Inactive Restarting problems, Vista x64

F

FlameMLK

Posts: 17   +0
Hi, every time I log on to my computer in normal mode, the computer almost immediately restarts. I am only able to run safe mode and safe mode with networking. I believe the issue is malware but I am not sure. I am currently scanning with Malwarebytes. Avast did not come up with anything when I scanned with it.

Also in the event viewer I noticed these issues:

The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
spldr

(Event ID: 7026)

and

reason codes of 0x500ff and 0x0 for the restarts. I have no idea what any of this means or what to do. I am trying to get my computer working again by tomorrow night, so I would really appreciate it if someone could help me. Thanks!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi, thanks for your reply!



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.07

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Mahir :: MAHIR-PC [administrator]

Protection: Disabled

3/8/2012 8:12:17 PM
mbam-log-2012-03-08 (20-12-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419897
Time elapsed: 1 hour(s), 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

No GMER log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mahir at 23:12:31 on 2012-03-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5045.3709 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Mahir\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [EF14B91F2040A866D81DF5699A3F60C27623808A._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Mahir\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mahir\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{ED098C2A-B296-4F31-9143-83715BAF5EB7} : DhcpNameServer = 192.168.1.1 68.237.161.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\
FF - component: C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\FFExternalAlert.dll
FF - component: C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Mahir\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Mahir\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mahir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-15 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-15 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-5 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-2-13 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-8 652360]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-2 2358656]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-15 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-20 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-09 01:11:47 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-08 04:06:07 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71E9CECC-097D-4CD2-B4BC-E8E435FB46C2}\mpengine.dll
2012-03-08 04:04:27 -------- d-----w- C:\Windows\System32\wbem\repository
2012-03-08 04:03:10 -------- d-----w- C:\Windows\Registration
2012-03-08 00:57:36 -------- d-----w- C:\ComboFix
2012-03-08 00:54:28 -------- d-----w- C:\Users\Mahir\AppData\Roaming\Malwarebytes
2012-03-08 00:54:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-08 00:54:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-07 11:56:08 -------- d-----w- C:\inetpub
2012-02-16 01:19:37 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 01:19:37 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 01:19:36 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 01:19:34 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 01:19:27 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-16 01:19:27 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-02-01 02:31:06 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-02-01 02:30:54 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-02-01 02:30:52 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-01-27 05:52:58 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-09-17 00:02:56 46710674 ----a-w- C:\Program Files\Flash MX Installer.exe
2009-09-17 00:02:29 49152 ----a-w- C:\Program Files\autorun.exe
.
============= FINISH: 23:13:07.34 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/16/2009 5:59:10 PM
System Uptime: 3/8/2012 7:56:31 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 147.906 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AIM 7
Apple Application Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP990 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities Solution Menu
Curse Client
Dell Driver Download Manager
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Dropbox
Facebook Video Calling 1.1.1.1
Foxit Reader 5.0
Google Chrome
Google Talk Plugin
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Rapid Storage Technology
iPhone Configuration Utility
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Development Kit 6 Update 20
JCreator LE 5.00
jGRASP
Logger Pro 3.4.2
LogMeIn
Macromedia Flash MX
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKV Splitter
Mozilla Firefox (3.5.19)
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.1
Spelling Dictionaries Support For Adobe Reader 9
Spotify
System Requirements Lab for Intel
TeamViewer 6
TI Connect 1.6
TightVNC 1.3.10
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
WatchGuard Mobile VPN with SSL client 10.2.12
WinSCP 4.2.3 beta
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 8:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/8/2012 8:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
3/8/2012 7:59:08 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:58:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6
3/8/2012 7:58:32 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:58:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2012 7:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/8/2012 7:57:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2012 7:57:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2012 7:57:08 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
3/8/2012 7:57:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/8/2012 6:22:04 AM, Error: EventLog [6008] - The previous system shutdown at 6:20:44 AM on 3/8/2012 was unexpected.
3/8/2012 11:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
3/8/2012 11:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/7/2012 9:56:36 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
3/7/2012 9:52:19 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.121.548.0 Loading engine version: 1.1.8101.0
3/7/2012 9:15:14 PM, Error: EventLog [6008] - The previous system shutdown at 9:13:51 PM on 3/7/2012 was unexpected.
3/7/2012 9:01:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:00:04 PM on 3/7/2012 was unexpected.
3/7/2012 9:00:04 PM, Error: EventLog [6008] - The previous system shutdown at 8:39:38 PM on 3/7/2012 was unexpected.
3/7/2012 8:37:00 PM, Error: EventLog [6008] - The previous system shutdown at 8:35:46 PM on 3/7/2012 was unexpected.
3/7/2012 8:34:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:33:26 PM on 3/7/2012 was unexpected.
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-Empty-Optional from package VistaPlusUpdate(Update) into Absent(Absent) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-Empty-Optional from package Internet Explorer_en-US(Language Pack) into Absent(Absent) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-80_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-74_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-71_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-70_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-20_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-145_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-143_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-140_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-14_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-11_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973917-10_neutral_GDR from package KB973917(Update) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-267_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-266_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-233_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-212_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-211_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-210_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-209_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-196_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-193_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-191_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-188_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-187_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-186_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-185_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-183_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-181_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-180_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-175_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-174_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-173_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-169_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-167_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-166_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-164_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-163_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-160_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-159_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-155_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-152_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-151_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-150_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-149_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-148_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-144_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-142_neutral_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-13_en-us_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-12_en-us_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-11_en-us_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 948465-10_en-us_GDR from package KB948465(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-50_en-us_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-41_en-us_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-40_en-us_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-39_en-us_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-38_en-us_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-348_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-324_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-302_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-301_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-300_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-299_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-298_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-289_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-287_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-285_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-283_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-282_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-281_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-280_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-278_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-277_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-275_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-274_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-273_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-271_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-268_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-267_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-266_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-262_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-259_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-256_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-255_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-254_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-253_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-247_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-246_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-245_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-241_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-239_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-238_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-236_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-235_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-232_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-231_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-227_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-224_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-223_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-222_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-221_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-220_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-216_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-214_neutral_GDR from package KB936330(Service Pack) into Staged(Staged) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2584146-10_neutral_PACKAGE from package KB2584146(Security Update) into Absent(Absent) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1OnlyUpdate (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaPlusUpdate (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-Package-Package-en-us-MiniLP (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982861 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979899 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976772 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976771 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973917 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB967190 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958483 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB948610 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB948465 (Service Pack) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB936330 (Service Pack) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2660465 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2656362 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2654428 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2647516 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2646524 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2645640 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2644615 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2641690 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2639417 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633952 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633874 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2631813 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2620712 (Security Update) into Installed(Installed) state
 
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2620704 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2619339 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2618451 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2618444 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2616676 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2607712 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2598479 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2588516 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2586448 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2585542 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2584146 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2579686 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2572075 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2570947 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2570791 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2567680 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2567053 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2564958 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563894 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2563227 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2562937 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2559049 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2556532 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2539633 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2536276 (Security Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2522422 (Update) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Internet Explorer_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package 982861 (Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980842 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979910 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979688 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976768 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2555917 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2545698 (Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2533623 (Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2532531 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2518866 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2505189 (Update) into Staged(Staged) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2505189 (Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2478660 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2416470 (Security Update) into Installed(Installed) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2117917 (Update) into Staged(Staged) state
3/7/2012 7:16:21 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2117917 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 980248-450_neutral_PACKAGE from package KB980248(Update) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979482-32_neutral_PACKAGE from package KB979482(Security Update) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979482-31_neutral_PACKAGE from package KB979482(Security Update) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979482-29_neutral_PACKAGE from package KB979482(Security Update) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975929-41_neutral_PACKAGE from package KB975929(Hotfix) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975929-40_neutral_PACKAGE from package KB975929(Hotfix) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2387149-26_neutral_PACKAGE from package KB2387149(Security Update) into Absent(Absent) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Core-UIComp-Package_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Core-UIComp-Package (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Core-CoreComp-Package_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Core-CoreComp-Package (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-ActiveX-Package (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PowerShell ISE_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-WPD7IP-Package-Package-en-US-MiniLP (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-VistaServicePack-SysHiper-SP1-Package (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-DGT-Package-Package-en-us-MiniLP (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB983588 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982799 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982665 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982519 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982480 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982381 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982214 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982132 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981997 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981957 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981852 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981793 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981349 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981322 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980843 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980436 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980248 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980232 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980218 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980195 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980182 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979911 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979687 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979683 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979559 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979482 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979309 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979306 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979099 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978886 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978601 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978542 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978338 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978262 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978251 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978207 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977816 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB977165 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976767 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976749 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976470 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976325 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976098 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975929 (Hotfix) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975562 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975561 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975560 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975558 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975517 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975467 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974571 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974469 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974455 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974318 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974306 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974145 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973565 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973525 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973346 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972270 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972260 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972145 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972036 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971961 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971737 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971514_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971514 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971514 (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971512_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971512 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971512 (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971486 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971468 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971029 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970653 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970430 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970238 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB969947 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968931 (Software Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Software Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968923 (Software Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968537 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968389 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB967723 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB961501 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB961371 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958869 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956744 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956250 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954155 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Software Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB928439 (Language Pack) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2544893 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2544521 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2541763 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2536275 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2535512 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2530548 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2525694 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2524375 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2518865 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2511455 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2510581 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2509553 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2508429 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2508272 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2507938 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2507618 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2506223 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2506212 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2506014 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2503665 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2503658 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2497640 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2492386 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2485376 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2483185 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2482017 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2481109 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2479943 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2479628 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2478935 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2478659 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2476490 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2467659 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2449741 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2443685 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2442962 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2436673 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2423089 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2419640 (Security Update) into Installed(Installed) state
 
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2416474 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2416400 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2412687 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2393802 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2388210 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2387149 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2360131 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2347290 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2345886 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2305420 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2296199 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2296011 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2286198 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2281679 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2207566 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2183461 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2160329 (Security Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2158563 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2141007 (Update) into Installed(Installed) state
3/7/2012 7:16:20 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2079403 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973768 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973540 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973507 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971657 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971557 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970710 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968816 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB967632 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB960803 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB960225 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959426 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959130 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959108 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958687 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958644 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958624 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958623 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958481 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957321 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957200 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957097 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956802 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956572 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955430 (Update) into Permanent(Permanent) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955302 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955069 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955020 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954459 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954154 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953733 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953155 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952709 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952287 (Hotfix) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952069 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952004 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951978 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951698 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951376 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951066 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950974 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950762 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950125 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950124 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB948609 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB940157_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB940157 (Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938464 (Security Update) into Installed(Installed) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938371 (Update) into Staged(Staged) state
3/7/2012 7:16:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938371 (Update) into Permanent(Permanent) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsSidebarKillbits (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsRecoveryDisc_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsRecoveryDisc (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1CEIP (Feature Pack) into Installed(Installed) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package_en-US (Language Pack) into Installed(Installed) state
3/7/2012 7:16:18 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package (Feature Pack) into Installed(Installed) state
3/7/2012 11:06:06 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Backup Loading signature version: 1.121.548.0 Loading engine version: 1.1.8001.0
3/7/2012 10:59:14 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.121.548.0 Loading engine version: 1.1.8001.0
3/7/2012 10:46:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/7/2012 10:03:49 PM, Error: EventLog [6008] - The previous system shutdown at 10:02:16 PM on 3/7/2012 was unexpected.
3/7/2012 10:00:25 PM, Error: EventLog [6008] - The previous system shutdown at 9:58:57 PM on 3/7/2012 was unexpected.
.
==== End Of File ===========================


Thanks again for your help!
 
I followed the instructions in the thread, but the produced .log file had nothing in it...? I'm not sure why. (I am in safe mode, since that's the only way I can use my computer)
 
That's not a problem.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 20:08:22
-----------------------------
20:08:22.438 OS Version: Windows x64 6.0.6002 Service Pack 2
20:08:22.438 Number of processors: 2 586 0x605
20:08:22.439 ComputerName: MAHIR-PC UserName: Mahir
20:08:23.142 Initialize success
20:09:05.880 AVAST engine defs: 12030900
20:10:07.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:10:07.526 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
20:10:07.545 Disk 0 MBR read successfully
20:10:07.556 Disk 0 MBR scan
20:10:07.561 Disk 0 Windows VISTA default MBR code
20:10:07.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
20:10:07.607 Disk 0 scanning C:\Windows\system32\drivers
20:10:16.961 Service scanning
20:10:36.144 Modules scanning
20:10:36.144 Disk 0 trace - called modules:
20:10:36.149 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:10:36.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066832f0]
20:10:36.150 3 CLASSPNP.SYS[fffffa60010b7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80056b4050]
20:10:37.733 AVAST engine scan C:\Windows
20:10:40.632 AVAST engine scan C:\Windows\system32
20:14:19.208 AVAST engine scan C:\Windows\system32\drivers
20:14:38.075 AVAST engine scan C:\Users\Mahir
21:07:08.997 AVAST engine scan C:\ProgramData
21:08:54.563 Scan finished successfully
22:58:32.886 Disk 0 MBR has been saved successfully to "C:\Users\Mahir\Desktop\MBR.dat"
22:58:32.894 The log file has been saved successfully to "C:\Users\Mahir\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 20:08:22
-----------------------------
20:08:22.438 OS Version: Windows x64 6.0.6002 Service Pack 2
20:08:22.438 Number of processors: 2 586 0x605
20:08:22.439 ComputerName: MAHIR-PC UserName: Mahir
20:08:23.142 Initialize success
20:09:05.880 AVAST engine defs: 12030900
20:10:07.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:10:07.526 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
20:10:07.545 Disk 0 MBR read successfully
20:10:07.556 Disk 0 MBR scan
20:10:07.561 Disk 0 Windows VISTA default MBR code
20:10:07.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
20:10:07.607 Disk 0 scanning C:\Windows\system32\drivers
20:10:16.961 Service scanning
20:10:36.144 Modules scanning
20:10:36.144 Disk 0 trace - called modules:
20:10:36.149 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:10:36.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066832f0]
20:10:36.150 3 CLASSPNP.SYS[fffffa60010b7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80056b4050]
20:10:37.733 AVAST engine scan C:\Windows
20:10:40.632 AVAST engine scan C:\Windows\system32
20:14:19.208 AVAST engine scan C:\Windows\system32\drivers
20:14:38.075 AVAST engine scan C:\Users\Mahir
21:07:08.997 AVAST engine scan C:\ProgramData
21:08:54.563 Scan finished successfully
22:58:32.886 Disk 0 MBR has been saved successfully to "C:\Users\Mahir\Desktop\MBR.dat"
22:58:32.894 The log file has been saved successfully to "C:\Users\Mahir\Desktop\aswMBR.txt"
23:07:51.202 Disk 0 MBR has been saved successfully to "C:\Users\Mahir\Desktop\MBR.dat"
23:07:51.215 The log file has been saved successfully to "C:\Users\Mahir\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-03-10.02 - Mahir 03/10/2012 14:01:44.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5045.4371 [GMT -5:00]
Running from: c:\users\Mahir\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
c:\windows\SysWow64\kernel32.dll . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 19:11 . 2012-03-10 19:13 -------- d-----w- c:\users\Mahir\AppData\Local\temp
2012-03-10 19:11 . 2012-03-10 19:11 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-10 19:11 . 2012-03-10 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 01:11 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 04:06 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71E9CECC-097D-4CD2-B4BC-E8E435FB46C2}\mpengine.dll
2012-03-08 04:04 . 2012-03-10 19:13 -------- d-----w- c:\windows\system32\wbem\repository
2012-03-08 00:54 . 2012-03-08 00:54 -------- d-----w- c:\users\Mahir\AppData\Roaming\Malwarebytes
2012-03-08 00:54 . 2012-03-08 00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 00:54 . 2012-03-09 01:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-07 11:56 . 2012-03-07 11:56 -------- d-----w- C:\inetpub
2012-02-16 01:19 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:19 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 01:19 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 01:19 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 01:19 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 01:19 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2009-10-03 01:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-01 02:31 . 2009-09-27 17:57 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30 . 2009-09-27 17:57 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30 . 2009-09-27 17:57 80768 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-17 00:02 . 2002-03-08 00:27 46710674 ----a-w- c:\program files\Flash MX Installer.exe
2009-09-17 00:02 . 2002-02-20 15:53 49152 ----a-w- c:\program files\autorun.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Facebook Update"="c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-09 137536]
"EF14B91F2040A866D81DF5699A3F60C27623808A._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-03-08 1049072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mahir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mahir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
- c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-09 17:12]
.
2012-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
- c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-09 17:12]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:32]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:32]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
- c:\users\Mahir\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 20:54]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
- c:\users\Mahir\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 20:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 200216]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-03-10 14:20:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 19:20
.
Pre-Run: 176,775,352,320 bytes free
Post-Run: 176,537,309,184 bytes free
.
- - End Of File - - B771BEF34EA7D8D282A6A0EDAFCDD83A
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
kernel32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 19:12 on 10/03/2012 by Mahir
Administrator - Elevation successful

========== filefind ==========

Searching for "kernel32.dll"
C:\Windows\ERDNT\cache64\kernel32.dll --a---- 1210880 bytes [19:18 10/03/2012] [16:15 12/04/2011] 2299078C1E59FE69ADDF49897D6A373A
C:\Windows\ERDNT\cache86\kernel32.dll --a---- 859648 bytes [19:18 10/03/2012] [16:11 12/04/2011] 7F4CAEAC24592FA9F574E1F8CD1D0604
C:\Windows\System32\kernel32.dll --a---- 1210880 bytes [10:44 13/07/2011] [16:15 12/04/2011] 2299078C1E59FE69ADDF49897D6A373A
C:\Windows\SysWOW64\kernel32.dll --a---- 859648 bytes [10:44 13/07/2011] [16:11 12/04/2011] 7F4CAEAC24592FA9F574E1F8CD1D0604
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll --a---- 1233408 bytes [20:58 16/09/2009] [07:47 13/02/2009] 1A5CE3CDE414ED758D4E1616F422C20B
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll --a---- 1233920 bytes [20:58 16/09/2009] [07:24 13/02/2009] 08E8EF6A8D18BD1D89896903DCD103D2
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll --a---- 1213952 bytes [02:48 21/01/2008] [02:48 21/01/2008] 1122C8BE4BC4F392598A9543DC1014E0
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll --a---- 1208832 bytes [20:58 16/09/2009] [08:57 13/02/2009] 8331C9E592358DE5157169699BD836D7
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_efbd1caf0ec055f8\kernel32.dll --a---- 1208832 bytes [10:44 13/07/2011] [15:14 12/04/2011] 6ADB508FEADBDEC41C194B4C03FA5201
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll --a---- 1210880 bytes [20:58 16/09/2009] [08:54 13/02/2009] 2EEE45C483BA534A84CACC9D8001FE0E
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_f00cddde28084bf0\kernel32.dll --a---- 1213440 bytes [10:44 13/07/2011] [14:55 12/04/2011] 777DF7F47BEE82833E324F0EB18B7ED1
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll --a---- 1217536 bytes [11:25 20/09/2009] [07:11 11/04/2009] A1489655AB04BBB5290C3FC274D33E57
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_f1a0c2e10be78eec\kernel32.dll --a---- 1210880 bytes [10:44 13/07/2011] [16:15 12/04/2011] 2299078C1E59FE69ADDF49897D6A373A
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_f23c004224f88e9f\kernel32.dll --a---- 1211904 bytes [10:44 13/07/2011] [15:22 12/04/2011] F2338C94CDCD7AD28A14428D46A05D0B
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll --a---- 840704 bytes [20:58 16/09/2009] [07:25 13/02/2009] 444A00544B4EDFEDD8FCCD281EDE3ED4
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll --a---- 841216 bytes [20:58 16/09/2009] [07:16 13/02/2009] 4118366CDDA655F8AEDB20CD03DEBAE9
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll --a---- 855552 bytes [02:48 21/01/2008] [02:48 21/01/2008] 799EEDF377F3B72DB30192AD9FD3C7F3
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll --a---- 855552 bytes [20:58 16/09/2009] [08:47 13/02/2009] D4902D1DC60CB71197EFE4474A582841
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_fa11c701432117f3\kernel32.dll --a---- 857600 bytes [10:44 13/07/2011] [14:56 12/04/2011] 6EBBE14BE54877C386C63FFED52D391D
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll --a---- 858112 bytes [20:58 16/09/2009] [08:19 13/02/2009] 1B5BE39A927C36B3162ADA23B6CA001E
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_fa6188305c690deb\kernel32.dll --a---- 860160 bytes [10:44 13/07/2011] [14:33 12/04/2011] 35FC1E7929DA4828B9CC73DC84B42E6F
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll --a---- 858112 bytes [11:25 20/09/2009] [06:26 11/04/2009] A5830F679B5B38AE9700A72087178745
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_fbf56d33404850e7\kernel32.dll --a---- 859648 bytes [10:44 13/07/2011] [16:11 12/04/2011] 7F4CAEAC24592FA9F574E1F8CD1D0604
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_fc90aa945959509a\kernel32.dll --a---- 860672 bytes [10:44 13/07/2011] [15:11 12/04/2011] BBB3D68596C6B6E8A7ECAFDB2962E89B

-= EOF =-
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_fc90aa945959509a\kernel32.dll | C:\Windows\SysWOW64\kernel32.dll

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-03-10.02 - Mahir 03/10/2012 19:38:37.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5045.3784 [GMT -5:00]
Running from: c:\users\Mahir\Desktop\ComboFix.exe
Command switches used :: c:\users\Mahir\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_fc90aa945959509a\kernel32.dll --> c:\windows\SysWOW64\kernel32.dll
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 00:45 . 2012-03-11 00:45 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-03-11 00:45 . 2012-03-11 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 19:20 . 2012-03-11 00:47 -------- d-----w- c:\users\Mahir\AppData\Local\temp
2012-03-09 01:11 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 04:06 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71E9CECC-097D-4CD2-B4BC-E8E435FB46C2}\mpengine.dll
2012-03-08 04:04 . 2012-03-11 00:47 -------- d-----w- c:\windows\system32\wbem\repository
2012-03-08 00:54 . 2012-03-08 00:54 -------- d-----w- c:\users\Mahir\AppData\Roaming\Malwarebytes
2012-03-08 00:54 . 2012-03-08 00:54 -------- d-----w- c:\programdata\Malwarebytes
2012-03-08 00:54 . 2012-03-09 01:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-07 11:56 . 2012-03-07 11:56 -------- d-----w- C:\inetpub
2012-02-16 01:19 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:19 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 01:19 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 01:19 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 01:19 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 01:19 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2009-10-03 01:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-01 02:31 . 2009-09-27 17:57 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30 . 2009-09-27 17:57 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30 . 2009-09-27 17:57 80768 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-17 00:02 . 2002-03-08 00:27 46710674 ----a-w- c:\program files\Flash MX Installer.exe
2009-09-17 00:02 . 2002-02-20 15:53 49152 ----a-w- c:\program files\autorun.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Facebook Update"="c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-09 137536]
"EF14B91F2040A866D81DF5699A3F60C27623808A._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-03-08 1049072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mahir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mahir\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
- c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-09 17:12]
.
2012-03-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
- c:\users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-09 17:12]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:32]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15 23:32]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
- c:\users\Mahir\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 20:54]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
- c:\users\Mahir\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 20:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mahir\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-23 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-23 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-23 200216]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - %profile%\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-03-10 19:54:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 00:54
ComboFix2.txt 2012-03-10 19:20
.
Pre-Run: 176,524,492,800 bytes free
Post-Run: 176,426,352,640 bytes free
.
- - End Of File - - 4B7692703F0EE0DD2853C0BFDBB606C2
 
Good.

How is computer doing?

If your Avast is not working properly anymore please reinstall it.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Unfortunately I still cannot run Windows in normal mode :(

I will reinstall Avast soon.

Log:

OTL logfile created on: 3/10/2012 9:03:42 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mahir\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.93 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 87.04% Memory free
10.78 Gb Paging File | 10.28 Gb Available in Paging File | 95.44% Paging File free
Paging file location(s): c:\pagefile.sys 6144 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 164.43 Gb Free Space | 55.16% Space Free | Partition Type: NTFS

Computer Name: MAHIR-PC | User Name: Mahir | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 21:01:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mahir\Desktop\OTL.exe
PRC - [2009/04/11 01:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IProsetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/01 21:16:32 | 000,566,152 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\dlcfcoms.exe -- (dlcf_device)
SRV - [2012/01/31 21:30:44 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/01/31 21:30:38 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 09:41:58 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/10 11:01:49 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 21:31:06 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/17 04:02:24 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/03/26 00:17:16 | 000,307,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/18 18:28:14 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/23 10:48:40 | 008,039,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/11 11:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 11:40:32 | 000,015,136 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\radpms.sys -- (radpms)
DRV:64bit: - [2008/08/11 11:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/08/11 11:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [1999/04/23 21:22:00 | 000,009,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\HIDUSB.SYS -- (HidUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mahir\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mahir\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mahir\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/28 14:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/28 14:09:20 | 000,000,000 | ---D | M]

[2009/09/16 15:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahir\AppData\Roaming\Mozilla\Extensions
[2011/11/07 18:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions
[2009/09/19 12:46:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/27 11:47:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/27 12:16:19 | 000,000,000 | ---D | M] (Runescape Toolbar) -- C:\Users\Mahir\AppData\Roaming\Mozilla\Firefox\Profiles\istzndoy.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2011/10/22 15:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/15 18:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/10 23:49:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/16 09:46:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/22 15:14:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mahir\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Mahir\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mahir\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mahir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mahir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Mahir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/10 19:47:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EF14B91F2040A866D81DF5699A3F60C27623808A._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mahir\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Mahir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mahir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED098C2A-B296-4F31-9143-83715BAF5EB7}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 21:01:32 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mahir\Desktop\OTL.exe
[2012/03/10 19:55:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\Mahir\AppData\Local\temp
[2012/03/10 19:47:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/10 13:34:15 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Mahir\Desktop\ComboFix.exe
[2012/03/10 07:16:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/10 07:16:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/10 07:16:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/09 23:05:49 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mahir\Desktop\boot_cleaner.exe
[2012/03/08 23:11:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mahir\Desktop\dds.scr
[2012/03/08 20:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 20:11:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/07 23:03:10 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2012/03/07 19:57:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 19:56:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 19:54:28 | 000,000,000 | ---D | C] -- C:\Users\Mahir\AppData\Roaming\Malwarebytes
[2012/03/07 19:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/07 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/07 06:56:08 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/03/02 19:17:17 | 000,000,000 | ---D | C] -- C:\Users\Mahir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse(116)
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 21:01:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mahir\Desktop\OTL.exe
[2012/03/10 21:00:52 | 000,001,356 | ---- | M] () -- C:\Users\Mahir\AppData\Local\d3d9caps.dat
[2012/03/10 20:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 20:03:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/10 20:03:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:03:24 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 19:47:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 19:11:43 | 000,165,376 | ---- | M] () -- C:\Users\Mahir\Desktop\SystemLook_x64.exe
[2012/03/10 13:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
[2012/03/10 13:54:29 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 13:54:29 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 13:54:29 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 13:34:18 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Mahir\Desktop\ComboFix.exe
[2012/03/10 12:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 10:17:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
[2012/03/10 08:58:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/09 23:07:51 | 000,000,512 | ---- | M] () -- C:\Users\Mahir\Desktop\MBR.dat
[2012/03/08 23:11:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mahir\Desktop\dds.scr
[2012/03/08 23:06:46 | 000,000,732 | ---- | M] () -- C:\Users\Mahir\AppData\Local\d3d9caps64.dat
[2012/03/08 22:27:07 | 000,027,136 | ---- | M] () -- C:\Users\Mahir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/08 22:24:17 | 000,302,592 | ---- | M] () -- C:\Users\Mahir\Desktop\gvvjrxj3.exe
[2012/03/08 20:11:49 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 17:44:03 | 000,000,129 | ---- | M] () -- C:\Users\Mahir\jagex_runescape_preferences2.dat
[2012/02/26 17:43:17 | 000,000,046 | ---- | M] () -- C:\Users\Mahir\jagex_runescape_preferences.dat
[2012/02/26 17:43:16 | 000,000,032 | ---- | M] () -- C:\Users\Mahir\jagex_cl_runescape_LIVE.dat
[2012/02/22 19:30:32 | 000,134,473 | ---- | M] () -- C:\Users\Mahir\Desktop\sat.jpg
[2012/02/18 15:57:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
[2012/02/18 13:17:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
[2012/02/17 19:18:51 | 647,244,117 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/16 23:52:35 | 000,068,927 | ---- | M] () -- C:\Users\Mahir\Desktop\stocks.jpg
[2012/02/16 03:29:13 | 000,391,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 19:11:40 | 000,165,376 | ---- | C] () -- C:\Users\Mahir\Desktop\SystemLook_x64.exe
[2012/03/10 07:16:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/10 07:16:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/10 07:16:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/10 07:16:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/10 07:16:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/09 22:58:32 | 000,000,512 | ---- | C] () -- C:\Users\Mahir\Desktop\MBR.dat
[2012/03/08 23:04:13 | 000,302,592 | ---- | C] () -- C:\Users\Mahir\Desktop\gmer.exe
[2012/03/08 22:24:16 | 000,302,592 | ---- | C] () -- C:\Users\Mahir\Desktop\gvvjrxj3.exe
[2012/03/08 20:11:49 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 19:30:32 | 000,134,473 | ---- | C] () -- C:\Users\Mahir\Desktop\sat.jpg
[2012/02/16 23:52:35 | 000,068,927 | ---- | C] () -- C:\Users\Mahir\Desktop\stocks.jpg
[2011/06/30 18:45:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/23 10:33:50 | 000,000,084 | ---- | C] () -- C:\Users\Mahir\AppData\Roaming\RSBuddy_TheVizard.ini
[2011/04/23 10:33:38 | 000,000,009 | ---- | C] () -- C:\Users\Mahir\AppData\Roaming\RSBuddy Login.ini
[2011/01/11 22:18:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/29 11:45:54 | 000,000,106 | ---- | C] () -- C:\Users\Mahir\AppData\Roaming\RSBot_Accounts.ini
[2010/09/22 17:55:53 | 000,000,103 | ---- | C] () -- C:\Users\Mahir\AppData\Roaming\RSBot Accounts.ini
[2010/09/12 13:20:54 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC990W.DAT
[2010/09/08 17:32:23 | 000,000,023 | ---- | C] () -- C:\Users\Mahir\AppData\Roaming\ArbiAuth.ini

========== LOP Check ==========

[2011/05/25 17:14:13 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\.minecraft
[2009/09/16 15:36:28 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\acccore
[2011/10/08 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Blackboard
[2011/10/08 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Collaborate
[2010/03/12 12:08:18 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/09 20:04:23 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Dropbox
[2010/01/10 11:48:24 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\FOG Downloader
[2011/10/01 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Foxit Software
[2011/10/22 16:15:53 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\JCreator
[2010/06/26 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\ooVoo Details
[2010/08/05 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Out of the Park Developments
[2011/12/28 14:50:57 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\redsn0w
[2009/09/18 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Ringtone Expressions
[2010/02/11 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\SplashupLight.8F84E54D18819F0C71CA15FE192C56A89F17989F.1
[2011/11/17 20:06:58 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Spotify
[2010/08/02 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Subversion
[2010/12/05 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\SystemRequirementsLab
[2011/11/02 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\TeamViewer
[2011/11/23 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Unity
[2011/04/06 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\WatchGuard
[2010/11/01 18:30:53 | 000,000,000 | ---D | M] -- C:\Users\Mahir\AppData\Roaming\Wi-Fi Sync
[2012/02/18 13:17:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
[2012/03/10 10:17:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
[2012/02/16 03:27:58 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/09/27 12:57:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/09/16 17:55:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/03/10 19:54:58 | 000,015,393 | ---- | M] () -- C:\ComboFix.txt
[2012/02/28 03:22:19 | 000,001,850 | ---- | M] () -- C:\dlcf.log
[2009/09/16 19:00:21 | 046,550,017 | ---- | M] () -- C:\flashfiles.zip
[2009/11/03 14:07:21 | 000,001,094 | -H-- | M] () -- C:\IPH.PH
[2012/03/10 20:04:28 | 2147,483,647 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/07/25 18:31:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/26 16:12:27 | 000,000,702 | -HS- | M] () -- C:\Users\Mahir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Mahir\Desktop\boot_cleaner.exe
[2012/03/10 13:34:18 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Mahir\Desktop\ComboFix.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Mahir\Desktop\gmer.exe
[2012/03/08 22:24:17 | 000,302,592 | ---- | M] () -- C:\Users\Mahir\Desktop\gvvjrxj3.exe
[2012/03/10 21:01:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mahir\Desktop\OTL.exe
[2012/03/10 19:11:43 | 000,165,376 | ---- | M] () -- C:\Users\Mahir\Desktop\SystemLook_x64.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/18 13:17:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
[2012/03/10 10:17:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
[2012/03/10 20:03:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/10 12:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 15:57:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000Core.job
[2012/03/10 13:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-167961007-681689400-1084642220-1000UA.job
[2012/03/10 20:03:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/16 03:27:58 | 000,032,626 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/06/10 23:05:00 | 000,000,000 | ---- | M] () -- C:\Users\Mahir\jre-6u20-windows-i586.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/08/30 09:22:10 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/08/30 09:22:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/07/25 18:55:22 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/07/25 18:55:22 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/15 17:00:56 | 000,000,402 | -HS- | M] () -- C:\Users\Mahir\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E41EAF13

< End of report >
 
OTL Extras logfile created on: 3/10/2012 9:03:42 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mahir\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.93 Gb Total Physical Memory | 4.29 Gb Available Physical Memory | 87.04% Memory free
10.78 Gb Paging File | 10.28 Gb Available in Paging File | 95.44% Paging File free
Paging file location(s): c:\pagefile.sys 6144 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 164.43 Gb Free Space | 55.16% Space Free | Partition Type: NTFS

Computer Name: MAHIR-PC | User Name: Mahir | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4C 1A 55 6E 26 4B CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D95FE68-64E1-4432-B2A2-DC57108D651B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E92B8CE-6DE6-46D8-96C7-42E88DE7E7E1}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{0ECB83B2-4A64-4B4C-8A3C-6F480C2D6888}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{147489F6-9712-4FF9-83A4-6F8C36CD1B21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15F5382B-8543-4E50-8E69-52CF2B719735}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{1BAA7DD7-16B4-4871-8C06-1DAE84AF56CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{33179C98-7C1D-4DC1-9566-09A64D168BF9}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{364CFB9C-0953-406C-9092-B70F1BC1A8CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44036CCC-CCAD-40F3-8E72-CD3BF1E2595B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{46EAB126-D87F-4888-814F-1A4B8A00BF47}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A78DB72-2C95-4C14-9A88-6A2E222D0D33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B74B13A-D009-4143-A4C8-E6B303B543FA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{530B7FB2-BC03-4756-9B00-24205C8C2497}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54F15C01-0985-4DCB-A11E-23AFEFFEB186}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5787303B-64BD-429A-9CF9-64D68E1BE807}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61B92E6A-4C2B-4CCF-9237-F764F488FFE9}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{62E4930D-7DE1-4CFF-99F5-6065A10FD08C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{675CE748-9F5E-4392-B5EC-4BD1BC582DE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{69178A15-A9AA-410B-B762-D6D262D32933}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D3CC6F5-A39E-4BDD-96DA-FD9F236BEDDB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EFD4602-E255-44EB-A09B-B03722C14A79}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{72B5C64E-4BAE-40F0-91C9-B17406CB5B62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73520E56-BA88-4785-A1E4-F4F34DB06938}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{7774DA0F-4EE8-48FB-A753-647118201478}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C035BCE-1926-4AB1-9CF0-FB4CDF342B05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8230767D-9F1A-443F-96F5-3374DF45522C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{824C5605-F691-4FD8-84BF-7381D7C88741}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D8B4375-2E32-4210-8269-947AA621FA85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94403224-8143-436B-8456-646C8DFCB0BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A027560-7627-4E8C-AEDB-FF7F6E5BE005}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9AEDFD76-8262-4B55-8B15-13C73D01C928}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FE71D17-3FBD-4523-BBEC-15A84ECCCCD7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A14F0C1D-654F-4D1E-94C6-75AB5BFCD514}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A620681A-0EA4-4102-AD18-785E8FFE285C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AE3F5D45-E1E7-4EEE-A666-FE44A7D43139}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF0CFDC1-DBA9-410C-B7AB-34567315B257}" = lport=137 | protocol=17 | dir=in | app=system |
"{B131DEA5-0C0C-4B7E-B448-99BE0E4EE199}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5991E62-089E-4E88-9564-F7F2A085FC12}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BC78201A-42E5-4CC9-9854-3E18816A9557}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BCD53926-EA01-4B06-8808-CB6081B0DFF5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1EC845F-1613-4477-95A0-C98F4F4C43FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7CC812E-CEF5-4EAB-A2CE-56502A0C2DE9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCFAFB0D-D932-4489-97CB-1022C527A043}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD539262-18F3-4208-8593-830AE8833451}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D209675C-255F-49B0-9DF1-596A45653923}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF5C47C3-A5EC-4B04-8692-10BBB75D22BC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E3ADE891-1A73-49B3-BC18-0165337729D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4D49682-28DE-4254-B4F8-99426504B5F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4D6FD70-2B30-4367-90AD-03BF71E1A81F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E53959A6-D572-4D12-BAB9-78A20E70AEBD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6185D5E-AA3A-4C3C-AD62-E5C30B5EA5E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBF34633-CB57-4745-BFAE-54D61B36F735}" = lport=25565 | protocol=6 | dir=in | name=minecraft server |
"{F0B149DF-5F6E-4D78-8767-953F77FA00DD}" = lport=445 | protocol=6 | dir=in | app=system |
"{F15DE4AF-D84D-4C9E-861B-A28634CE4AD7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F3A666D9-C6CD-4C6C-BFD2-FF7803478142}" = rport=445 | protocol=6 | dir=out | app=system |
"{F497C205-F47A-4D1D-9689-EACC5161B355}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE8C5A85-2C88-46F3-8AEB-86AE0818861F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006925BF-E978-4C8D-B3E9-077945206D9A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{0AF198D1-1DE6-42C1-8913-A2BD545F6C75}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\world of warcraft\launcher.exe |
"{0B9ACE95-9ED2-4A11-A59B-727A6FCE6C16}" = protocol=6 | dir=out | app=system |
"{0C3B008E-6130-457B-AF86-CD805AD68529}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10E5A177-4B55-472C-B2C7-9AE1150777B3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{10EB759C-2EC6-4D11-946D-61AA9B2C8043}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{11684E54-A745-4764-BA68-47D551474385}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17C6F59D-3BCD-46BD-A3F2-A49B4E0214C8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{182FC739-F6BF-45D1-8414-19060CBB31E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C7689B5-ACC3-447E-943B-5CA351758476}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E4C7B31-E6BE-43E9-8706-FE4B90EE6703}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{24FEC1A5-A967-4F3E-97F0-196F663C8642}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{284DF3DE-EAC9-4D91-84FD-0F84DC63AEFA}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2AF234EC-6148-4228-AD09-25EAD8E352FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B77DCF4-9502-46C1-AC9B-0090EB70E0CA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EC27EBE-6304-4DE2-A634-24FBC82B6EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{331DE701-A2E3-4D9C-A308-0FD90D11881F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4020A375-9A99-44A3-B1D0-543C8C28BEF5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{46DF180A-C6BE-48D8-87B0-3C30A4BD89D1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4802DDEF-EA9B-4269-927E-042C04718EF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49211571-4AD0-4665-8282-5EA1308D1339}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{492D7229-D291-4C02-A808-68FAE09A8571}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{4C92B76E-6F63-4254-8E9D-1FB80169FC0F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F2288F4-9C06-4554-AA31-09DB8A2DD163}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{51683DDD-47FC-4AB8-960C-8B453E8E8E33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{569A3B3A-48FC-46BF-B70E-3F05F5BBEA26}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5F674D6B-A492-477A-824F-84B40AA0A21A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{5F7CE6A5-4EB4-47FB-8F05-148D852EE9D5}" = dir=in | app=c:\users\mahir\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{642D05DD-8100-4845-AB22-0F45539ECE86}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6709FE71-8439-4DD9-9339-2D274F7BFD6D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{6F75459F-7835-4336-AF18-5C8731469C29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{775261A1-38CF-41E5-8954-D8A16A75DED4}" = protocol=6 | dir=in | app=c:\users\mahir\appdata\roaming\dropbox\bin\dropbox.exe |
"{7A7F1BE1-6D3F-491C-88A5-B03746271C21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C9CA529-EB72-43E1-BDD5-959168B540BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E1C1E9C-834F-423B-8153-777530FD0CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{8003DBA2-D072-4427-BAA9-DDAF96AAAA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{8078B538-7EB2-4B1B-9F55-013551D506AA}" = protocol=6 | dir=in | app=c:\users\mahir\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{83019AE3-1BD8-4D6B-846B-F07AF55FCEFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85D96924-FA0B-43BE-BA0F-35182E0413B3}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8BCFE049-E00C-43E1-BAAD-001C5D2AA7DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8BE1AC31-77A8-4F66-904F-58D344743EE4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{9306065A-CC14-47D8-95CA-05C42D4790DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9B3C9627-924A-4607-B918-245BEDAAAE83}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A24CAC9B-1649-4269-82BF-88FC3791C17D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A28D61F0-BD00-45B4-B9DB-E37EC22520D6}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A4215DDC-76CC-49E7-B636-CB9F9EF84399}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A69B312E-71F0-4193-8137-278BE7043096}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{A6F469A6-360C-4DD3-8319-0A1B9D985DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"{A8480F58-2391-4690-BC89-86F10316FB7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABC9FC77-37AB-4AE4-B6F9-92F17AC4DF24}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{B738F7E5-BFB8-4845-A721-D1FD6D109D42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B864E5DE-A389-474E-A7E7-F1ED06B00BB9}" = protocol=17 | dir=in | app=c:\users\mahir\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B9034B22-FF9A-4395-8CCF-B0CE504C5B13}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{BE62624D-B34B-4A3C-8312-E84E97852C25}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{C3887C24-092F-4B05-B6F8-3CD0D1726274}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\world of warcraft\launcher.patch.exe |
"{C43B1FA4-379B-4AB4-9BE1-87CB0229B4AC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C4CC6197-F47A-47DA-9894-F3A5D3C5158F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C744457C-D5BF-424B-934C-DADC7208C04D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C77209FA-C969-42FD-A25D-E4AD97E84400}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{CD14DE6F-85E3-4074-A23B-4C7C8B4B6C67}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{CE55CABC-D4FC-406A-A2FA-2E50EF94EE22}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CEF89E7F-CCC7-49EC-9D79-FBBE32202578}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF1F088B-C30A-4E42-A857-7DC351084570}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CFCDE08A-831B-4AA0-AE9C-9AC25040279A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D06F9E3D-EBD4-49EA-9F73-91FED85241D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6FDF0FA-9BD4-426A-A346-475ABE50A070}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\world of warcraft\blizzard downloader.exe |
"{DB4056DF-E8A8-429B-B835-48181DBF2A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"{DFAF8457-52A2-40C8-BF03-74AAC5CF0488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFF39979-16BB-49A3-A89A-CEBAC89DBA20}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E051ADD2-77F7-44C0-9055-9D75A44165A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E42DCC13-ABCB-4C10-899A-C3159CDB7918}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E81D8004-C22E-4ACD-936C-DB3D76A05EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\world of warcraft\launcher.exe |
"{EA229F4C-E13C-46E2-A0FA-2EEE79EC29AA}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{EB49BB5E-11AD-462B-8785-1706405A7662}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{EED22823-60F1-4A41-A968-92A2F0E53B03}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F329740F-099C-4C56-AB8B-80FEFA9D0373}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F73CD412-C695-4095-A186-58359B913106}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F8C11691-F297-410C-A722-92A2D0B9466C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FB539F24-AFF5-40D0-8079-D04FFAF41650}" = protocol=17 | dir=in | app=c:\users\mahir\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB618557-4CC6-478D-826F-7EE905C6CA63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCA3500E-EB29-41F6-BCF4-D5954BA63F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{FD5E653F-17FC-46D0-B8B8-C4C1F4464EA7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD75F068-3106-46D3-A99C-BEB4C924B857}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\world of warcraft\launcher.patch.exe |
"{FDE639F6-F328-416B-8F98-AFA86BD1DCAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{02BBD165-EA90-4D9C-ACBC-8D6C2FB39DA9}C:\users\mahir\appdata\roaming\macromedia\flash player\" = protocol=6 | dir=in | app=c:\users\mahir\appdata\roaming\macromedia\flash player\ |
"TCP Query User{06E1624D-B1D7-4A41-9235-3CCFFBDA7610}C:\users\mahir\desktop\pwnage\tinyumbrella-5.10.03.exe" = protocol=6 | dir=in | app=c:\users\mahir\desktop\pwnage\tinyumbrella-5.10.03.exe |
"TCP Query User{0708E5B7-9B79-42E9-A967-A70C20B32ADC}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{0F13D43D-2AAB-4672-8F46-BB2336365B8B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{256E4FA2-B391-4FEB-87D5-C96741988EBB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2D2A3674-5A78-4823-BF89-5E46B54C973C}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"TCP Query User{30DF1948-2B24-4D3B-8F1E-88ED945CFD99}C:\users\mahir\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mahir\appdata\roaming\spotify\spotify.exe |
"TCP Query User{34115942-6CE1-419B-BE36-AAA3F9092495}C:\program files (x86)\jetbrains\intellij idea community edition 9.0.2\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\intellij idea community edition 9.0.2\bin\idea.exe |
"TCP Query User{3A1A3788-65FE-45D5-953E-C6822FEB098B}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"TCP Query User{3AC8AAF5-AD54-43B6-A6F5-5626886084CB}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"TCP Query User{41CCBB4E-2ABD-452F-BF33-0712AA9177A5}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{461AB77C-6B3E-4DC5-8CA5-3118BEC80A5E}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{468E6C19-70FA-4FCA-8A45-8D04DF8CF3E4}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"TCP Query User{4ABBFE42-BAEA-4991-9125-C32608015A65}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{4FF5F00A-D106-405F-B816-86D82B4B67C1}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"TCP Query User{54A1376B-726A-4F08-B2D2-BA7C2119BFC8}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{5A979619-3A20-42F6-91FE-A48BC73CF136}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{60A67CCF-E263-4BA5-AC5C-5297EC23F14A}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{66A5111F-F9D6-4F6D-BCED-FC07C7E999E2}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{68EB1997-CAA6-4FF4-8C5F-8469C9319471}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"TCP Query User{697E6DD7-C387-4786-B0B5-6A61CAB820AF}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |
"TCP Query User{8A723E4E-60A0-4083-BFE5-63C17EF476B7}C:\program files (x86)\iphone tunnel suite\itunnel\itunnel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iphone tunnel suite\itunnel\itunnel.exe |
"TCP Query User{93BEFD6A-CB69-46F0-B9E3-1FD9F90DA60F}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |
"TCP Query User{9CEF6705-BE19-4804-B129-99A258F219CD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{9F40A106-E43D-4AAB-81F5-CD925A678C02}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{A30EF373-4676-4F13-8BE7-CAF07FF957F7}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{A9D6CE85-2F68-4B36-9EAB-17FF18D872CD}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{BE2A4A86-CB60-43F5-B512-7D7AEB1FAD10}C:\users\mahir\downloads\tinyumbrella-5.10.03.exe" = protocol=6 | dir=in | app=c:\users\mahir\downloads\tinyumbrella-5.10.03.exe |
"TCP Query User{C702A2B7-740D-4A3C-8EB2-A7CDBC95A395}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"TCP Query User{E17016D1-AE6E-4F28-88CE-07DFF0861ED8}C:\users\mahir\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\users\mahir\downloads\fogdownloader-rom_2_1_0_1871.exe |
"TCP Query User{F51C603A-93AB-4A0D-8DEB-15ADBC262DB7}C:\users\mahir\desktop\pwnage\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\mahir\desktop\pwnage\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{0603D211-248B-4748-BF0F-F84FD646626B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{0C203805-912F-4184-BA31-C16E0F5C1329}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{1673F41A-6546-4DD2-9B7D-765238100535}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{32519C33-25E9-488C-B0FE-700D1F767A49}C:\users\mahir\desktop\pwnage\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\mahir\desktop\pwnage\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{361D3711-C140-44D7-B800-BF2F53A0D6EC}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{4001190D-DD03-4082-BB3F-EAE6D6C609B8}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{45598301-AA3A-404C-BCC5-AE24C2C10520}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{472F9F94-8F76-49A9-A532-55995E471E00}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{4B46354D-FACE-4FD0-82F7-EA02A4307412}C:\users\mahir\appdata\roaming\macromedia\flash player\" = protocol=17 | dir=in | app=c:\users\mahir\appdata\roaming\macromedia\flash player\ |
"UDP Query User{4D1A915B-AECB-4846-B05C-C5916E2EBE7D}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"UDP Query User{4E3E43EB-90F2-4FE8-ACF6-0931A6EC1AB5}C:\program files (x86)\iphone tunnel suite\itunnel\itunnel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iphone tunnel suite\itunnel\itunnel.exe |
"UDP Query User{513B42A9-2E94-44C4-981B-B17411D91E75}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"UDP Query User{5321F9CE-9D95-4468-A39B-E0FD5C142E01}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |
"UDP Query User{5F8845ED-59E6-4B9A-8A4F-AE7C2642A6B1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{611A4395-3287-4BAF-BBD0-2416D7E70358}C:\users\mahir\downloads\tinyumbrella-5.10.03.exe" = protocol=17 | dir=in | app=c:\users\mahir\downloads\tinyumbrella-5.10.03.exe |
"UDP Query User{682D8AE7-A997-4D46-85DD-78813ACA6AC3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{691ADDBA-6C6D-480A-A095-719B020B06D4}C:\users\mahir\desktop\pwnage\tinyumbrella-5.10.03.exe" = protocol=17 | dir=in | app=c:\users\mahir\desktop\pwnage\tinyumbrella-5.10.03.exe |
"UDP Query User{6C2EF397-6B06-4891-8065-21E581B347DE}C:\program files (x86)\tightvnc\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"UDP Query User{75BA3D30-CC8B-4B5C-8D31-BA59407C55AE}C:\users\mahir\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\users\mahir\downloads\fogdownloader-rom_2_1_0_1871.exe |
"UDP Query User{789D2244-108C-4508-A28F-D4032D612180}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{7D0644A8-520A-480F-B01C-4C4E85E68075}C:\program files (x86)\jetbrains\intellij idea community edition 9.0.2\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\intellij idea community edition 9.0.2\bin\idea.exe |
"UDP Query User{891BED6F-27F8-4713-8BA3-9A61596400B7}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A0C95DB0-79FF-4814-BE73-FA2F227FA1BF}C:\users\mahir\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mahir\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BE8A98BF-CE28-49FB-BC52-316B2558AA62}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{C6097886-511A-4D56-95C7-D00B189050CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C8BCF52E-6838-4E15-913C-47001C507213}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{CE611F7C-FA25-4E63-8B9E-98F95A1C20CE}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"UDP Query User{CFDB3A89-6DF8-46CA-8E83-86E4231A7567}C:\program files (x86)\tightvnc\winvnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\winvnc.exe |
"UDP Query User{D185A933-6B9A-44DF-9CED-E54956BE81CB}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"UDP Query User{DDAE5A8B-B56D-458C-B808-EAC6F29C01AD}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"UDP Query User{DEDC3208-76C4-4EBD-834D-0B40CD509D9D}C:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drahtwerk\iwebcamera\iwebcameraapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C917D4-7B0B-4D35-AD58-7AD1590B2E70}" = Logger Pro 3.4.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MP990 series User Registration" = Canon MP990 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader 5.0
"Google Chrome" = Google Chrome
"JCreator LE_is1" = JCreator LE 5.00
"jGRASP" = jGRASP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mobile VPN with SSL client_is1" = WatchGuard Mobile VPN with SSL client 10.2.12
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"TeamViewer 6" = TeamViewer 6
"TightVNC_is1" = TightVNC 1.3.10
"winscp3_is1" = WinSCP 4.2.3 beta
 
========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 9:05:17 PM | Computer Name = Mahir-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/10/2012 9:14:11 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:16:14 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:22:14 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:30:31 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:32:34 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:38:34 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 9:46:34 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 10:00:49 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

Error - 3/10/2012 10:02:52 PM | Computer Name = Mahir-PC | Source = PerfNet | ID = 2004
Description =

[ Media Center Events ]
Error - 12/11/2009 7:37:12 PM | Computer Name = Mahir-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/12/2009 2:54:37 PM | Computer Name = Mahir-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 12/12/2009 6:28:09 PM | Computer Name = Mahir-PC | Source = McrMgr | ID = 107
Description =

Error - 12/12/2009 6:28:11 PM | Computer Name = Mahir-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 3/10/2012 9:04:52 PM | Computer Name = Mahir-PC | Source = LSM | ID = 1048
Description =

Error - 3/10/2012 9:05:10 PM | Computer Name = Mahir-PC | Source = DCOM | ID = 10005
Description =

Error - 3/10/2012 9:05:17 PM | Computer Name = Mahir-PC | Source = DCOM | ID = 10005
Description =

Error - 3/10/2012 9:05:19 PM | Computer Name = Mahir-PC | Source = DCOM | ID = 10005
Description =

Error - 3/10/2012 9:06:17 PM | Computer Name = Mahir-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/10/2012 9:06:17 PM | Computer Name = Mahir-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/10/2012 9:06:17 PM | Computer Name = Mahir-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/10/2012 9:06:17 PM | Computer Name = Mahir-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/10/2012 9:06:52 PM | Computer Name = Mahir-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/10/2012 10:01:34 PM | Computer Name = Mahir-PC | Source = DCOM | ID = 10005
Description =


< End of report >
 
I don't think we're dealing with an infection here.

I suggest you create new topic in Windows forum.
 
Ah okay, so probably hardware. Do you think re-installing or repairing with a OS disc would help at all?

Thanks for all your help!!!
 
It's hard to say.
It may be even something as simple as overheating but.....that's a story for another forum.
 
You must log in or register to reply here.

Similar threads

J
Need help with BSOD Event ID 41
Replies
1
Views
1K
Kshipper
Kshipper
derncricket
Computer is turning off. Needing insights.
Replies
3
Views
1K
Kshipper
Kshipper
Cubeputer
PC problems
Replies
5
Views
2K
Cubeputer
Cubeputer

Latest posts

Back