Inactive [A] Sirefef cleaned by latest hitmanpro

[Galen]

@Broni, this morning I got prompted with an adobe flash update and could not get rid of it. I looked into it then and found it was from Adobe so I went ahead and installed it. However, after the installation there was a music playing from an unknown program. Then I know my computer got contracted with a virus. I tried to use Security Essential but found it got killed by the virus. I installed a fresh copy of SE and did a scan, and it prompted the Sirefef virus. After that, my computer always shut down with that 1 min prompt. I managed to use Kaspersly Rescue Disk boot time and then latest Hitmanpro when I can have a stable windows desktop to clean the sirefef. Please review the Farbar scan report and let me know what you think. Thanks!

Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 05-07-2012 18:40:25
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2009-11-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2009-11-21] (Intel Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-16] ()
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [x]
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-01-27] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [111640 2010-03-25] ()
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Galen\...\Run: [Akamai NetSession Interface] "C:\Users\Galen\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Galen\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-03] (Google Inc.)
HKU\Galen\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)
HKU\Galen\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: acaptuser64.dll
Lsa: [Notification Packages] scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Organizer PDF??.lnk
ShortcutTarget: ScanSnap Organizer PDF??.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Users\Galen\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
2 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [303968 2012-06-18] (Alipay Inc. )
2 AliveSvc; C:\Program Files (x86)\Common Files\alipay\AliveService\AliveService.exe [110432 2012-06-18] (Alipay Inc. )
3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [164200 2010-08-24] (Lenovo.)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-07-05] (SurfRight B.V.)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [43568 2007-05-31] (Lenovo)
2 ICBC Daemon Service; C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe [397216 2010-09-17] ()
2 IDriveE Service; "C:\IDrive\IDriveE Service.exe" [148936 2010-12-21] (Pro Softnet Corporation)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-07] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-21] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-21] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-12-14] (LogMeIn, Inc.)
2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2009-10-19] (Lenovo Group Limited)
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92008 2010-08-24] (TomTom)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47656 2009-10-09] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-07] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-03-25] (Intel Corporation)
2 XLDoctor Services; C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe [38704 2010-12-21] (ShenZhen Xunlei Networking Technologies,LTD)

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [163072 2009-12-14] (Ricoh co.,Ltd.)
0 DzHDD64; C:\Windows\System32\Drivers\DzHDD64.sys [30320 2010-08-24] (Lenovo.)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [294064 2009-12-10] (Intel Corporation)
3 IBMPMDRV; C:\Windows\System32\Drivers\IBMPMDRV.sys [26928 2007-05-31] (Lenovo.)
3 jumi; C:\Windows\System32\Drivers\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
1 lenovo.smi; C:\Windows\System32\DRIVERS\smiifx64.sys [15400 2008-05-12] (Lenovo Group Limited)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-01-27] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-01-27] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-01-27] (LogMeIn, Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 psadd; C:\Windows\System32\Drivers\psadd.sys [40512 2010-09-21] (Lenovo (United States) Inc.)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [136744 2009-10-09] (Lenovo.)
2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-09-22] (Duplex Secure Ltd.)
3 tcphoc; \??\C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [8488 2010-12-21] ()
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23592 2009-10-09] (Lenovo.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
3 ALSysIO; \??\C:\Users\Galen\AppData\Local\Temp\ALSysIO64.sys [x]
4 LMIRfsClientNP; [x]
1 MpKsl627c29fc; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F96D010-7454-4101-AEB5-6410B55378A5}\MpKsl627c29fc.sys [x]
3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 14:17 - 2012-07-05 14:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-05 14:17 - 2012-07-05 14:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-05 14:01 - 2012-07-05 14:01 - 00002094 ____A C:\Windows\System32\.crusader
2012-07-05 13:49 - 2012-07-05 13:49 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-07-05 13:49 - 2012-07-05 13:49 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-05 13:48 - 2012-07-05 14:01 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-05 13:32 - 2012-07-05 13:32 - 00000000 ____D C:\FRST
2012-07-05 09:21 - 2012-07-05 09:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF040CD3B7F904B9
2012-07-05 09:18 - 2012-07-05 09:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078259FBB32C1E34
2012-07-05 09:12 - 2012-07-05 09:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC17100E5EA443EC
2012-07-05 09:04 - 2012-07-05 09:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5CF0CCEC7565E27
2012-07-05 08:56 - 2012-07-05 08:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEB257E28C1EFEF6
2012-07-05 08:53 - 2012-07-05 08:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6080D7A29578C176
2012-07-05 08:45 - 2012-07-05 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.303D21590922E5F0
2012-07-05 08:39 - 2012-07-05 08:39 - 12621696 ____A (Microsoft Corporation) C:\Users\Galen\Desktop\mseinstall.exe
2012-07-05 07:32 - 2012-07-05 07:32 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-10 17:25 - 2012-06-10 17:25 - 00000025 ____A C:\Windows\libem.INI
2012-06-10 17:24 - 2012-06-10 17:48 - 00000000 ____D C:\Users\Galen\AppData\Roaming\BITS
2012-06-10 17:24 - 2012-06-10 17:30 - 00000380 ____A C:\Windows\SysWOW64\secustat.dat
2012-06-10 17:24 - 2012-06-10 17:30 - 00000000 ____D C:\Users\Galen\AppData\Roaming\FlashGet
2012-06-10 17:24 - 2012-06-10 17:25 - 00001184 ____A C:\Windows\SysWOW64\secushr.dat
2012-06-10 17:24 - 2012-06-10 17:24 - 00001251 ____A C:\Users\Galen\Desktop\??(FlashGet)3.lnk
2012-06-10 17:24 - 2012-06-10 17:24 - 00000000 ____D C:\Users\Galen\AppData\Roaming\FlashGetBHO
2012-06-10 17:24 - 2012-06-10 17:24 - 00000000 ____D C:\Program Files (x86)\FlashGet Network
2012-06-10 17:23 - 2012-06-10 17:24 - 00000000 ____D C:\Users\Galen\AppData\Roaming\FlashgetSetup

============ 3 Months Modified Files ========================

2012-07-05 14:36 - 2010-09-21 08:57 - 00106584 ____A C:\Windows\PFRO.log
2012-07-05 14:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 14:36 - 2009-07-13 20:51 - 00082262 ____A C:\Windows\setupact.log
2012-07-05 14:33 - 2011-09-05 19:31 - 00000472 ____A C:\Windows\Tasks\AliUpdater{054C6697-5BED-4BB8-8AC4-9DB48B974069}.job
2012-07-05 14:33 - 2010-10-03 13:45 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 14:33 - 2010-09-21 07:37 - 02794907 ____A C:\Windows\WindowsUpdate.log
2012-07-05 14:17 - 2011-02-06 18:13 - 00722628 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 14:17 - 2011-02-06 18:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-05 14:10 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 14:10 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 14:01 - 2012-07-05 14:01 - 00002094 ____A C:\Windows\System32\.crusader
2012-07-05 13:49 - 2012-07-05 13:49 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-07-05 09:21 - 2012-07-05 09:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF040CD3B7F904B9
2012-07-05 09:18 - 2012-07-05 09:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.078259FBB32C1E34
2012-07-05 09:12 - 2012-07-05 09:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FC17100E5EA443EC
2012-07-05 09:04 - 2012-07-05 09:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5CF0CCEC7565E27
2012-07-05 08:56 - 2012-07-05 08:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEB257E28C1EFEF6
2012-07-05 08:53 - 2012-07-05 08:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6080D7A29578C176
2012-07-05 08:45 - 2012-07-05 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.303D21590922E5F0
2012-07-05 08:39 - 2012-07-05 08:39 - 12621696 ____A (Microsoft Corporation) C:\Users\Galen\Desktop\mseinstall.exe
2012-07-05 08:32 - 2010-09-28 13:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296915308-539289633-2008221298-1000UA.job
2012-07-05 07:30 - 2010-10-03 13:45 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 07:29 - 2012-04-05 10:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-05 07:29 - 2011-05-19 15:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-05 05:21 - 2010-09-21 08:42 - 00000332 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-05 05:19 - 2010-09-28 13:47 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296915308-539289633-2008221298-1000Core.job
2012-07-01 13:50 - 2011-12-30 08:30 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-24 16:08 - 2009-07-13 21:13 - 00717324 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-17 13:13 - 2010-09-21 10:05 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-06-16 06:23 - 2010-09-21 10:04 - 00051666 ____A C:\Windows\System32\lvcoinst.log
2012-06-10 17:30 - 2012-06-10 17:24 - 00000380 ____A C:\Windows\SysWOW64\secustat.dat
2012-06-10 17:25 - 2012-06-10 17:25 - 00000025 ____A C:\Windows\libem.INI
2012-06-10 17:25 - 2012-06-10 17:24 - 00001184 ____A C:\Windows\SysWOW64\secushr.dat
2012-06-10 17:24 - 2012-06-10 17:24 - 00001251 ____A C:\Users\Galen\Desktop\??(FlashGet)3.lnk
2012-06-08 11:23 - 2010-09-21 08:42 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-04 20:01 - 2012-06-04 20:01 - 00001035 ____A C:\Users\Public\Desktop\????2012.lnk
2012-06-04 20:01 - 2009-07-13 18:34 - 00000504 ____A C:\Windows\win.ini
2012-05-21 16:05 - 2010-09-21 16:36 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 16:05 - 2010-09-21 16:36 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-21 16:05 - 2010-09-21 16:36 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-11 07:36 - 2010-10-09 18:49 - 00000928 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2012-05-11 07:32 - 2010-10-17 14:56 - 00106907 ____A C:\Users\Galen\umbrella0.log
2012-05-01 12:11 - 2010-09-21 08:26 - 00113360 ____A C:\Users\Galen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-01 12:10 - 2009-07-13 20:45 - 00429328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-30 12:11 - 2010-10-16 10:10 - 00141312 ____A C:\Users\Galen\metadata.db
2012-04-30 05:59 - 2012-04-30 05:59 - 00002224 ____A C:\Users\Galen\Desktop\Kindle.lnk
2012-04-30 05:40 - 2010-10-16 10:06 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-04-30 05:33 - 2012-04-30 05:33 - 46976360 ____A C:\Users\Galen\Downloads\calibre-0.8.49.msi
2012-04-25 18:58 - 2012-04-25 18:58 - 03466248 ____A (TrueCrypt Foundation) C:\Users\Galen\Desktop\TrueCrypt Setup 7.1a.exe
2012-04-20 16:31 - 2012-04-20 16:31 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-17 11:21 - 2012-04-17 11:20 - 00000037 ____A C:\Users\Galen\Desktop\moving company.txt
2012-04-16 09:41 - 2012-04-16 09:41 - 00047616 ____A C:\Windows\SysWOW64\pdf995mon64.dll
2012-04-07 07:27 - 2010-09-21 08:07 - 00025006 ____A C:\Windows\DPINST.LOG
2012-04-07 07:03 - 2012-04-07 07:03 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-07 07:03 - 2012-04-07 07:03 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-07 07:03 - 2012-04-07 07:03 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-07 07:03 - 2010-09-23 17:26 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-07 06:52 - 2012-03-19 20:03 - 00002021 ____A C:\Users\Galen\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-04-07 06:51 - 2012-04-07 06:51 - 00000460 ____A C:\Users\Galen\AppData\Local\ICBCAntiPhishing_2012_04_07.log
2012-04-07 06:44 - 2012-04-07 06:44 - 00525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-07 06:44 - 2012-04-07 06:44 - 00191264 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-07 06:44 - 2012-04-07 06:44 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-07 06:44 - 2012-04-07 06:44 - 00172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3891.67 MB
Available physical RAM: 3265.27 MB
Total Pagefile: 3889.82 MB
Available Pagefile: 3255.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:117.19 GB) (Free:35.68 GB) NTFS
2 Drive e: () (Fixed) (Total:169.96 GB) (Free:126.11 GB) NTFS
3 Drive f: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.73 GB) NTFS
4 Drive g: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.21 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7691 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 117 GB 1201 MB
Partition 3 Primary 169 GB 118 GB
Partition 4 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 117 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 169 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7691 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CRUZER FAT32 Removable 7691 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 10:25

======================= End Of Log =================

 

[Galen]

I found SE still could not be updated and each time I clicks Update and it returns an error message of "Connection Failed". Is there a cure for this?

 

[Galen]

Result of searching Services.exe


Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 2012-07-05 19:25:51
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================

Nothing major in Farbar log but I can see some leftovers so we better run some checks.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Galen]

Thanks Broni. Following is the log from MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Galen :: GNTPX [administrator]

7/5/2012 8:12:45 PM
mbam-log-2012-07-05 (20-12-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219076
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{71DD8FD0-9176-41BE-B0D7-EFAD33DF88E6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\thunder (Trojan.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Galen\Local Settings\Temporary Internet Files\aliedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

[Broni]

Please do NOT quote my replies.

 

[Galen]

Sure.

GMER didn't produce any log.

 

[Galen]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Galen at 20:40:58 on 2012-07-05
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.1033.18.3892.2326 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files (x86)\Common Files\alipay\AliveService\AliveService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
C:\IDrive\IDriveE Service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\alipay\SafeTransaction\AlipaySafeTran.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\Galen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
C:\Users\Galen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: ??à×á÷??ì?ì?2aIE?§3?: {01443aec-0fd1-40fd-9c87-e93d1494c233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.28.1564.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ??à×?????§3?: {889d2feb-5411-4565-8998-1dd2c5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Galen\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: ICBC Anti-Phishing class: {bb4491a2-d11a-4c6b-91c0-b53246a3122b} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe
uRun: [Akamai NetSession Interface] "C:\Users\Galen\AppData\Local\Akamai\netsession_win.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Galen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [aliim] C:\Program Files (x86)\AliWangWang\aliim.exe /run:auto
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Galen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Galen\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~2.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: &使用115优蛋 3下载 - C:\Program Files (x86)\115\UDown\getUrl.htm
IE: &使用115优蛋 3下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm
IE: &使用115优蛋下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: 使用快车3下载 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: 使用快车3下载全部视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: 使用快车3下载全部链接 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: 使用快车3下载当前视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: 使用迅雷查看图片 - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
IE: 添加为阿里旺旺表情 - C:\Program Files (x86)\AliWangWang\7.10.08C\AddNewEmotion.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/ukey/cert/1007/ie/PTA.cab
DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://mybank.icbc.com.cn/icbc/GDReadPub.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {7CCE07A5-A590-4554-B5C3-082840D7012E} - hxxps://mybank.icbc.com.cn/icbc/icbc_gdgetdv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\0554142535F4E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\74E48435 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\74E494054302D4977596 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\74E4D22747 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\74E4D25374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\76E696074302D4977596 : DhcpNameServer = 172.18.206.215 172.18.206.215 8.8.8.8
TCP: Interfaces\{1996CACF-B2EA-42A9-8452-94B436753C97}\F4E402E4564777F627B6 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{B4888E42-93F2-4867-8D30-A027C6472015} : DhcpNameServer = 69.78.96.14 66.174.95.44 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: ??à×á÷??ì?ì?2aIE?§3?: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.28.1564.dll
BHO-X64: Thunder AtOnce - No File
BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO-X64: Virtual Account Numbers Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ??à×?????§3?: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll
BHO-X64: XunleiBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Galen\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: ICBC Anti-Phishing class: {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll
BHO-X64: 中国工商银行BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\lbif93hh.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\lbif93hh.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
FF - component: C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\lbif93hh.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.00.01C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.00.06C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.00.09C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.00.20C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.10.08C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\7.20.01C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(996).dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
FF - plugin: C:\Users\Galen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Galen\AppData\Roaming\alipay\cf\npalicdo.dll
FF - plugin: C:\Users\Galen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Galen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\aliedit\3.0.2.0\npaliedit.dll
FF - plugin: C:\Windows\system32\aliedit\3.0.2.0\npAliSecCtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AlipaySecSvc;Alipay security service;C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [2012-6-18 303968]
R2 AliveSvc;Alipay alive service;C:\Program Files (x86)\Common Files\alipay\AliveService\AliveService.exe [2012-6-18 110432]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 ICBC Daemon Service;ICBC Daemon Service;C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe [2010-9-17 397216]
R2 IDriveE Service;IDriveE Service;C:\IDrive\IDriveE Service.exe [2011-1-1 148936]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-9-21 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-9-21 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-9-21 93032]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-11 375176]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-9-21 63928]
R2 TSUSVC;Tencent Software Update Service;C:\Program Files (x86)\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe [2010-6-7 132472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-21 2320920]
R2 XLDoctor Services;XLDoctor Services;C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe [2011-2-13 38704]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-9-21 45496]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-9-21 164200]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-5-7 24560]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 tcphoc;tcphoc;C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [2010-12-21 8488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-06 00:11:52 -------- d-----w- C:\Users\Galen\AppData\Roaming\Malwarebytes
2012-07-06 00:11:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-06 00:11:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-06 00:11:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-06 00:06:59 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-06 00:06:50 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-06 00:06:39 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-06 00:06:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-05 23:59:35 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A29D2AA-937C-4E81-801D-4E2174AEEC4C}\gapaengine.dll
2012-07-05 23:59:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12458222-B0D8-48E6-A7F1-A281AF0A6D91}\mpengine.dll
2012-07-05 21:48:33 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-05 21:32:42 -------- d-----w- C:\FRST
2012-06-21 18:41:53 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 18:41:53 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 01:24:40 -------- d-----w- C:\Users\Galen\AppData\Roaming\BITS
2012-06-11 01:24:33 -------- d-----w- C:\Users\Galen\AppData\Roaming\FlashGetBHO
2012-06-11 01:24:29 -------- d-----w- C:\Users\Galen\AppData\Roaming\FlashGet
2012-06-11 01:24:29 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2012-06-11 01:23:56 -------- d-----w- C:\Users\Galen\AppData\Roaming\FlashgetSetup
.
==================== Find3M ====================
.
2012-05-22 00:05:13 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-05-22 00:05:13 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-05-22 00:05:13 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-04-16 17:41:52 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2012-04-07 15:03:28 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-07 14:44:43 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 20:41:37.11 ===============

 

[Galen]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2010 11:37:45 AM
System Uptime: 7/5/2012 8:26:25 PM (0 hours ago)
.
Motherboard: LENOVO | | 32492HU
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | None | 2376/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 37.825 GiB free.
D: is FIXED (NTFS) - 170 GiB total, 126.107 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 3.73 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaa4fe3f6
Device ID: ROOT\LEGACY_MPKSLAA4FE3F6\0000
Manufacturer:
Name: MpKslaa4fe3f6
PNP Device ID: ROOT\LEGACY_MPKSLAA4FE3F6\0000
Service: MpKslaa4fe3f6
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&2BE2F18C&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&2BE2F18C&0&2
Service: BthPan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Centrino(R) Advanced-N 6200 AGN
Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&24D64371&0&00E4
Manufacturer: Intel Corporation
Name: Intel(R) Centrino(R) Advanced-N 6200 AGN
PNP Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&24D64371&0&00E4
Service: NETw5s64
.
==== System Restore Points ===================
.
RP459: 6/28/2012 2:32:16 PM - Scheduled Checkpoint
RP460: 7/5/2012 7:50:36 PM - Restore Operation
RP461: 7/5/2012 8:06:11 PM - Windows Update
RP462: 7/5/2012 8:08:28 PM - Windows Update
.
==== Installed Programs ======================
.
.
115UDown
1ClickDownloader
Adobe Acrobat 9 Pro Extended - EFG
Adobe Acrobat 9 Pro Extended - English, Fran鏰is, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Alipay Cert Component 2.0.0.1
Alipay security control 3.0.2.0
AliveService 1.0.4.0
Amazon Kindle
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Audacity 1.3.13 (Unicode)
BitComet 1.29 64-bit
calibre
CardMinder V3.2
CoffeeCup Free HTML Editor
D3DX10
DHTML Editing Component
Dropbox
eMule
Freecorder 4
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2011
H&R Block Georgia 2011
HTC Driver Installer
IDrive version 3.3.4 December 29, 2010
ImgBurn
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iPhone Configuration Utility
iTudou 2.8.2.0
Java Auto Updater
Java(TM) 6 Update 31
LAME v3.98.3 for Audacity
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PPS影音 V2.7.0.1193 正式版
PPS游戏 V1.0.1.270
QPST 2.7
QuickTime
Safari
SafeTransaction 4.2.0.0
ScanSnap Manager
ScanSnap Organizer
Skype Click to Call
Skype? 5.8
swMSM
SyncBack
System Update
ThinkPad Power Manager
ThinkPad UltraNav Utility
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
USB Electronic Scale
Virtual Account Numbers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin

.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 9:29:08 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/5/2012 8:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/5/2012 8:27:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/5/2012 8:02:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/5/2012 7:59:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/5/2012 7:59:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/5/2012 7:59:40 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.0.8001.0 Engine Type: Network Inspection System User: GNTPX\Galen Error Code: 0x8007051a Error description: Indicates two revision levels are incompatible.
7/5/2012 7:59:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.159.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: GNTPX\Galen Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x8007051a Error description: Indicates two revision levels are incompatible.
7/5/2012 7:57:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/5/2012 7:56:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/5/2012 7:56:02 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
7/5/2012 7:56:00 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
7/5/2012 7:56:00 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: 1.1.6502.0 Previous Engine Version: Engine Type: Antimalware User: NT AUTHORITY\SYSTEM Error Code: 0x80070002 Error description: The system cannot find the file specified.
7/5/2012 7:49:06 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/5/2012 7:46:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 7:46:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 7:46:11 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/5/2012 7:46:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/5/2012 7:45:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/5/2012 7:45:26 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/5/2012 7:45:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/5/2012 6:36:29 PM, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/5/2012 6:36:29 PM, Error: Service Control Manager [7000] - The Bluetooth Support Service service failed to start due to the following error: The service did not start due to a logon failure.
7/5/2012 6:19:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:19:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1082.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:18:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:17:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:14:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:11:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:11:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:10:46 PM, Error: Microsoft Antimalware [1012] - Microsoft Antimalware has encountered an error trying to delete an item from quarantine. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.BH&threatid=2147643719 Name: Exploit:Java/CVE-2010-0840.BH ID: 2147643719 Severity: Severe Category: Exploit Path: file:_C:\A\Users\Galen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3f054e06-541a8387 User: GNTPX\Galen Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0 Engine Version: 1.1.8502.0
7/5/2012 6:10:46 PM, Error: Microsoft Antimalware [1012] - Microsoft Antimalware has encountered an error trying to delete an item from quarantine. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.BH&threatid=2147643719 Name: Exploit:Java/CVE-2010-0840.BH ID: 2147643719 Severity: Severe Category: Exploit Path: file:_C:\A\Users\Galen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3f054e06-541a8387 User: GNTPX\Galen Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0 Engine Version: 1.1.8502.0
7/5/2012 6:10:46 PM, Error: Microsoft Antimalware [1012] - Microsoft Antimalware has encountered an error trying to delete an item from quarantine. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.BH&threatid=2147643719 Name: Exploit:Java/CVE-2010-0840.BH ID: 2147643719 Severity: Severe Category: Exploit Path: file:_C:\A\Users\Galen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3f054e06-541a8387 User: GNTPX\Galen Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0 Engine Version: 1.1.8502.0
7/5/2012 6:09:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:04:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:04:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 6:02:55 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
7/5/2012 6:01:03 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
7/5/2012 5:47:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
7/5/2012 5:47:47 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/5/2012 12:59:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:656 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 12:56:50 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:660 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 12:53:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:656 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 12:51:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:660 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 12:48:16 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:640 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 12:45:31 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:652 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:21:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:696 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:18:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:660 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/5/2012 1:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
7/5/2012 1:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/5/2012 1:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/5/2012 1:18:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/5/2012 1:15:30 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:644 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:15:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1726" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/5/2012 1:12:36 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:644 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:09:54 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:656 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:07:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:660 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:04:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:696 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.932.0, AS: 1.129.932.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/5/2012 1:04:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/5/2012 1:03:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.932.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
7/4/2012 10:01:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/3/2012 5:53:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/3/2012 11:51:36 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 00-17-2F-50-50-59. Network operations on this system may be disrupted as a result.
7/2/2012 3:51:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/2/2012 10:46:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GN410-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1996CACF-B2EA-42A9-8452-94B436753C97}. The master browser is stopping or an election is being forced.
7/2/2012 10:46:25 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
7/1/2012 9:39:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GNTPT61 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1996CACF-B2EA-42A9-8452-94B436753C97}. The master browser is stopping or an election is being forced.
7/1/2012 12:05:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/30/2012 11:10:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/29/2012 1:39:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.601.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/28/2012 5:28:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/28/2012 11:54:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2180.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/28/2012 11:46:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/28/2012 1:21:57 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 70-F1-A1-55-03-31. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!