [7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
    [7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll
    [7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll
    [7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll
    [7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll
    [7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
    .
    [-] 2012-02-28 . 6D57EAE6BC922EC56DBD9EF4AD9986BD . 982016 . . [8.00.7600.21158] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21158_none_1d2681cb932b59fc\wininet.dll
    [-] 2012-02-28 . F09F1A921CB0F1B708D23CC58F8EB21E . 981504 . . [8.00.7600.16968] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16968_none_1c923cf27a15a2e1\wininet.dll
    [-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll
    [-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7601.17785] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll
    [-] 2012-02-28 . 6A5778483A8023B4DB9C5A509D382392 . 982016 . . [8.00.7601.21931] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll
    [7] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
    [7] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
    [7] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
    [7] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
    [7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
    [7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
    [7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
    [7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
    [7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
    [7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16869] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
    [7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.21033] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
    [7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
    [7] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
    [7] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
    [7] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
    [7] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
    [7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
    [7] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
    [7] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
    [7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
    [7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
    [7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
    [7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
    [7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
    [7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
    [7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
    [7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
    [7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
    [7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
    [7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
    [7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
    [7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
    [7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
    [7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "McAfeeUpdaterUI"="KEY" [X]
    "ShStatEXE"="E" [X]
    "LogMeIn GUI"="SYSTRAY.EXE" [2009-07-14 8192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-20 247968]
    .
    c:\users\ayee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 saeawbby;saeawbby;c:\windows\system32\drivers\saeawbby.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 MpKsl9cef16d6;MpKsl9cef16d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys [x]
    S1 MpKslaaa1e0af;MpKslaaa1e0af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKslaaa1e0af.sys [x]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
    S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
    S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL9CEF16D6
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    UxTuneUp
    Wmi
    WmdmPmSp
    SiRemFil
    Slntamr
    relational
    tsmservice
    ASUSVRC
    incdrec
    XUIF
    sbiesvc
    emu10k
    wintabservice
    C-Dilla
    slpmonx
    netrcacm
    pinnaclesys.mediaserver
    utilman
    pageserver
    pnrouter
    WISTechVIDCAP
    ipinip
    DC21x4
    USRpdA
    milshieldcleaner
    XBCD
    dlaboiom
    agnfilt
    lightscribeservice
    zebrmdmc
    TMKEmu
    nla
    nhcDriverDevice
    clr_optimization_v2.0.50215_32
    alertservice
    mssql$microsoftsmlbiz
    CAM1210
    DMUSBUSBDCam
    W700mdm
    tosrfec
    A88xXBar
    atimpab
    PD0620VID
    QV2KUX
    ms_mpu401
    edspport
    DCamUSBEMPIA
    nwcworkstation
    lxrsge10s
    cpqdmi
    adaptecstoragemanageragent
    toscosrv
    U81xmgmt
    winachsf
    HSXHWBS2
    IJPLMSVC
    NICSer_WPC54G
    bc_tdi_f
    abp480n5
    clnt_clientman
    maxbackserviceint
    sysaidagent
    GameConsoleService
    ICAM5USB
    SE27mdm
    avinitnt
    fgdxbus
    CYGF32X
    mssql$sony_mediamgr
    iaimtv2
    aeaudio
    wfxsvc
    Shockprf
    pxfhmdfl
    Wuser32
    sbcssvc
    SE2Cbus
    viagfx
    vcsw
    mpservice
    avc
    ossrv
    pae_1394
    idrivert
    nmservice
    trayman
    itmrtsvc
    hpqwmiex
    ipsecmon
    w810mdm
    pid_0928
    roxupnpserver
    se45mdfl
    tpkd
    sym_u3
    SE2Cmdfl
    GoToAssist
    PAR1284
    mctskshd.exe
    rt2500
    point32
    oracle_load_balancer_60_server-forms6ip14
    hotspotshieldservice
    asp.net_1.1.4322
    caboagp
    GVCplDrv
    NvNdis
    firesvc
    sqlagent$sony_mediamgr
    USB_NDIS_51
    PNDIS5
    hpqddsvc
    iwebcal
    oracleorahometnslistener
    pdlnemap
    genregistrar
    fasttx2k
    wanminiportservice
    savrtpel
    w810mdfl
    ctxcpusched
    AEAudioService
    driverhardwarev2
    s217unic
    Evian
    BCMModem
    WinDriver6
    asc3550
    w200mgmt
    PSDNServ
    rksample
    yukonwxp
    minilog
    belgium_id_card_service
    dirms_defragmentation
    zendcoreapache
    wdelmgr20
    rwbackupsrv
    TNaviSrv
    ami0nt
    NWSNS
    p1131vid
    vcommmgr
    e1000
    s3psddr
    nHancer
    SimpTcp
    aaksrv
    MRENDIS5
    p17xfilt
    OEM02Dev
    blueletaudio
    bb-run
    vpcnfltr
    samfilt
    suservice
    NETw5x32
    oraclemtsrecoveryservice
    w800obex
    logonsvcid
    pduip6000dmemcrdmgr
    vmsprog
    db2licd
    PQNTDrv
    BRGSp50
    itchfltr
    CoachVc
    tvtfilter
    risdptsk
    tosrfsnd
    SunkFilt
    DLARTL_M
    btwmodem
    ADIDTSFiltService
    pivot
    rkhdrv31
    deltafw
    TMMEmu
    NtMtlFax
    sysaudio
    UlSata
    JGOGO
    dbmanagerscheduler
    pdlndqll
    elbydelay
    wmccdsls
    apfiltrservice
    vnxservice
    cachemanxp
    zebrmdm
    CADlink
    SGIR
    MA8032C
    rbfilter
    pmem
    agpcpq
    yats32
    DcLps
    s7oppitx
    se2Dnd5
    SiS300i
    EKECioCtl
    admjoy
    CAMCAUD
    CTEDSPFX.DLL
    z800mdm
    SaiH040B
    DniVad
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    astcc
    AsusACPI
    atkdisplf
    ATNT40K
    basfipm
    bcserver
    btserial
    btwdndis
    caili
    cqcpu
    cqmgstor
    curtainssyssvc
    DELTA
    dmisrv
    F700isw
    fingrd32
    FireHook
    GcKernel
    genmcmn
    gtndis5
    hdthermal
    hnmsvc
    id2scaps
    iwebmsg
    lwwlicenseservice
    mcmispupdmgr
    mdvrmng
    nalntservice
    nod32krn
    NVNET
    NxSysMon
    olregcap
    PAC7302
    qcdonner
    roxwatch
    s7otranx
    se44unic
    sfilter
    Sk9920nt
    Sntnlusb
    spcsutilityservice
    SRTSPL
    swmidi
    symtdi
    tosrfbnp
    transcode360
    trioservice
    USBCCID
    usbmate
    vetmsgnt
    Via4in1
    zBackupAssistService
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-07 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 21:31]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    FF - ProfilePath - c:\users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - user.js: network.http.max-connections-per-server - 6
    FF - user.js: network.http.max-persistent-connections-per-server - 3
    FF - user.js: content.max.tokenizing.time - 1500000
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 100
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
    HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
    HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
    HKLM-Run-NeroCheck - EROCHECK.EXE
    HKLM-Run-AppleSyncNotifier - OTIFIER.EXE
    HKLM-Run-GrooveMonitor - ITOR.EXE
    HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
    HKLM-Run-APSDaemon - .EXE
    HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
    HKLM-Run-CSESRE - DOWS\TEMP\CSESRE.DLL
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\mysql]
    "ImagePath"="c:\appserv\MySQL\bin\mysqld --defaults-file=c:\appserv\MySQL\my.ini mysql"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\appserv\MySQL\bin\mysqld.exe
    c:\windows\System32\StkASv2K.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-22 21:01:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-23 04:01
    .
    Pre-Run: 148,992,745,472 bytes free
    Post-Run: 149,138,366,464 bytes free
    .
    - - End Of File - - 4092EE98D7962BCD6F2478AEDEAD616E
     
  18. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Uninstall Eusing Free Registry Cleaner and Advanced SystemCare.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =======================================

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\whqvndhd.sys
    c:\windows\system32\drivers\saeawbby.sys
    
    Driver::
    whqvndhd
    saeawbby
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Combofix log from script:
    ComboFix 12-09-22.02 - ayee 09/22/2012 21:42:29.2.2 - x86
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1663 [GMT -7:00]
    Running from: c:\users\ayee\Desktop\ComboFix.exe
    Command switches used :: c:\users\ayee\Documents\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\saeawbby.sys"
    "c:\windows\system32\drivers\whqvndhd.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\ayee\AppData\Local\Temp\{C4931174-AC67-41D3-A3A2-F324BC2627A1}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_saeawbby
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-09-23 04:50 . 2012-09-23 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-23 03:51 . 2012-09-23 03:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys
    2012-09-23 03:48 . 2012-09-23 04:55 -------- d-----w- c:\users\ayee\AppData\Local\temp
    2012-09-22 15:12 . 2012-09-22 15:12 -------- d-----w- C:\FRST
    2012-09-22 04:12 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{983C5926-9641-404A-B15F-506DF954D71A}\gapaengine.dll
    2012-09-22 04:11 . 2012-09-19 07:59 6980552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\mpengine.dll
    2012-09-22 03:44 . 2012-09-23 04:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-09-22 03:25 . 2012-09-22 03:27 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-22 03:15 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-09-21 03:34 . 2012-09-23 04:25 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PC Cleaners
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\users\ayee\AppData\Roaming\PCPro
    2012-09-21 03:01 . 2012-09-21 03:01 -------- d-----w- c:\programdata\PC1Data
    2012-09-15 23:40 . 2012-07-23 22:59 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-09-15 20:47 . 2012-09-15 20:47 43600 ----a-w- c:\windows\system32\drivers\whqvndhd.sys
    2012-09-15 20:47 . 2012-09-15 20:47 -------- d-----w- c:\programdata\IObit
    2012-09-15 20:47 . 2012-09-22 02:28 -------- d-----w- c:\users\ayee\AppData\Roaming\IObit
    2012-09-15 20:43 . 2012-09-15 20:43 -------- d-----w- c:\program files\IObit
    2012-09-15 20:05 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iPod
    2012-09-15 20:03 . 2012-09-22 03:25 -------- d-----w- c:\program files\iTunes
    2012-09-15 19:49 . 2012-09-22 02:34 -------- d-----w- c:\program files\QuickTime
    2012-09-15 16:31 . 2012-09-15 16:31 -------- d-----w- c:\users\ayee\AppData\Local\Opera
    2012-09-15 16:30 . 2012-09-15 16:31 -------- d-----w- c:\program files\Opera
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-12 04:58 . 2011-02-09 03:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-09-12 04:58 . 2011-02-09 03:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-09-12 04:58 . 2011-02-09 03:50 30624 ----a-w- c:\windows\system32\LMIport.dll
    2012-09-12 04:58 . 2011-02-09 03:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
    2012-09-08 00:04 . 2010-11-23 05:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:01 . 2010-11-24 03:49 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2012-02-28 . 384CEE4A16E93BBDB72B2F45295C8D78 . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21158_none_2e80a0ea1381c332\mshtml.dll
    [-] 2012-02-28 . A02495541347031DA24D19806B147B3F . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16968_none_2dec5c10fa6c0c17\mshtml.dll
    [-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll
    [-] 2012-02-28 . 624A8FC27001639D08F3558FBB607187 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17785_none_2fba1860f7a563e0\mshtml.dll
    [-] 2012-02-28 . 07B90528507189F3DD6AA132FDAA23BB . 5998592 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21931_none_3075c586109e0fc0\mshtml.dll
    [7] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
    [7] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
    [7] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
    [7] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
    [7] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll
    [7] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll
    [7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll
    [7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll
    [7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll
    [7] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll
    [7] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll
    [7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll
    [7] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll
    [7] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll
    [7] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll
    [7] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll
    [7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll
    [7] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll
    [7] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll
    [7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll
    [7] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll
    [7] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll
    [7] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll
    [7] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll
    [7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
    [7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
    [7] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll
    [7] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll
    [7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
    [7] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll
    [7] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll
    [7] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll
    [7] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll
    [7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
    .
    [-] 2012-02-28 . 6D57EAE6BC922EC56DBD9EF4AD9986BD . 982016 . . [8.00.7600.21158] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21158_none_1d2681cb932b59fc\wininet.dll
    [-] 2012-02-28 . F09F1A921CB0F1B708D23CC58F8EB21E . 981504 . . [8.00.7600.16968] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16968_none_1c923cf27a15a2e1\wininet.dll
    [-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll
    [-] 2012-02-28 . 7CCA8574A3B9BB41A4150739E21F1B23 . 981504 . . [8.00.7601.17785] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll
    [-] 2012-02-28 . 6A5778483A8023B4DB9C5A509D382392 . 982016 . . [8.00.7601.21931] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll
    [7] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
    [7] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
    [7] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
    [7] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
    [7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
    [7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
    [7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
    [7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
    [7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
    [7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16869] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
    [7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.21033] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
    [7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
    [7] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
    [7] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
    [7] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
    [7] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
    [7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
    [7] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
    [7] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
    [7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
    [7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
    [7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
    [7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
    [7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
    [7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
    [7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
    [7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
    [7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
    [7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
    [7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
    [7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
    [7] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
    [7] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
    [7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "McAfeeUpdaterUI"="KEY" [X]
    "ShStatEXE"="E" [X]
    "LogMeIn GUI"="SYSTRAY.EXE" [2009-07-14 8192]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-20 247968]
    .
    c:\users\ayee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKslaaa1e0af;MpKslaaa1e0af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKslaaa1e0af.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 MpKsl9cef16d6;MpKsl9cef16d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD5B4E2-E2D4-45D3-B7AA-EEF0D03ACACA}\MpKsl9cef16d6.sys [x]
    S2 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
    S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    UxTuneUp
    Wmi
    WmdmPmSp
    SiRemFil
    Slntamr
    relational
    tsmservice
    ASUSVRC
    incdrec
    XUIF
    sbiesvc
    emu10k
    wintabservice
    C-Dilla
    slpmonx
    netrcacm
    pinnaclesys.mediaserver
    utilman
    pageserver
    pnrouter
    WISTechVIDCAP
    ipinip
    DC21x4
    USRpdA
    milshieldcleaner
    XBCD
    dlaboiom
    agnfilt
    lightscribeservice
    zebrmdmc
    TMKEmu
    nla
    nhcDriverDevice
    clr_optimization_v2.0.50215_32
    alertservice
    mssql$microsoftsmlbiz
    CAM1210
    DMUSBUSBDCam
    W700mdm
    tosrfec
    A88xXBar
    atimpab
    PD0620VID
    QV2KUX
    ms_mpu401
    edspport
    DCamUSBEMPIA
    nwcworkstation
    lxrsge10s
    cpqdmi
    adaptecstoragemanageragent
    toscosrv
    U81xmgmt
    winachsf
    HSXHWBS2
    IJPLMSVC
    NICSer_WPC54G
    bc_tdi_f
    abp480n5
    clnt_clientman
    maxbackserviceint
    sysaidagent
    GameConsoleService
    ICAM5USB
    SE27mdm
    avinitnt
    fgdxbus
    CYGF32X
    mssql$sony_mediamgr
    iaimtv2
    aeaudio
    wfxsvc
    Shockprf
    pxfhmdfl
    Wuser32
    sbcssvc
    SE2Cbus
    viagfx
    vcsw
    mpservice
    avc
    ossrv
    pae_1394
    idrivert
    nmservice
    trayman
    itmrtsvc
    hpqwmiex
    ipsecmon
    w810mdm
    pid_0928
    roxupnpserver
    se45mdfl
    tpkd
    sym_u3
    SE2Cmdfl
    GoToAssist
    PAR1284
    mctskshd.exe
    rt2500
    point32
    oracle_load_balancer_60_server-forms6ip14
    hotspotshieldservice
    asp.net_1.1.4322
    caboagp
    GVCplDrv
    NvNdis
    firesvc
    sqlagent$sony_mediamgr
    USB_NDIS_51
    PNDIS5
    hpqddsvc
    iwebcal
    oracleorahometnslistener
    pdlnemap
    genregistrar
    fasttx2k
    wanminiportservice
    savrtpel
    w810mdfl
    ctxcpusched
    AEAudioService
    driverhardwarev2
    s217unic
    Evian
    BCMModem
    WinDriver6
    asc3550
    w200mgmt
    PSDNServ
    rksample
    yukonwxp
    minilog
    belgium_id_card_service
    dirms_defragmentation
    zendcoreapache
    wdelmgr20
    rwbackupsrv
    TNaviSrv
    ami0nt
    NWSNS
    p1131vid
    vcommmgr
    e1000
    s3psddr
    nHancer
    SimpTcp
    aaksrv
    MRENDIS5
    p17xfilt
    OEM02Dev
    blueletaudio
    bb-run
    vpcnfltr
    samfilt
    suservice
    NETw5x32
    oraclemtsrecoveryservice
    w800obex
    logonsvcid
    pduip6000dmemcrdmgr
    vmsprog
    db2licd
    PQNTDrv
    BRGSp50
    itchfltr
    CoachVc
    tvtfilter
    risdptsk
    tosrfsnd
    SunkFilt
    DLARTL_M
    btwmodem
    ADIDTSFiltService
    pivot
    rkhdrv31
    deltafw
    TMMEmu
    NtMtlFax
    sysaudio
    UlSata
    JGOGO
    dbmanagerscheduler
    pdlndqll
    elbydelay
    wmccdsls
    apfiltrservice
    vnxservice
    cachemanxp
    zebrmdm
    CADlink
    SGIR
    MA8032C
    rbfilter
    pmem
    agpcpq
    yats32
    DcLps
    s7oppitx
    se2Dnd5
    SiS300i
    EKECioCtl
    admjoy
    CAMCAUD
    CTEDSPFX.DLL
    z800mdm
    SaiH040B
    DniVad
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC
    AppMgmt
    astcc
    AsusACPI
    atkdisplf
    ATNT40K
    basfipm
    bcserver
    btserial
    btwdndis
    caili
    cqcpu
    cqmgstor
    curtainssyssvc
    DELTA
    dmisrv
    F700isw
    fingrd32
    FireHook
    GcKernel
    genmcmn
    gtndis5
    hdthermal
    hnmsvc
    id2scaps
    iwebmsg
    lwwlicenseservice
    mcmispupdmgr
    mdvrmng
    nalntservice
    nod32krn
    NVNET
    NxSysMon
    olregcap
    PAC7302
    qcdonner
    roxwatch
    s7otranx
    se44unic
    sfilter
    Sk9920nt
    Sntnlusb
    spcsutilityservice
    SRTSPL
    swmidi
    symtdi
    tosrfbnp
    transcode360
    trioservice
    USBCCID
    usbmate
    vetmsgnt
    Via4in1
    zBackupAssistService
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-07 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 21:31]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
    .
    2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-01 00:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    FF - ProfilePath - c:\users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb0cb392c-b40f-462c-9f51-49a12036613c%7D&mid=3a8a7f54affb47d09368d1532dc22a86-0744755435501efbe8fe3a4546562ccccc6508f4&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2012-03-29%2014%3A50%3A02&sap=ku&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - user.js: network.http.max-connections-per-server - 6
    FF - user.js: network.http.max-persistent-connections-per-server - 3
    FF - user.js: content.max.tokenizing.time - 1500000
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 100
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\mysql]
    "ImagePath"="c:\appserv\MySQL\bin\mysqld --defaults-file=c:\appserv\MySQL\my.ini mysql"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,26,e2,d1,86,69,2f,48,bf,55,f9,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\appserv\MySQL\bin\mysqld.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\windows\System32\StkASv2K.exe
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-22 22:02:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-23 05:02
    ComboFix2.txt 2012-09-23 04:01
    .
    Pre-Run: 149,387,669,504 bytes free
    Post-Run: 148,862,046,208 bytes free
    .
    - - End Of File - - 3B91C94B04E0D0BB6D3B3DBB9919E672
     
  20. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Looks good :)

    Any current issues?

    =========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. gordon low

    gordon low TS Member Topic Starter Posts: 17

    Hi broni, well,after couple of restarts this morning and clicking on windows update @ microsoft.com, it started updating!
    but my problem with itune.is still there, I uninstalled and reinstalled, my error 7 (windows error 5),now mutated into
    'the program can't start because avfoundationcf.dll is missing from your computer. try reinstalling the program to fix this problem.'. I searched on net and found that some claims that .net is hosed, I see that 3.x and 2.x are supposed to be built in, I have 4.0 installed, thinking I might try downloading it and trying to repair that. is there such a thing as permissions on the registries, that would prevent itunes from installing? or is there a repair for missing dll(s)?
     
  22. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    That may be a subject to a different forum.
    Here we have to finish cleaning process so go ahead with OTL.
     
  23. gordon low

    gordon low TS Member Topic Starter Posts: 17

    OTL logfile created on: 9/23/2012 11:44:06 AM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\ayee\Desktop
    Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.78% Memory free
    5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 137.14 Gb Free Space | 58.91% Space Free | Partition Type: NTFS

    Computer Name: AYEE-PC | User Name: ayee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/23 11:35:22 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
    PRC - [2012/09/14 19:07:19 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2012/09/11 21:58:20 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/03/22 22:17:53 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
    PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2008/09/29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    PRC - [2008/09/29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008/09/29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    PRC - [2008/09/29 09:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2008/09/29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    PRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2008/02/13 03:00:20 | 007,336,576 | ---- | M] () -- C:\AppServ\MySQL\bin\mysqld.exe
    PRC - [2008/01/17 10:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\AppServ\Apache2.2\bin\httpd.exe
    PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XTrapD12.dllzBackupAssistService\Parameters -- (zBackupAssistService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tdcmdpst.dllj.dll -- (Via4in1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (vetmsgnt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavagente.dll -- (usbmate)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Intels51.dll -- (USBCCID)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\toddsrv.dll -- (trioservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfbnp.dll -- (transcode360)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\askernel.dll -- (tosrfbnp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsge10s.dll -- (symtdi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (swmidi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\X10UIF.dll -- (suservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hSONYPVh.dll -- (SRTSPL)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aawservice.dll -- (spcsutilityservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msfs.dll -- (Sntnlusb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vproeventmonitor.dll -- (Slntamr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBEMPIA.dll--- | m] (microsoft corporation) -- (Sk9920nt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA_CMIDI.dll -- (SiRemFil)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\jobserver_report.dll -- (sfilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmiAcpi.dll -- (se44unic)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\IntelC53.dll -- (SaiH040B)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rt2870.dlls\s7otranx\Parameters -- (s7otranx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LUsbFilt.dll -- (roxwatch)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (relational)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Emdm.dll -- (qcdonner)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epfwndis.dll -- (PD0620VID)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sprtsvc_ddoctorv2.dll -- (PAC7302)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sonypvu1.dlll client\nissrv.e -- (olregcap)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dot4print.dll client\nissrv.ex -- (OEM02Dev)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\monfilt.dll -- (NxSysMon)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ptserial.dll -- (NVNET)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eloggersvc6.dlln -- (nod32krn)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scramby.dll -- (nalntservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhbus.dll -- (mdvrmng)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dllrameters -- (mcmispupdmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dimension4.dllwlicenseservice\parameters -- (maxbackserviceint)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tme3srv.dll\lwwlicenseservice\Parameters -- (lwwlicenseservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnatdl.dllice.exe -- (iwebmsg)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vetmsgnt.dll -- (id2scaps)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EL2000.dll -- (hnmsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rslinx.dll -- (hdthermal)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosrfcom.dll -- (gtndis5)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FA312.dll -- (genmcmn)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ilicensesvc.dll.0\wpf\presentationfontcache.exe -- (GcKernel)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dktknsrv.dll -- (FireHook)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elotouchscreen.dllsys,-100 -- (fingrd32)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AppnApi.dll -- (F700isw)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\c-dillasrv.dll -- (DniVad)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i8042prt.dll -- (dmisrv)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (DELTA)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemsg.dll55) -- (curtainssyssvc)
    SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\Windows\system32\svchost.exe -- (CTEDSPFX.DLL)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RAPIProtocol.dlll -- (cqmgstor)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\splitter.dllms.dll -- (cqcpu)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaudio.dll -- (caili)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafeventrouter.dll -- (btwdndis)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dllSB -- (btserial)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (bcserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (basfipm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sym_hi.dlle -- (ATNT40K)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cacheserver.dllileDeviceService.exe -- (atkdisplf)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eSettingsService.dll -- (AsusACPI)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iirsp.dll -- (astcc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (aeaudio)
    SRV - [2012/09/14 19:07:19 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2012/09/11 21:58:20 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/03/22 22:17:53 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
    SRV - [2010/11/22 23:47:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/11/22 22:40:46 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Unknown (2018998034) | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/09/29 09:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
    SRV - [2008/09/29 09:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
    SRV - [2008/09/29 09:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
    SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2008/02/13 03:00:20 | 007,336,576 | ---- | M] () [Auto | Running] -- C:\AppServ\MySQL\bin\mysqld.exe -- (mysql)
    SRV - [2008/01/17 10:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\AppServ\Apache2.2\bin\httpd.exe -- (Apache2.2)
    SRV - [2007/12/20 11:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ayee\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/23 11:29:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01902AB-BDF8-4DFB-8DE4-BCB8C0560DA6}\MpKsl7a6629b6.sys -- (MpKsl7a6629b6)
    DRV - [2012/09/23 09:20:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01902AB-BDF8-4DFB-8DE4-BCB8C0560DA6}\MpKsl3f4809a2.sys -- (MpKsl3f4809a2)
    DRV - [2012/09/11 21:58:28 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
    DRV - [2009/07/13 15:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2008/09/29 09:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/09/29 09:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008/09/29 09:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008/09/29 09:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2008/09/29 09:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/09/29 09:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2006/09/26 19:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
    DRV - [2006/08/01 22:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 32 42 51 7D 98 CD 01 [binary data]
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...ccccc6508f4&lang=en&ds=AVG&pr=fr&d=2012-05-09 07:05:04&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
    FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
    FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...lang=en&pr=fr&d=2012-03-29 14:50:02&sap=ku&q="


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/15 12:51:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/21 19:35:47 | 000,000,000 | ---D | M]

    [2010/12/31 17:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Extensions
    [2012/06/16 13:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\extensions
    [2009/07/13 16:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\ayee\AppData\Roaming\Mozilla\Firefox\Profiles\dpqx62sf.default\extensions\tnnreimtpx@tnnreimtpx.org.xpi
    [2012/05/11 21:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/02 16:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/26 10:29:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/09/13 17:50:45 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AVG Safe Search = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
    CHR - Extension: AVG Safe Search = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: AVG Do Not Track = C:\Users\ayee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

    O1 HOSTS File: ([2012/09/22 21:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Windows\System32\systray.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ShStatEXE] E File not found
    O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions (TM))
    O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [MobileDocuments] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
    O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45A86153-9909-4614-BE95-1CC5BD995AD2}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A443267E-3FD7-4789-8355-77987337FDE2}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/23 11:34:51 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
    [2012/09/23 10:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/23 10:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/23 10:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/23 10:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/09/23 10:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/09/23 07:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/22 21:54:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/22 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Local\temp
    [2012/09/22 20:15:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/22 20:15:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/22 20:15:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/22 20:15:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/22 20:08:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/22 20:04:07 | 004,754,913 | R--- | C] (Swearware) -- C:\Users\ayee\Desktop\ComboFix.exe
    [2012/09/22 16:37:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ayee\Desktop\aswMBR.exe
    [2012/09/22 16:33:31 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\RK_Quarantine
    [2012/09/22 08:12:31 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/22 06:50:16 | 000,904,282 | ---- | C] (Farbar) -- C:\Users\ayee\Documents\FRST.exe
    [2012/09/21 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
    [2012/09/21 20:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/09/20 20:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
    [2012/09/20 20:01:33 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\PC Cleaners
    [2012/09/20 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\PCPro
    [2012/09/20 20:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2012/09/19 19:36:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2012/09/18 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Iphone 3gs 5.1
    [2012/09/18 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Iphone 3gs 5.1.1
    [2012/09/15 16:40:15 | 000,022,400 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
    [2012/09/15 13:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/09/15 13:47:23 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\IObit
    [2012/09/15 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/09/15 12:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/09/15 12:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/09/15 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Roaming\Opera
    [2012/09/15 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\ayee\AppData\Local\Opera
    [2012/09/15 09:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2012/09/09 13:52:43 | 016,144,455 | ---- | C] (Rockers Team) -- C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe
    [2012/09/08 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\dell_vista_drivers
    [2012/09/02 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\ayee\Documents\Redsn0w0.9.14b2
    [2012/09/01 11:13:55 | 000,000,000 | R--D | C] -- C:\Users\ayee\Documents\Documents

    ========== Files - Modified Within 30 Days ==========

    [2012/09/23 11:36:16 | 000,016,448 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/23 11:36:16 | 000,016,448 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/23 11:35:22 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\ayee\Desktop\OTL.exe
    [2012/09/23 11:32:25 | 000,933,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/23 11:32:25 | 000,212,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/23 11:27:24 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/23 11:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/23 11:26:04 | 2408,398,848 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/23 10:20:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/23 10:14:03 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/23 09:19:48 | 000,408,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/22 22:05:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/22 21:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/22 20:05:18 | 004,754,913 | R--- | M] (Swearware) -- C:\Users\ayee\Desktop\ComboFix.exe
    [2012/09/22 18:34:21 | 000,046,454 | ---- | M] () -- C:\Users\ayee\Documents\news.zip
    [2012/09/22 18:07:39 | 000,000,512 | ---- | M] () -- C:\Users\ayee\Documents\MBR.dat
    [2012/09/22 16:39:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ayee\Desktop\aswMBR.exe
    [2012/09/22 16:31:20 | 001,388,032 | ---- | M] () -- C:\Users\ayee\Documents\RogueKiller.exe
    [2012/09/22 06:50:45 | 000,904,282 | ---- | M] (Farbar) -- C:\Users\ayee\Documents\FRST.exe
    [2012/09/22 06:23:29 | 000,190,479 | ---- | M] () -- C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip
    [2012/09/21 21:17:55 | 199,468,312 | ---- | M] () -- C:\Users\ayee\Documents\eusing_2012_09_21.reg
    [2012/09/15 22:19:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 12:50:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/09/15 09:30:58 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
    [2012/09/11 21:58:28 | 000,083,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
    [2012/09/11 21:58:23 | 000,030,624 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
    [2012/09/11 21:58:22 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
    [2012/09/11 21:42:32 | 198,359,374 | ---- | M] () -- C:\Users\ayee\Documents\BACKUP.REG
    [2012/09/09 13:52:55 | 016,144,455 | ---- | M] (Rockers Team) -- C:\Users\ayee\Documents\rt_7_lite_win7_Vista_x86.exe
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/01 14:00:07 | 000,120,044 | ---- | M] () -- C:\Users\ayee\Documents\blued-gui.rar

    ========== Files Created - No Company Name ==========

    [2012/09/23 10:14:03 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/23 10:11:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/09/22 22:05:30 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/09/22 20:15:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/22 20:15:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/22 20:15:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/22 20:15:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/22 20:15:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/22 18:07:39 | 000,000,512 | ---- | C] () -- C:\Users\ayee\Documents\MBR.dat
    [2012/09/22 16:30:57 | 001,388,032 | ---- | C] () -- C:\Users\ayee\Documents\RogueKiller.exe
    [2012/09/22 06:23:26 | 000,190,479 | ---- | C] () -- C:\Users\ayee\Documents\SirefefMissingServicesRegistryFix.zip
    [2012/09/21 21:16:20 | 199,468,312 | ---- | C] () -- C:\Users\ayee\Documents\eusing_2012_09_21.reg
    [2012/09/15 22:19:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 12:50:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/09/15 12:50:39 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/15 09:30:58 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
    [2012/09/11 21:42:02 | 198,359,374 | ---- | C] () -- C:\Users\ayee\Documents\BACKUP.REG
    [2012/09/01 14:00:07 | 000,120,044 | ---- | C] () -- C:\Users\ayee\Documents\blued-gui.rar
    [2012/05/12 08:35:36 | 000,000,600 | ---- | C] () -- C:\Users\ayee\AppData\Local\PUTTY.RND
    [2012/05/10 21:38:23 | 000,000,068 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2012/05/10 21:38:19 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2012/05/10 21:38:19 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
    [2012/05/10 21:38:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2012/05/10 21:38:19 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2012/04/29 09:56:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\-06QucbADZ6ZevM
    [2012/04/29 09:55:58 | 000,000,480 | ---- | C] () -- C:\ProgramData\06QucbADZ6ZevM
    [2012/02/18 20:55:19 | 000,000,001 | ---- | C] () -- C:\ProgramData\ERQE3II7.exe_.b
    [2012/02/18 07:57:25 | 000,187,432 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
    [2012/01/12 14:18:02 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011/12/31 07:42:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\lhah8C3.com_.b
    [2011/12/24 09:45:36 | 000,000,001 | ---- | C] () -- C:\Windows\System32\lhah8C3.com.b
    [2011/12/24 07:13:40 | 000,000,112 | ---- | C] () -- C:\ProgramData\CK8lbl0G1.dat
    [2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\Users\ayee\AppData\Local\p45gq71falo0e34xqp2sdbtn63027hndp
    [2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\ProgramData\p45gq71falo0e34xqp2sdbtn63027hndp
    [2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\Users\ayee\AppData\Local\4a24mk4f80s857
    [2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
    [2011/07/03 18:48:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/07/03 18:45:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/07/03 17:54:37 | 000,000,600 | ---- | C] () -- C:\Users\ayee\AppData\Roaming\winscp.rnd
    [2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/03/29 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\AVG2012
    [2012/03/25 10:49:47 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\DA0FCCD6
    [2012/04/07 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\DiskAid
    [2011/07/04 12:40:19 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\GetRightToGo
    [2012/09/21 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\IObit
    [2012/09/15 09:31:37 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\Opera
    [2012/09/20 20:01:33 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PC Cleaners
    [2012/05/11 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PCDr
    [2012/09/20 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\PCPro
    [2012/09/02 16:38:25 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\redsn0w
    [2011/07/04 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\ScanToPDF_4
    [2010/11/22 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\TuneUp Software
    [2012/09/23 07:53:53 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\uTorrent
    [2012/05/05 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\whqvndhd.sys:changelist

    < End of report >
     
  24. gordon low

    gordon low TS Member Topic Starter Posts: 17

    OTL Extras logfile created on: 9/23/2012 11:44:06 AM - Run 1
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\ayee\Desktop
    Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.78% Memory free
    5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.79 Gb Total Space | 137.14 Gb Free Space | 58.91% Space Free | Partition Type: NTFS

    Computer Name: AYEE-PC | User Name: ayee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{304E6D89-3444-4DD8-9500-B8CD48D48C71}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{59BF84BC-A272-4C79-A7CE-FBC6B0EAF447}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B51479D2-B9BB-44E6-8398-FE6D60DE4E14}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7569212-728A-4E95-8C1E-44DCD0647E3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{3072C0F5-09C1-4FDB-B380-C94A53A7B6BF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{E9A6F1D6-1D46-4F97-8DB1-338D17D0C03C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{CB7B4260-0E23-4444-8376-1D3E74F421D8}_is1" = ScanToPDF 4.1
    "{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AppServ" = AppServ 2.6.0 (remove only)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
    "Opera 12.02.1578" = Opera 12.02
    "Symtrax - Telnet" = Symtrax - Telnet
    "uTorrent" = µTorrent
    "VH Toolkit_is1" = VH Toolkit 1.0.46.0
    "VLC media player" = VideoLAN VLC media player 0.8.6c

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4045639339-2855752252-783212770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "bd4d3a0508d364f5" = Dell Driver Download Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/23/2012 12:16:42 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/23/2012 12:25:28 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 9/23/2012 12:25:28 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
    (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
    code.

    Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 9/23/2012 1:16:59 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service MSDTC Bridge
    4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
    the error code.

    Error - 9/23/2012 2:32:22 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 9/23/2012 2:32:22 PM | Computer Name = ayee-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 9/23/2012 2:42:45 PM | Computer Name = ayee-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: opera.exe, version: 12.2.1578.0, time stamp:
    0x503cc74d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process id:
    0x92c Faulting application start time: 0x01cd99b97562eb67 Faulting application path:
    C:\Program Files\Opera\opera.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 76973a69-05ae-11e2-b182-001a6b26c375

    [ OSession Events ]
    Error - 1/31/2011 3:09:06 PM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6311
    seconds with 2940 seconds of active time. This session ended with a crash.

    Error - 1/25/2012 11:44:55 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1501
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 12:56:58 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 12:58:38 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 44
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 1:04:10 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 1:07:17 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 176
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 1:09:18 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 3/2/2012 1:10:48 AM | Computer Name = ayee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The STV680m service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The CcmExec service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Digisptiservice service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Qcdonner service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The FreshIO service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Tvicport service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Sfcure01 service terminated with the following error: %%126

    Error - 9/23/2012 2:27:52 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Lktimesync service terminated with the following error: %%126

    Error - 9/23/2012 2:27:54 PM | Computer Name = ayee-PC | Source = Service Control Manager | ID = 7023
    Description = The Hpdj service terminated with the following error: %%126

    Error - 9/23/2012 2:29:39 PM | Computer Name = ayee-PC | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You're running two AV programs, McAfee and MSE.
    You must uninstall one of them.

    ===========================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O3 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found
      O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
      O4 - HKLM..\Run: [ShStatEXE] E File not found
      O4 - HKU\S-1-5-21-4045639339-2855752252-783212770-1000..\Run: [MobileDocuments] File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\Users\ayee\AppData\Local\p45gq71falo0e34xqp2sdbtn63027hndp
      [2011/12/20 18:44:03 | 000,011,300 | -HS- | C] () -- C:\ProgramData\p45gq71falo0e34xqp2sdbtn63027hndp
      [2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\Users\ayee\AppData\Local\4a24mk4f80s857
      [2011/12/20 16:52:24 | 000,011,484 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
      [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      [2012/03/29 14:51:26 | 000,000,000 | ---D | M] -- C:\Users\ayee\AppData\Roaming\AVG2012
      [2012/05/05 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012
      @Alternate Data Stream - 298 bytes -> C:\Windows\System32\drivers\whqvndhd.sys:changelist
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.