TechSpot

Google Redirect Virus RE: 5-step Removal Instructions

By mcfranco
Jul 14, 2012
  1. I'm following the instructions as per the 5-step virus/malware removal instructions in relation to the Google redirect virus that is currently plaguing my machine.

    Thanks for your time in assisting me with this.
     
  2. mcfranco

    mcfranco TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.12.05
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Francis :: FRANCIS-XPS [administrator]
    Protection: Enabled
    13/07/2012 7:49:32 AM
    mbam-log-2012-07-13 (07-49-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229268
    Time elapsed: 10 minute(s), 2 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\Francis\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
    C:\Users\UpdatusUser\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
    C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
    (end)
     
  3. mcfranco

    mcfranco TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-14 13:42:47
    Windows 6.1.7601 Service Pack 1
    Running: sjsqhg2i.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370afef0
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370afef0@a07591674544 0xB9 0x6F 0xC3 0xEA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370afef0@147411aee680 0xC2 0x64 0xC7 0x54 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370afef0@1474117038fd 0x4F 0xD9 0xC8 0x0B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370afef0@1474110a7ad8 0xBA 0xE5 0xDF 0x6A ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370afef0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370afef0@a07591674544 0xB9 0x6F 0xC3 0xEA ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370afef0@147411aee680 0xC2 0x64 0xC7 0x54 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370afef0@1474117038fd 0x4F 0xD9 0xC8 0x0B ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370afef0@1474110a7ad8 0xBA 0xE5 0xDF 0x6A ...
    ---- EOF - GMER 1.0.15 ----
     
  4. mcfranco

    mcfranco TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Francis at 13:48:01 on 2012-07-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8106.5559 [GMT 10:00]
    .
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
    uInternet Settings,ProxyServer = www.usyd.edu.au:80
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [FAStartup]
    mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\Francis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe
    StartupFolder: C:\Users\Francis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{0F3E7463-37B4-498F-A56B-BF852BD99133} : DhcpNameServer = 13.36.0.1 13.36.0.2
    TCP: Interfaces\{1A349334-12B6-41DA-AFC3-DAB047D5C4E5} : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{1A349334-12B6-41DA-AFC3-DAB047D5C4E5}\24967605F6E64653831333 : DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{1A349334-12B6-41DA-AFC3-DAB047D5C4E5}\4656661657C647 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{1A349334-12B6-41DA-AFC3-DAB047D5C4E5}\57E6966756273716C6E6564777F627B6 : DhcpNameServer = 202.96.209.5
    TCP: Interfaces\{1A349334-12B6-41DA-AFC3-DAB047D5C4E5}\74271636560284F64756C60294E6475627E65647 : DhcpNameServer = 139.130.4.4 203.50.2.71
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    LSA: Notification Packages = scecli FAPassSync
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    BHO-X64: Trend Micro NSC BHO - No File
    BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    BHO-X64: Trend Micro Toolbar BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    BHO-X64: TmBpIeBHO - No File
    BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO-X64: SSOIEAddonBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [FAStartup]
    mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-8 275912]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
    R2 Foxtel;Foxtel Download Manager;C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [2009-9-24 70144]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-11 1997416]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-11 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-11 2656280]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-10 493248]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/03/10 13:23:17;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-30 236016]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
    S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-18 340240]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-3-11 79360]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 symantecantibotwatcher;L8042mou;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-12 22:58:26 21520 ----a-w- C:\Windows\DCEBoot64.exe
    2012-07-12 22:15:21 134672 ----a-w- C:\Windows\RegBootClean64.exe
    2012-07-12 21:17:36 -------- d-----w- C:\Users\Francis\AppData\Local\ElevatedDiagnostics
    2012-07-12 10:33:49 -------- d-----w- C:\Users\Francis\AppData\Roaming\Malwarebytes
    2012-07-12 10:33:33 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-12 10:33:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-12 10:33:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-12 10:08:12 -------- d-----w- C:\Users\Francis\AppData\Local\Apps
    2012-07-12 10:08:11 -------- d-----w- C:\Users\Francis\AppData\Local\Deployment
    2012-07-11 22:39:25 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-07-11 22:35:37 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
    2012-07-11 17:09:40 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 10:59:20 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-11 06:16:46 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-07-11 06:16:46 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-07-11 06:16:46 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-07-11 06:16:45 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-07-11 06:16:45 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
    2012-07-11 06:16:45 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-07-11 06:16:45 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-07-11 06:16:45 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-07-11 06:16:44 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
    2012-07-11 06:16:44 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-07-11 06:16:44 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-07-11 06:16:44 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
    2012-07-11 06:16:44 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-29 22:03:55 -------- d-----w- C:\Program Files (x86)\directx
    2012-06-29 22:03:36 -------- d-----w- C:\Program Files (x86)\Rockstar Games
    2012-06-21 08:41:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-21 08:41:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-21 08:41:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-21 08:41:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-06-07 21:55:49 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
    2012-06-07 21:44:56 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
    2012-06-07 21:44:56 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
    2012-06-07 21:44:55 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
    2012-06-07 21:44:55 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 13:48:49.22 ===============
     
  5. mcfranco

    mcfranco TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 28/03/2011 8:28:27 PM
    System Uptime: 14/07/2012 12:35:30 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 880/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 684 GiB total, 556.098 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&1474117038FD_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&1474117038FD_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&1474110A7AD8_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&1474110A7AD8_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&1474117038FD_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&1474117038FD_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&CD9ECF4&0&147411AEE680_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&1474110A7AD8_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&CD9ECF4&0&1474110A7AD8_C00000000
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    Class GUID:
    Description:
    Device ID: ACPI\SMO8800\1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\SMO8800\1
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP160: 12/07/2012 3:00:21 AM - Windows Update
    RP161: 12/07/2012 8:34:34 AM - Removed Sound Blaster X-Fi MB
    RP162: 12/07/2012 8:36:03 AM - Removed Host OpenAL
    RP163: 12/07/2012 8:37:19 AM - Removed Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    RP164: 12/07/2012 8:37:43 AM - Removed Apple Software Update
    RP165: 12/07/2012 8:40:09 AM - Removed Java(TM) 6 Update 22 (64-bit)
    RP166: 12/07/2012 8:41:10 AM - Removed Java(TM) 6 Update 22
    RP167: 12/07/2012 8:42:01 AM - Removed QuickTime
    RP168: 12/07/2012 8:43:07 AM - Removed WinZip 15.5
    RP169: 12/07/2012 8:44:11 AM - Removed Apple Application Support
    RP170: 12/07/2012 8:45:18 AM - Removed VMD 1.9
    RP171: 12/07/2012 8:46:47 AM - Removed Google Earth Plug-in.
    RP172: 12/07/2012 8:47:36 AM - Removed Google Talk Plugin
    RP173: 12/07/2012 8:48:19 AM - Removed Skype™ 5.5
    RP174: 12/07/2012 8:49:13 AM - Removed Skype Click to Call
    RP175: 12/07/2012 8:50:46 AM - Removed eBay
    RP176: 12/07/2012 9:02:57 AM - Removed Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    RP177: 12/07/2012 9:06:07 AM - Removed Microsoft Silverlight
    RP178: 12/07/2012 6:41:48 PM - Removed AccelerometerP11
    RP179: 12/07/2012 7:19:01 PM - Removed Microsoft Silverlight
    RP180: 12/07/2012 7:34:36 PM - Windows Modules Installer
    RP181: 12/07/2012 7:48:04 PM - Windows Modules Installer
    RP182: 12/07/2012 7:59:30 PM - Windows Modules Installer
    RP183: 13/07/2012 8:06:54 AM - Removed GTA2
    RP184: 13/07/2012 8:26:57 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    RP185: 13/07/2012 8:28:33 AM - Removed Google SketchUp 8
    RP186: 13/07/2012 8:32:26 AM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    RP187: 13/07/2012 8:33:35 AM - Removed Microsoft Visual C++ 2005 Redistributable
    RP188: 13/07/2012 8:34:45 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64)
    RP189: 13/07/2012 8:48:06 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1) MUI
    Adobe Shockwave Player 11.6
    Advanced Audio FX Engine
    Bentley MicroStation V8i 08.11.05.17
    BitTorrent
    Cisco AnyConnect VPN Client
    CyberLink PowerDVD 9.6
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Product Registration
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    DeployCAD for Railcorp
    DirectX 9 Runtime
    Foxtel Download Manager 4.1.500.11
    FOXTEL Download Player
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Wireless Display
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Stereoscopic 3D Driver
    PDFCreator
    PhotoShowExpress
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2345000)
    Sonic CinePlayer Decoder Pack
    swMSM
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VirtualDJ Home FREE
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/07/2012 8:22:33 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Francis-XPS\Francis SID (S-1-5-21-3523854785-2371082121-2719146917-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/07/2012 8:22:33 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Francis-XPS\Francis SID (S-1-5-21-3523854785-2371082121-2719146917-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/07/2012 3:04:09 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    8/07/2012 11:12:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    14/07/2012 12:37:00 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    14/07/2012 12:36:06 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    14/07/2012 12:36:06 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    14/07/2012 12:32:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    14/07/2012 12:30:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    13/07/2012 9:17:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    13/07/2012 8:55:17 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
    13/07/2012 8:48:39 AM, Error: Service Control Manager [7023] - The Downloadmanagerlite service terminated with the following error: The specified module could not be found.
    13/07/2012 8:47:31 AM, Error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: The specified module could not be found.
    13/07/2012 8:46:31 AM, Error: Service Control Manager [7023] - The RMSvc service terminated with the following error: The specified module could not be found.
    13/07/2012 8:45:31 AM, Error: Service Control Manager [7023] - The S125obex service terminated with the following error: The specified module could not be found.
    13/07/2012 8:44:31 AM, Error: Service Control Manager [7023] - The Mafwboot service terminated with the following error: The specified module could not be found.
    13/07/2012 8:43:31 AM, Error: Service Control Manager [7023] - The S217nd5 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:42:31 AM, Error: Service Control Manager [7023] - The Vaiomediaplatform-mobile-gateway service terminated with the following error: The specified module could not be found.
    13/07/2012 8:41:31 AM, Error: Service Control Manager [7023] - The WacomVKHid service terminated with the following error: The specified module could not be found.
    13/07/2012 8:40:31 AM, Error: Service Control Manager [7023] - The Elbydelay service terminated with the following error: The specified module could not be found.
    13/07/2012 8:39:31 AM, Error: Service Control Manager [7023] - The Cam5607 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:38:31 AM, Error: Service Control Manager [7023] - The Wlankeeper service terminated with the following error: The specified module could not be found.
    13/07/2012 8:37:34 AM, Error: Service Control Manager [7023] - The ASDR service terminated with the following error: The specified module could not be found.
    13/07/2012 8:36:30 AM, Error: Service Control Manager [7023] - The Trackcam4 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:35:35 AM, Error: Service Control Manager [7023] - The Nabtsfec service terminated with the following error: The specified module could not be found.
    13/07/2012 8:34:39 AM, Error: Service Control Manager [7023] - The Atiavaiw service terminated with the following error: The specified module could not be found.
    13/07/2012 8:33:32 AM, Error: Service Control Manager [7023] - The Oracle%oracle_home_service%clientcache80 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:32:31 AM, Error: Service Control Manager [7023] - The SQLAgent$MICROSOFTBCM service terminated with the following error: The specified module could not be found.
    13/07/2012 8:31:31 AM, Error: Service Control Manager [7023] - The Thpsrv service terminated with the following error: The specified module could not be found.
    13/07/2012 8:30:31 AM, Error: Service Control Manager [7023] - The Retrowdsvc service terminated with the following error: The specified module could not be found.
    13/07/2012 8:29:41 AM, Error: Service Control Manager [7023] - The Aswlsvc service terminated with the following error: The specified module could not be found.
    13/07/2012 8:28:31 AM, Error: Service Control Manager [7023] - The IWCA service terminated with the following error: The specified module could not be found.
    13/07/2012 8:27:36 AM, Error: Service Control Manager [7023] - The USBCCID service terminated with the following error: The specified module could not be found.
    13/07/2012 8:26:31 AM, Error: Service Control Manager [7023] - The Mssqlserveradhelper service terminated with the following error: The specified module could not be found.
    13/07/2012 8:25:32 AM, Error: Service Control Manager [7023] - The DLARTL_M service terminated with the following error: The specified module could not be found.
    13/07/2012 8:24:31 AM, Error: Service Control Manager [7023] - The Epson_pm_rpcv2_01 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:23:31 AM, Error: Service Control Manager [7023] - The Vpctcom service terminated with the following error: The specified module could not be found.
    13/07/2012 8:22:31 AM, Error: Service Control Manager [7023] - The Imagedrv service terminated with the following error: The specified module could not be found.
    13/07/2012 8:21:31 AM, Error: Service Control Manager [7023] - The Thinkpadmodemservice service terminated with the following error: The specified module could not be found.
    13/07/2012 8:20:31 AM, Error: Service Control Manager [7023] - The Srservice service terminated with the following error: The specified module could not be found.
    13/07/2012 8:19:31 AM, Error: Service Control Manager [7023] - The Dlaudfam service terminated with the following error: The specified module could not be found.
    13/07/2012 8:18:31 AM, Error: Service Control Manager [7023] - The RIOXDRV service terminated with the following error: The specified module could not be found.
    13/07/2012 8:17:31 AM, Error: Service Control Manager [7023] - The S616nd5 service terminated with the following error: The specified module could not be found.
    13/07/2012 8:16:31 AM, Error: Service Control Manager [7023] - The Ixiaendpoint service terminated with the following error: The specified module could not be found.
    13/07/2012 8:15:31 AM, Error: Service Control Manager [7023] - The SiS300i service terminated with the following error: The specified module could not be found.
    13/07/2012 8:14:31 AM, Error: Service Control Manager [7023] - The Mssql$sqlexpress service terminated with the following error: The specified module could not be found.
    13/07/2012 8:13:31 AM, Error: Service Control Manager [7023] - The Bridgemp service terminated with the following error: The specified module could not be found.
    13/07/2012 8:12:37 AM, Error: Service Control Manager [7023] - The AdfuUd service terminated with the following error: The specified module could not be found.
    13/07/2012 8:11:32 AM, Error: Service Control Manager [7023] - The Datunidr service terminated with the following error: The specified module could not be found.
    13/07/2012 8:10:33 AM, Error: Service Control Manager [7023] - The Lxbt_device service terminated with the following error: The specified module could not be found.
    13/07/2012 8:09:33 AM, Error: Service Control Manager [7023] - The Snmptrapdservice service terminated with the following error: The specified module could not be found.
    13/07/2012 8:08:38 AM, Error: Service Control Manager [7023] - The SrvcEKIOMngr service terminated with the following error: The specified module could not be found.
    13/07/2012 8:07:33 AM, Error: Service Control Manager [7023] - The Tones service terminated with the following error: The specified module could not be found.
    13/07/2012 8:06:33 AM, Error: Service Control Manager [7023] - The IOSLINK service terminated with the following error: The specified module could not be found.
    13/07/2012 8:06:01 AM, Error: Service Control Manager [7023] - The Epgspooler service terminated with the following error: The specified module could not be found.
    13/07/2012 7:51:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
    13/07/2012 7:51:49 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    13/07/2012 7:51:49 AM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    13/07/2012 7:51:49 AM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/07/2012 7:36:45 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    13/07/2012 7:22:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:16:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    13/07/2012 7:16:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    13/07/2012 7:16:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    13/07/2012 7:16:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    13/07/2012 7:16:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    13/07/2012 7:15:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmactmon tmcomm tmevtmgr tmtdi vwififlt Wanarpv6 WfpLwf
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:15:48 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    13/07/2012 7:15:47 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2012 7:15:47 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2012 7:15:47 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    13/07/2012 7:15:47 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/07/2012 8:42:50 PM, Error: Service Control Manager [7023] - The Awlegacy service terminated with the following error: The specified module could not be found.
    12/07/2012 8:41:50 PM, Error: Service Control Manager [7023] - The Digirefresh service terminated with the following error: The specified module could not be found.
    12/07/2012 8:40:50 PM, Error: Service Control Manager [7023] - The DcLps service terminated with the following error: The specified module could not be found.
    12/07/2012 8:39:50 PM, Error: Service Control Manager [7023] - The Autostore service terminated with the following error: The specified module could not be found.
    12/07/2012 8:38:50 PM, Error: Service Control Manager [7023] - The Ndasbus service terminated with the following error: The specified module could not be found.
    12/07/2012 8:37:50 PM, Error: Service Control Manager [7023] - The Cwbrxd service terminated with the following error: The specified module could not be found.
    12/07/2012 8:36:49 PM, Error: Service Control Manager [7023] - The W700mdm service terminated with the following error: Access is denied.
    12/07/2012 8:35:50 PM, Error: Service Control Manager [7023] - The Vc8secs service terminated with the following error: Access is denied.
    12/07/2012 8:34:51 PM, Error: Service Control Manager [7023] - The Co_mon service terminated with the following error: Access is denied.
    12/07/2012 8:33:49 PM, Error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: Access is denied.
    12/07/2012 8:32:49 PM, Error: Service Control Manager [7023] - The Usbsermptxp service terminated with the following error: Access is denied.
    12/07/2012 8:31:49 PM, Error: Service Control Manager [7023] - The Winss service terminated with the following error: Access is denied.
    12/07/2012 8:30:49 PM, Error: Service Control Manager [7023] - The Symndis service terminated with the following error: Access is denied.
    12/07/2012 8:29:49 PM, Error: Service Control Manager [7023] - The S616bus service terminated with the following error: Access is denied.
    12/07/2012 8:28:48 PM, Error: Service Control Manager [7023] - The Bdss service terminated with the following error: Access is denied.
    12/07/2012 8:27:48 PM, Error: Service Control Manager [7023] - The Dktknsrv service terminated with the following error: Access is denied.
    12/07/2012 8:26:49 PM, Error: Service Control Manager [7023] - The Nicconfigsvc service terminated with the following error: Access is denied.
    12/07/2012 8:25:49 PM, Error: Service Control Manager [7023] - The StkAMini service terminated with the following error: Access is denied.
    12/07/2012 8:24:48 PM, Error: Service Control Manager [7023] - The Gusvc service terminated with the following error: Access is denied.
    12/07/2012 8:23:48 PM, Error: Service Control Manager [7023] - The Pchost service terminated with the following error: Access is denied.
    12/07/2012 8:22:48 PM, Error: Service Control Manager [7023] - The S217mdfl service terminated with the following error: Access is denied.
    12/07/2012 8:21:49 PM, Error: Service Control Manager [7023] - The Dcpflics service terminated with the following error: Access is denied.
    12/07/2012 8:20:49 PM, Error: Service Control Manager [7023] - The Olregcap service terminated with the following error: Access is denied.
    12/07/2012 8:19:49 PM, Error: Service Control Manager [7023] - The Swmsflt service terminated with the following error: Access is denied.
    12/07/2012 8:18:48 PM, Error: Service Control Manager [7023] - The Mwagent service terminated with the following error: Access is denied.
    12/07/2012 8:17:48 PM, Error: Service Control Manager [7023] - The SaiH040B service terminated with the following error: Access is denied.
    12/07/2012 8:16:38 PM, Error: Service Control Manager [7023] - The Firelm01 service terminated with the following error: Access is denied.
    12/07/2012 8:15:38 PM, Error: Service Control Manager [7023] - The SetupSys service terminated with the following error: Access is denied.
    12/07/2012 8:14:43 PM, Error: Service Control Manager [7023] - The Avipbb service terminated with the following error: Access is denied.
    12/07/2012 8:13:38 PM, Error: Service Control Manager [7023] - The Roammgr service terminated with the following error: Access is denied.
    12/07/2012 8:12:38 PM, Error: Service Control Manager [7023] - The Atinevxx service terminated with the following error: Access is denied.
    12/07/2012 8:11:39 PM, Error: Service Control Manager [7023] - The Servidor service terminated with the following error: Access is denied.
    12/07/2012 8:10:39 PM, Error: Service Control Manager [7023] - The Tdrpman service terminated with the following error: Access is denied.
    12/07/2012 8:09:39 PM, Error: Service Control Manager [7023] - The DLH5X service terminated with the following error: Access is denied.
    12/07/2012 7:38:23 PM, Error: Service Control Manager [7023] - The Mpfirewl service terminated with the following error: Access is denied.
    12/07/2012 7:37:21 PM, Error: Service Control Manager [7023] - The TBPanel service terminated with the following error: Access is denied.
    12/07/2012 7:36:23 PM, Error: Service Control Manager [7023] - The Perc2hib service terminated with the following error: Access is denied.
    12/07/2012 7:35:23 PM, Error: Service Control Manager [7023] - The Fasttrackinstallerservice service terminated with the following error: Access is denied.
    12/07/2012 7:34:21 PM, Error: Service Control Manager [7023] - The AEADIFilters service terminated with the following error: Access is denied.
    12/07/2012 7:33:22 PM, Error: Service Control Manager [7023] - The Rpcsvr4x service terminated with the following error: Access is denied.
    12/07/2012 7:32:21 PM, Error: Service Control Manager [7023] - The Iaimtv3 service terminated with the following error: Access is denied.
    12/07/2012 7:31:21 PM, Error: Service Control Manager [7023] - The DcPTP service terminated with the following error: Access is denied.
    12/07/2012 7:30:21 PM, Error: Service Control Manager [7023] - The De_serv service terminated with the following error: Access is denied.
    12/07/2012 7:29:21 PM, Error: Service Control Manager [7023] - The Clcapsvc service terminated with the following error: Access is denied.
    12/07/2012 7:28:21 PM, Error: Service Control Manager [7023] - The Dlbx_device service terminated with the following error: Access is denied.
    12/07/2012 7:27:21 PM, Error: Service Control Manager [7023] - The Rtl8187Se service terminated with the following error: Access is denied.
    12/07/2012 7:26:21 PM, Error: Service Control Manager [7023] - The Btwusb service terminated with the following error: Access is denied.
    12/07/2012 7:25:21 PM, Error: Service Control Manager [7023] - The Scan service terminated with the following error: Access is denied.
    12/07/2012 7:24:21 PM, Error: Service Control Manager [7023] - The Afs2k service terminated with the following error: Access is denied.
    12/07/2012 7:23:21 PM, Error: Service Control Manager [7023] - The Asctrm service terminated with the following error: Access is denied.
    12/07/2012 7:22:21 PM, Error: Service Control Manager [7023] - The Bc_tdi_f service terminated with the following error: Access is denied.
    12/07/2012 7:21:21 PM, Error: Service Control Manager [7023] - The Smbios service terminated with the following error: Access is denied.
    12/07/2012 7:20:21 PM, Error: Service Control Manager [7023] - The VC4CB104 service terminated with the following error: Access is denied.
    12/07/2012 7:19:23 PM, Error: Service Control Manager [7023] - The VC6SecS service terminated with the following error: Access is denied.
    12/07/2012 7:18:21 PM, Error: Service Control Manager [7023] - The Atmarpc service terminated with the following error: Access is denied.
    12/07/2012 7:17:21 PM, Error: Service Control Manager [7023] - The MA8032U service terminated with the following error: Access is denied.
    12/07/2012 7:16:21 PM, Error: Service Control Manager [7023] - The IPassP service terminated with the following error: Access is denied.
    12/07/2012 7:15:21 PM, Error: Service Control Manager [7023] - The StickyMesger service terminated with the following error: Access is denied.
    12/07/2012 7:14:21 PM, Error: Service Control Manager [7023] - The TCtrlIO service terminated with the following error: Access is denied.
    12/07/2012 7:13:22 PM, Error: Service Control Manager [7023] - The Rt73 service terminated with the following error: Access is denied.
    12/07/2012 7:12:22 PM, Error: Service Control Manager [7023] - The Toshidpt service terminated with the following error: Access is denied.
    12/07/2012 7:11:21 PM, Error: Service Control Manager [7023] - The Cpuz132 service terminated with the following error: Access is denied.
    12/07/2012 7:10:21 PM, Error: Service Control Manager [7023] - The Xpadminserver service terminated with the following error: Access is denied.
    12/07/2012 7:09:22 PM, Error: Service Control Manager [7023] - The VX3000 service terminated with the following error: Access is denied.
    12/07/2012 7:08:21 PM, Error: Service Control Manager [7023] - The Tvald service terminated with the following error: Access is denied.
    12/07/2012 7:07:21 PM, Error: Service Control Manager [7023] - The Tsddd service terminated with the following error: Access is denied.
    12/07/2012 7:06:21 PM, Error: Service Control Manager [7023] - The Se2Cunic service terminated with the following error: Access is denied.
    12/07/2012 7:05:21 PM, Error: Service Control Manager [7023] - The Dmload service terminated with the following error: Access is denied.
    12/07/2012 7:04:21 PM, Error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: Access is denied.
    12/07/2012 7:03:21 PM, Error: Service Control Manager [7023] - The Usbatapi2000 service terminated with the following error: Access is denied.
    12/07/2012 7:02:21 PM, Error: Service Control Manager [7023] - The Ql12160 service terminated with the following error: Access is denied.
    12/07/2012 7:01:21 PM, Error: Service Control Manager [7023] - The P3 service terminated with the following error: Access is denied.
    12/07/2012 7:00:21 PM, Error: Service Control Manager [7023] - The Sprtsvc_dellsupportcenter service terminated with the following error: Access is denied.
    12/07/2012 6:59:21 PM, Error: Service Control Manager [7023] - The SE2Bobex service terminated with the following error: Access is denied.
    12/07/2012 6:58:21 PM, Error: Service Control Manager [7023] - The Trcboot service terminated with the following error: Access is denied.
    12/07/2012 6:57:21 PM, Error: Service Control Manager [7023] - The Fsks service terminated with the following error: Access is denied.
    12/07/2012 6:56:21 PM, Error: Service Control Manager [7023] - The Pclepci service terminated with the following error: Access is denied.
    12/07/2012 6:55:21 PM, Error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: Access is denied.
    12/07/2012 6:54:21 PM, Error: Service Control Manager [7023] - The Proxyserverservice service terminated with the following error: Access is denied.
    12/07/2012 6:53:21 PM, Error: Service Control Manager [7023] - The Prtg4service service terminated with the following error: Access is denied.
    12/07/2012 6:52:22 PM, Error: Service Control Manager [7023] - The Nimcrpcsu service terminated with the following error: Access is denied.
    12/07/2012 6:51:21 PM, Error: Service Control Manager [7023] - The Mstdc service terminated with the following error: Access is denied.
    12/07/2012 6:50:21 PM, Error: Service Control Manager [7023] - The Remotelyanywhere service terminated with the following error: Access is denied.
    12/07/2012 6:49:21 PM, Error: Service Control Manager [7023] - The Pcdrndisuio service terminated with the following error: Access is denied.
    12/07/2012 6:48:20 PM, Error: Service Control Manager [7023] - The L8042mou service terminated with the following error: Access is denied.
    12/07/2012 6:47:22 PM, Error: Service Control Manager [7023] - The Elbycdio service terminated with the following error: Access is denied.
    12/07/2012 6:46:21 PM, Error: Service Control Manager [7023] - The Nla service terminated with the following error: Access is denied.
    12/07/2012 6:45:21 PM, Error: Service Control Manager [7023] - The Regmanserv service terminated with the following error: Access is denied.
    12/07/2012 6:44:22 PM, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: Access is denied.
    12/07/2012 6:43:27 PM, Error: Service Control Manager [7023] - The Adiusbaw service terminated with the following error: Access is denied.
    12/07/2012 6:42:25 PM, Error: Service Control Manager [7023] - The P1131vid service terminated with the following error: Access is denied.
    12/07/2012 6:41:22 PM, Error: Service Control Manager [7023] - The Nuvaud2 service terminated with the following error: Access is denied.
    12/07/2012 6:40:22 PM, Error: Service Control Manager [7023] - The Icm10blk service terminated with the following error: Access is denied.
    12/07/2012 6:39:23 PM, Error: Service Control Manager [7023] - The Wstcodec service terminated with the following error: Access is denied.
    12/07/2012 6:27:52 PM, Error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
    12/07/2012 6:26:52 PM, Error: Service Control Manager [7023] - The Starwindserviceae service terminated with the following error: Access is denied.
    12/07/2012 6:25:51 PM, Error: Service Control Manager [7023] - The 61883 service terminated with the following error: Access is denied.
    12/07/2012 6:24:52 PM, Error: Service Control Manager [7023] - The Vsdatant service terminated with the following error: Access is denied.
    11/07/2012 3:59:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1A349334-12B6-41DA-AFC3-DAB047D5C4E5} because another computer on the network has the same name. The server could not start.
    11/07/2012 3:59:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    10/07/2012 7:20:25 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Francis-XPS\Francis SID (S-1-5-21-3523854785-2371082121-2719146917-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...