# svchost.exe virus



## JonesIndustries (Aug 18, 2012)

I've been reading as many post as I can to fix this myself but haven't had any luck. Malwarebytes keeps notifying me that there's a problem. MSE won't update so I uninstalled it. I'm lost, but I've got a ton of reports.


----------



## JonesIndustries (Aug 18, 2012)

Combofix

ComboFix 12-08-28.03 - JOHN 08/28/2012 14:54:32.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7989.6257 [GMT -7:00]
Running from: c:\users\JOHN\Desktop\ComboFix.exe
Command switches used :: c:\users\JOHN\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\svchost.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 21:59 . 2012-08-28 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\users\JOHN\AppData\Roaming\Malwarebytes
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 20:12 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 19:17 . 2012-08-28 19:18 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-26 15:34 . 2012-08-26 15:34 -------- d-----w- C:\WINSSLog
2012-08-20 23:41 . 2012-08-20 23:41 50392 ----a-w- c:\windows\system32\drivers\elyvtctz.sys
2012-08-20 16:06 . 2012-08-20 16:06 328704 ----a-w- c:\windows\system32\services.exe.E68069FAE2D3A59E
2012-08-16 21:07 . 2012-08-16 21:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-15 09:13 . 2012-08-15 09:13 1837568 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll
2012-08-15 01:03 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 01:03 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 01:03 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 01:03 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 01:03 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 01:03 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 01:03 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 01:03 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 01:03 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 01:03 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 01:03 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 01:03 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 04:49 . 2012-08-13 04:49 -------- d-----w- c:\users\JOHN\AppData\Roaming\Xilisoft
2012-08-13 02:40 . 2012-08-13 02:40 -------- d-----w- c:\programdata\Xilisoft
2012-08-13 02:39 . 2012-08-13 02:39 -------- d-----w- c:\program files (x86)\Xilisoft
2012-08-11 10:00 . 2012-08-11 10:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-09 19:19 . 2012-08-09 19:19 -------- d-----w- c:\program files (x86)\Nuance
2012-07-31 16:15 . 2012-08-28 21:44 -------- d-----r- c:\users\JOHN\Dropbox
2012-07-31 16:06 . 2012-08-28 21:44 -------- d-----w- c:\users\JOHN\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 01:27 . 2011-05-13 17:43 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 00:50 . 2012-04-01 21:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:50 . 2011-05-14 15:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 15:26 . 2012-07-03 15:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-03 15:26 . 2012-07-03 15:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-09 05:43 . 2012-07-11 13:00 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 13:00 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 13:00 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 13:00 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 13:00 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 13:00 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 13:00 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 21:41 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 21:41 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 21:41 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 21:41 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 21:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-24 21:41 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 21:41 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 21:41 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-24 21:41 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 13:00 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 13:00 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 13:00 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 13:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 13:00 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 13:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 13:00 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 13:00 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 13:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 00:18 . 2012-05-31 00:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((( [email protected]_00.27.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-28 22:00 . 2012-08-28 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-21 00:26 . 2012-08-21 00:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-28 22:00 . 2012-08-28 22:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-21 00:26 . 2012-08-21 00:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-20 15:51 361600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-28 21:59 361600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-21 00:46 . 2012-08-27 04:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-08-21 00:46 . 2012-08-27 04:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-08-21 00:46 . 2012-08-27 04:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-08-21 00:46 . 2012-08-27 04:32 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2011-05-13 22:22 . 2012-08-28 20:03 5083318 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3903430519-452506101-3320713040-1000-12288.dat
+ 2012-08-16 23:47 . 2012-08-28 19:18 9804760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-26 16:12 . 2012-08-26 16:12 8452608 c:\windows\Installer\1439ad.msi
+ 2011-05-13 20:28 . 2012-08-28 21:59 32484492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3903430519-452506101-3320713040-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AdobeCS5ServiceManager"="c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-14 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R1 vphqgfxu;vphqgfxu;c:\windows\system32\drivers\vphqgfxu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:50]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 05:42]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 05:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-28 15:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-28 22:06
ComboFix2.txt 2012-08-28 20:10
ComboFix3.txt 2012-08-27 20:39
ComboFix4.txt 2012-08-27 04:20
ComboFix5.txt 2012-08-28 21:53
.
Pre-Run: 66,945,744,896 bytes free
Post-Run: 66,872,238,080 bytes free
.
- - End Of File - - F67F8DC2B5532134DB920A456832A397


----------



## JonesIndustries (Aug 18, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:12:21 PM, on 8/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\JOHN\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Belkin Storage Manager] "C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - Unknown owner - C:\Windows\system32\regw2.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8665 bytes


----------



## JonesIndustries (Aug 18, 2012)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2011 6:20:23 PM
System Uptime: 8/29/2012 10:59:36 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 60.691 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP159: 8/26/2012 12:13:00 AM - Scheduled Checkpoint
RP160: 8/26/2012 8:28:10 AM - Removed Google Talk Plugin
RP161: 8/26/2012 8:40:38 PM - Removed Google Talk Plugin
RP162: 8/27/2012 7:43:49 PM - Removed IObit Toolbar v6.2.
RP163: 8/28/2012 10:14:48 AM - Installed Microsoft Fix it 50687
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Add or Remove Adobe Premiere Pro CS5
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Belkin Storage Manager
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Combined Community Codec Pack 2010-10-10
D3DX10
Dell Dock
Dropbox
erLT
Final Draft
Google Earth
Google Update Helper
GoPro CineForm Studio 1.1.2
Logitech SetPoint
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
VoiceOver Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xilisoft DVD Ripper Ultimate
.
==== Event Viewer Messages From Past Week ========
.
8/29/2012 12:16:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/29/2012 12:16:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/29/2012 11:02:06 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/29/2012 11:01:18 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/29/2012 11:00:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA
8/29/2012 11:00:01 AM, Error: Service Control Manager [7000] - The FLEXnet Licensing Manager for Adobe Products service failed to start due to the following error: The system cannot find the file specified.
8/28/2012 9:54:28 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/28/2012 9:54:28 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/28/2012 9:54:25 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/28/2012 8:12:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 8:12:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 4:27:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 4:27:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:45:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:45:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:34:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section. 
8/28/2012 3:34:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section. 
8/28/2012 3:34:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section. 
8/28/2012 3:34:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section. 
8/28/2012 3:34:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section. 
8/28/2012 3:33:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/28/2012 3:33:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/28/2012 3:33:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/28/2012 3:33:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/28/2012 3:33:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.21.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/28/2012 3:32:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:32:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:31:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:31:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/28/2012 3:06:29 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/28/2012 3:00:29 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/28/2012 2:59:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/28/2012 2:53:09 PM, Error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2012 12:22:18 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
8/28/2012 12:19:32 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/28/2012 12:19:32 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/28/2012 12:19:30 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
8/28/2012 10:07:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
8/28/2012 10:07:22 AM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/28/2012 1:02:32 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/28/2012 1:02:32 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/27/2012 8:30:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 8:30:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 12:26:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
8/27/2012 12:26:20 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/27/2012 12:26:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/27/2012 12:16:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 12:16:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 12:07:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 12:07:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:51:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:51:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:48:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:48:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:47:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:47:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:47:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:47:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 11:45:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 5 service to connect.
8/27/2012 11:45:17 AM, Error: Service Control Manager [7000] - The Advanced SystemCare Service 5 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/27/2012 1:57:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:57:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:47:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:47:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:45:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:45:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:42:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/27/2012 1:42:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/26/2012 9:49:51 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496 Detection Origin: Local machine Detection Type: Concrete  Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 9:49:50 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x800706ba'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/26/2012 9:46:41 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:540 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 9:35:28 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:464 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
8/26/2012 9:34:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/26/2012 9:34:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/26/2012 9:34:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/26/2012 9:34:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/26/2012 9:34:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.411.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
8/26/2012 9:33:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/26/2012 9:33:32 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/26/2012 9:32:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/26/2012 9:32:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/26/2012 9:26:55 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:440 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
8/26/2012 9:26:36 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 9:26:29 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
8/26/2012 9:26:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
8/26/2012 9:21:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/26/2012 9:19:45 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:804 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 9:12:12 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/26/2012 8:52:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA discache MpFilter spldr Wanarpv6
8/26/2012 8:50:22 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\system32\services.exe;file:_C:\Windows\system32\services.exe->731;process:_pid:496 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 8:45:42 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:488 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 8:38:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 
8/26/2012 8:34:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/26/2012 8:32:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/26/2012 8:32:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/26/2012 8:32:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/26/2012 8:32:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/26/2012 8:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/26/2012 8:32:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSHA DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/26/2012 8:32:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:24:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:464 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
8/26/2012 8:23:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/26/2012 8:23:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 8:22:02 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:49:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:512 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:45:46 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:504 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:42:56 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:40:06 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:37:20 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:496 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:34:17 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:500 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/26/2012 11:31:17 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:464 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.133.397.0, AS: 1.133.397.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
8/26/2012 11:31:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/26/2012 11:30:39 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
8/26/2012 10:04:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win64/Sirefef.B&threatid=2147657891 Name: Virus:Win64/Sirefef.B ID: 2147657891 Severity: Severe Category: Virus Path: file:_C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd8407f7cdf82e.0000 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.133.411.0, AS: 1.133.411.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
8/24/2012 6:41:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/22/2012 9:52:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 9:52:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 8:56:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 8:56:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 8:07:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 8:07:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.19.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
8/22/2012 7:57:01 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753637.
8/22/2012 7:56:59 AM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
8/22/2012 12:16:28 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win64/Sirefef.B&threatid=2147657891 Name: Virus:Win64/Sirefef.B ID: 2147657891 Severity: Severe Category: Virus Path: file:_C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: JOHN-PC\JOHN Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.133.19.0, AS: 1.133.19.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8703.0, NIS: 2.0.8001.0
.
==== End Of File ===========================


----------



## JonesIndustries (Aug 18, 2012)

2012-08-26 20:45:19, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:19, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:22, Info CSI 0000000c [SR] Verify complete
2012-08-26 20:45:22, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:22, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:25, Info CSI 00000010 [SR] Verify complete
2012-08-26 20:45:25, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:25, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:27, Info CSI 00000014 [SR] Verify complete
2012-08-26 20:45:27, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:27, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:31, Info CSI 00000018 [SR] Verify complete
2012-08-26 20:45:31, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:31, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:34, Info CSI 0000001c [SR] Verify complete
2012-08-26 20:45:34, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:34, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:36, Info CSI 00000020 [SR] Verify complete
2012-08-26 20:45:37, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:37, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:39, Info CSI 00000024 [SR] Verify complete
2012-08-26 20:45:39, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:39, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:43, Info CSI 00000028 [SR] Verify complete
2012-08-26 20:45:43, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:43, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:44, Info CSI 0000002c [SR] Verify complete
2012-08-26 20:45:44, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:44, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:45, Info CSI 00000030 [SR] Verify complete
2012-08-26 20:45:46, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:46, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:49, Info CSI 00000035 [SR] Verify complete
2012-08-26 20:45:50, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:50, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-26 20:45:55, Info CSI 0000003b [SR] Verify complete
2012-08-26 20:45:56, Info CSI 0000003c [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:45:56, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:03, Info CSI 00000040 [SR] Verify complete
2012-08-26 20:46:03, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:03, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:07, Info CSI 00000045 [SR] Verify complete
2012-08-26 20:46:07, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:07, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:12, Info CSI 00000049 [SR] Verify complete
2012-08-26 20:46:12, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:12, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:17, Info CSI 00000070 [SR] Verify complete
2012-08-26 20:46:17, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:17, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:22, Info CSI 00000074 [SR] Verify complete
2012-08-26 20:46:22, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:22, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:26, Info CSI 00000078 [SR] Verify complete
2012-08-26 20:46:26, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:26, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:32, Info CSI 0000007c [SR] Verify complete
2012-08-26 20:46:32, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:32, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:36, Info CSI 00000080 [SR] Verify complete
2012-08-26 20:46:36, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:36, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:42, Info CSI 00000084 [SR] Verify complete
2012-08-26 20:46:42, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:42, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:49, Info CSI 000000a9 [SR] Verify complete
2012-08-26 20:46:50, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:50, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2012-08-26 20:46:56, Info CSI 000000ad [SR] Verify complete
2012-08-26 20:46:56, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:46:56, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:17, Info CSI 000000b3 [SR] Verify complete
2012-08-26 20:47:17, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:17, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:20, Info CSI 000000b7 [SR] Verify complete
2012-08-26 20:47:20, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:20, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:21, Info CSI 000000bb [SR] Verify complete
2012-08-26 20:47:21, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:21, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:23, Info CSI 000000bf [SR] Verify complete
2012-08-26 20:47:23, Info CSI 000000c0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:23, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:31, Info CSI 000000d4 [SR] Verify complete
2012-08-26 20:47:31, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:31, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:34, Info CSI 000000d8 [SR] Verify complete
2012-08-26 20:47:34, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:34, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:35, Info CSI 000000dc [SR] Verify complete
2012-08-26 20:47:35, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:35, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:38, Info CSI 000000e0 [SR] Verify complete
2012-08-26 20:47:39, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:39, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:43, Info CSI 000000e4 [SR] Verify complete
2012-08-26 20:47:43, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:43, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:51, Info CSI 000000ea [SR] Verify complete
2012-08-26 20:47:51, Info CSI 000000eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:51, Info CSI 000000ec [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:55, Info CSI 000000ee [SR] Verify complete
2012-08-26 20:47:55, Info CSI 000000ef [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:55, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction
2012-08-26 20:47:58, Info CSI 000000f2 [SR] Verify complete
2012-08-26 20:47:58, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:47:58, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:04, Info CSI 000000f6 [SR] Verify complete
2012-08-26 20:48:04, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:04, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:10, Info CSI 000000fa [SR] Verify complete
2012-08-26 20:48:11, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:11, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:16, Info CSI 000000fe [SR] Verify complete
2012-08-26 20:48:16, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:16, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:26, Info CSI 00000118 [SR] Verify complete
2012-08-26 20:48:26, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:26, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:31, Info CSI 0000011c [SR] Verify complete
2012-08-26 20:48:31, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:31, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:44, Info CSI 00000120 [SR] Verify complete
2012-08-26 20:48:44, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:44, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2012-08-26 20:48:55, Info CSI 00000125 [SR] Verify complete
2012-08-26 20:48:55, Info CSI 00000126 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:48:55, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:04, Info CSI 00000129 [SR] Verify complete
2012-08-26 20:49:04, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:04, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:08, Info CSI 0000012d [SR] Verify complete
2012-08-26 20:49:08, Info CSI 0000012e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:08, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:14, Info CSI 00000131 [SR] Verify complete
2012-08-26 20:49:14, Info CSI 00000132 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:14, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:18, Info CSI 00000137 [SR] Verify complete
2012-08-26 20:49:18, Info CSI 00000138 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:18, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:22, Info CSI 0000013b [SR] Verify complete
2012-08-26 20:49:22, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:22, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:33, Info CSI 0000013f [SR] Verify complete
2012-08-26 20:49:33, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:33, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:39, Info CSI 00000144 [SR] Verify complete
2012-08-26 20:49:40, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:40, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:43, Info CSI 00000148 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-26 20:49:44, Info CSI 0000014b [SR] Verify complete
2012-08-26 20:49:44, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:44, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:46, Info CSI 0000014f [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:49:50, Info CSI 00000151 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:49:50, Info CSI 00000152 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:49:50, Info CSI 00000155 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-26 20:49:50, Info CSI 00000157 [SR] Verify complete
2012-08-26 20:49:50, Info CSI 00000158 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:50, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2012-08-26 20:49:58, Info CSI 0000015c [SR] Verify complete
2012-08-26 20:49:58, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:49:58, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:03, Info CSI 00000160 [SR] Verify complete
2012-08-26 20:50:03, Info CSI 00000161 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:03, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:08, Info CSI 00000164 [SR] Verify complete
2012-08-26 20:50:08, Info CSI 00000165 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:08, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:13, Info CSI 00000169 [SR] Verify complete
2012-08-26 20:50:13, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:13, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:18, Info CSI 0000016d [SR] Verify complete
2012-08-26 20:50:18, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:18, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:23, Info CSI 00000172 [SR] Verify complete
2012-08-26 20:50:23, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:23, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:31, Info CSI 00000176 [SR] Verify complete
2012-08-26 20:50:31, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:31, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:36, Info CSI 0000017c [SR] Verify complete
2012-08-26 20:50:36, Info CSI 0000017d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:36, Info CSI 0000017e [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:40, Info CSI 00000180 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:50:41, Info CSI 00000182 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:50:41, Info CSI 00000183 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:50:41, Info CSI 00000186 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-26 20:50:42, Info CSI 00000188 [SR] Verify complete
2012-08-26 20:50:42, Info CSI 00000189 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:42, Info CSI 0000018a [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:48, Info CSI 0000018d [SR] Verify complete
2012-08-26 20:50:48, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:48, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:55, Info CSI 00000191 [SR] Verify complete
2012-08-26 20:50:55, Info CSI 00000192 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:55, Info CSI 00000193 [SR] Beginning Verify and Repair transaction
2012-08-26 20:50:56, Info CSI 00000195 [SR] Verify complete
2012-08-26 20:50:56, Info CSI 00000196 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:50:56, Info CSI 00000197 [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:00, Info CSI 00000199 [SR] Verify complete
2012-08-26 20:51:00, Info CSI 0000019a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:00, Info CSI 0000019b [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:05, Info CSI 0000019d [SR] Verify complete
2012-08-26 20:51:05, Info CSI 0000019e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:05, Info CSI 0000019f [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:10, Info CSI 000001a1 [SR] Verify complete
2012-08-26 20:51:10, Info CSI 000001a2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:10, Info CSI 000001a3 [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:14, Info CSI 000001a5 [SR] Verify complete
2012-08-26 20:51:14, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:14, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:18, Info CSI 000001a9 [SR] Verify complete
2012-08-26 20:51:18, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:18, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:31, Info  CSI 000001ad [SR] Verify complete
2012-08-26 20:51:31, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:31, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:52, Info CSI 000001b1 [SR] Verify complete
2012-08-26 20:51:52, Info CSI 000001b2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:52, Info CSI 000001b3 [SR] Beginning Verify and Repair transaction
2012-08-26 20:51:58, Info CSI 000001b5 [SR] Verify complete
2012-08-26 20:51:58, Info CSI 000001b6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:51:58, Info CSI 000001b7 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:04, Info CSI 000001b9 [SR] Verify complete
2012-08-26 20:52:04, Info CSI 000001ba [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:04, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:05, Info CSI 000001bd [SR] Verify complete
2012-08-26 20:52:05, Info CSI 000001be [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:05, Info CSI 000001bf [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:08, Info CSI 000001c1 [SR] Verify complete
2012-08-26 20:52:08, Info CSI 000001c2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:08, Info CSI 000001c3 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:13, Info CSI 000001c5 [SR] Verify complete
2012-08-26 20:52:14, Info CSI 000001c6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:14, Info CSI 000001c7 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:20, Info CSI 000001cf [SR] Verify complete
2012-08-26 20:52:20, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:20, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:24, Info CSI 000001d3 [SR] Verify complete
2012-08-26 20:52:24, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:24, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:27, Info CSI 000001d7 [SR] Verify complete
2012-08-26 20:52:28, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:28, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:31, Info CSI 000001db [SR] Verify complete
2012-08-26 20:52:31, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:31, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:37, Info CSI 000001df [SR] Verify complete
2012-08-26 20:52:38, Info CSI 000001e0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:38, Info CSI 000001e1 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:44, Info CSI 000001e4 [SR] Verify complete
2012-08-26 20:52:44, Info CSI 000001e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:44, Info CSI 000001e6 [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:47, Info CSI 000001e8 [SR] Verify complete
2012-08-26 20:52:48, Info CSI 000001e9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:48, Info CSI 000001ea [SR] Beginning Verify and Repair transaction
2012-08-26 20:52:51, Info CSI 000001ec [SR] Verify complete
2012-08-26 20:52:51, Info CSI 000001ed [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:52:51, Info CSI 000001ee [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:03, Info CSI 000001f3 [SR] Verify complete
2012-08-26 20:53:03, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:03, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:10, Info CSI 000001fa [SR] Verify complete
2012-08-26 20:53:10, Info CSI 000001fb [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:10, Info CSI 000001fc [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:18, Info CSI 000001ff [SR] Verify complete
2012-08-26 20:53:18, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:18, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:25, Info CSI 0000020c [SR] Verify complete
2012-08-26 20:53:25, Info CSI 0000020d [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:25, Info CSI 0000020e [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:31, Info CSI 00000214 [SR] Verify complete
2012-08-26 20:53:31, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:31, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:35, Info CSI 00000218 [SR] Verify complete
2012-08-26 20:53:35, Info CSI 00000219 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:35, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:40, Info CSI 0000021e [SR] Verify complete
2012-08-26 20:53:40, Info CSI 0000021f [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:40, Info CSI 00000220 [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:45, Info CSI 00000233 [SR] Verify complete
2012-08-26 20:53:45, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:45, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:50, Info CSI 00000249 [SR] Verify complete
2012-08-26 20:53:50, Info CSI 0000024a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:50, Info CSI 0000024b [SR] Beginning Verify and Repair transaction
2012-08-26 20:53:54, Info CSI 0000024d [SR] Verify complete
2012-08-26 20:53:55, Info CSI 0000024e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:53:55, Info CSI 0000024f [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:00, Info CSI 00000251 [SR] Verify complete
2012-08-26 20:54:00, Info CSI 00000252 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:00, Info CSI 00000253 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:03, Info CSI 00000261 [SR] Verify complete
2012-08-26 20:54:03, Info CSI 00000262 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:03, Info CSI 00000263 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:11, Info CSI 00000265 [SR] Verify complete
2012-08-26 20:54:11, Info CSI 00000266 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:11, Info CSI 00000267 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:17, Info CSI 00000275 [SR] Verify complete
2012-08-26 20:54:17, Info CSI 00000276 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:17, Info CSI 00000277 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:20, Info CSI 00000279 [SR] Verify complete
2012-08-26 20:54:20, Info CSI 0000027a [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:20, Info CSI 0000027b [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:24, Info CSI 0000027d [SR] Verify complete
2012-08-26 20:54:24, Info CSI 0000027e [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:24, Info CSI 0000027f [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:29, Info CSI 00000282 [SR] Verify complete
2012-08-26 20:54:29, Info CSI 00000283 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:29, Info CSI 00000284 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:32, Info CSI 00000286 [SR] Verify complete
2012-08-26 20:54:32, Info CSI 00000287 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:32, Info CSI 00000288 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:38, Info CSI 0000028a [SR] Verify complete
2012-08-26 20:54:39, Info CSI 0000028b [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:39, Info CSI 0000028c [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:44, Info CSI 0000028e [SR] Verify complete
2012-08-26 20:54:44, Info CSI 0000028f [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:44, Info CSI 00000290 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:51, Info CSI 00000297 [SR] Verify complete
2012-08-26 20:54:51, Info CSI 00000298 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:51, Info CSI 00000299 [SR] Beginning Verify and Repair transaction
2012-08-26 20:54:57, Info CSI 000002ae [SR] Verify complete
2012-08-26 20:54:57, Info CSI 000002af [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:54:57, Info CSI 000002b0 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:10, Info CSI 000002b2 [SR] Verify complete
2012-08-26 20:55:10, Info CSI 000002b3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:10, Info CSI 000002b4 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:14, Info CSI 000002b6 [SR] Verify complete
2012-08-26 20:55:14, Info CSI 000002b7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:14, Info CSI 000002b8 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:18, Info CSI 000002bb [SR] Verify complete
2012-08-26 20:55:18, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:18, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:22, Info CSI 000002c0 [SR] Verify complete
2012-08-26 20:55:22, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:22, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:26, Info CSI 000002c4 [SR] Verify complete
2012-08-26 20:55:27, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:27, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:32, Info CSI 000002c8 [SR] Verify complete
2012-08-26 20:55:32, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:32, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:36, Info CSI 000002cd [SR] Verify complete
2012-08-26 20:55:37, Info CSI 000002ce [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:37, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:41, Info CSI 000002d1 [SR] Verify complete
2012-08-26 20:55:41, Info CSI 000002d2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:41, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:45, Info CSI 000002d5 [SR] Verify complete
2012-08-26 20:55:45, Info CSI 000002d6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:45, Info CSI 000002d7 [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:50, Info CSI 000002d9 [SR] Verify complete
2012-08-26 20:55:50, Info CSI 000002da [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:50, Info CSI 000002db [SR] Beginning Verify and Repair transaction
2012-08-26 20:55:57, Info CSI 000002de [SR] Verify complete
2012-08-26 20:55:57, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:55:57, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:01, Info CSI 000002e2 [SR] Verify complete
2012-08-26 20:56:01, Info CSI 000002e3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:56:01, Info CSI 000002e4 [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:06, Info CSI 000002e6 [SR] Verify complete
2012-08-26 20:56:06, Info CSI 000002e7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:56:06, Info CSI 000002e8 [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:11, Info CSI 000002ea [SR] Verify complete
2012-08-26 20:56:11, Info CSI 000002eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-26 20:56:11, Info CSI 000002ec [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:16, Info CSI 000002ee [SR] Verify complete
2012-08-26 20:56:16, Info CSI 000002ef [SR] Verifying 31 (0x000000000000001f) components
2012-08-26 20:56:16, Info CSI 000002f0 [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:17, Info CSI 000002f2 [SR] Verify complete
2012-08-26 20:56:17, Info CSI 000002f3 [SR] Repairing 3 components
2012-08-26 20:56:17, Info CSI 000002f4 [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:17, Info CSI 000002f6 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:17, Info CSI 000002f8 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:17, Info CSI 000002fa [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-26 20:56:17, Info CSI 000002fc [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:17, Info CSI 000002fd [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:56:17, Info CSI 00000300 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-26 20:56:17, Info CSI 00000302 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:17, Info CSI 00000303 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:56:17, Info CSI 00000306 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-26 20:56:17, Info CSI 00000308 [SR] Repair complete
2012-08-26 20:56:17, Info CSI 00000309 [SR] Committing transaction
2012-08-26 20:56:18, Info CSI 0000030d [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2012-08-26 20:56:18, Info CSI 0000030e [SR] Repairing 3 components
2012-08-26 20:56:18, Info CSI 0000030f [SR] Beginning Verify and Repair transaction
2012-08-26 20:56:18, Info CSI 00000311 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:18, Info CSI 00000313 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:18, Info CSI 00000315 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2012-08-26 20:56:18, Info CSI 00000317 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:18, Info CSI 00000318 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:56:18, Info CSI 0000031b [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-26 20:56:18, Info CSI 0000031d [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-26 20:56:18, Info CSI 0000031e [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-26 20:56:18, Info CSI 00000321 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-26 20:56:18, Info CSI 00000323 [SR] Repair complete
2012-08-27 13:00:02, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:02, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:03, Info CSI 0000000c [SR] Verify complete
2012-08-27 13:00:04, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:04, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:05, Info CSI 00000010 [SR] Verify complete
2012-08-27 13:00:05, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:05, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:06, Info CSI 00000014 [SR] Verify complete
2012-08-27 13:00:06, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:06, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:09, Info CSI 00000018 [SR] Verify complete
2012-08-27 13:00:09, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:09, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:11, Info CSI 0000001c [SR] Verify complete
2012-08-27 13:00:11, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:11, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:13, Info CSI 00000020 [SR] Verify complete
2012-08-27 13:00:13, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:13, Info  CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:15, Info CSI 00000024 [SR] Verify complete
2012-08-27 13:00:15, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:15, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:18, Info CSI 00000028 [SR] Verify complete
2012-08-27 13:00:18, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:18, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:19, Info CSI 0000002c [SR] Verify complete
2012-08-27 13:00:19, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:19, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:20, Info CSI 00000030 [SR] Verify complete
2012-08-27 13:00:20, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:20, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:23, Info CSI 00000035 [SR] Verify complete
2012-08-27 13:00:23, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:23, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:28, Info CSI 0000003b [SR] Verify complete
2012-08-27 13:00:28, Info CSI 0000003c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:28, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:30, Info CSI 00000040 [SR] Verify complete
2012-08-27 13:00:31, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:31, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:34, Info CSI 00000045 [SR] Verify complete
2012-08-27 13:00:34, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:34, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:37, Info CSI 00000049 [SR] Verify complete
2012-08-27 13:00:37, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:37, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:43, Info CSI 00000070 [SR] Verify complete
2012-08-27 13:00:43, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:43, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:47, Info CSI 00000074 [SR] Verify complete
2012-08-27 13:00:47, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:47, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:51, Info CSI 00000078 [SR] Verify complete
2012-08-27 13:00:51, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:51, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:54, Info CSI 0000007c [SR] Verify complete
2012-08-27 13:00:54, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:54, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-08-27 13:00:58, Info CSI 00000080 [SR] Verify complete
2012-08-27 13:00:58, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:00:58, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:03, Info CSI 00000084 [SR] Verify complete
2012-08-27 13:01:03, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:03, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:10, Info CSI 000000a9 [SR] Verify complete
2012-08-27 13:01:10, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:10, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:16, Info CSI 000000ad [SR] Verify complete
2012-08-27 13:01:17, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:17, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:28, Info CSI 000000b3 [SR] Verify complete
2012-08-27 13:01:28, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:28, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:29, Info CSI 000000b7 [SR] Verify complete
2012-08-27 13:01:30, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:30, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:31, Info CSI 000000bb [SR] Verify complete
2012-08-27 13:01:31, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:31, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:32, Info CSI 000000bf [SR] Verify complete
2012-08-27 13:01:32, Info CSI 000000c0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:32, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:39, Info CSI 000000d4 [SR] Verify complete
2012-08-27 13:01:39, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:39, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:41, Info CSI 000000d8 [SR] Verify complete
2012-08-27 13:01:41, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:41, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:42, Info CSI 000000dc [SR] Verify complete
2012-08-27 13:01:42, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:42, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:44, Info CSI 000000e0 [SR] Verify complete
2012-08-27 13:01:44, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:44, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:48, Info CSI 000000e4 [SR] Verify complete
2012-08-27 13:01:48, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:48, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:54, Info CSI 000000ea [SR] Verify complete
2012-08-27 13:01:55, Info CSI 000000eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:55, Info CSI 000000ec [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:57, Info CSI 000000ee [SR] Verify complete
2012-08-27 13:01:57, Info CSI 000000ef [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:57, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction
2012-08-27 13:01:59, Info CSI 000000f2 [SR] Verify complete
2012-08-27 13:01:59, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:01:59, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:04, Info CSI 000000f6 [SR] Verify complete
2012-08-27 13:02:04, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:04, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:09, Info CSI 000000fa [SR] Verify complete
2012-08-27 13:02:09, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:09, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:13, Info CSI 000000fe [SR] Verify complete
2012-08-27 13:02:13, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:13, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:21, Info CSI 00000118 [SR] Verify complete
2012-08-27 13:02:21, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:21, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:25, Info CSI 0000011c [SR] Verify complete
2012-08-27 13:02:25, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:25, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:37, Info CSI 00000120 [SR] Verify complete
2012-08-27 13:02:37, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:37, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:47, Info CSI 00000125 [SR] Verify complete
2012-08-27 13:02:47, Info CSI 00000126 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:47, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:55, Info CSI 00000129 [SR] Verify complete
2012-08-27 13:02:55, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:55, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2012-08-27 13:02:59, Info CSI 0000012d [SR] Verify complete
2012-08-27 13:02:59, Info CSI 0000012e [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:02:59, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:04, Info CSI 00000131 [SR] Verify complete
2012-08-27 13:03:04, Info CSI 00000132 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:04, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:07, Info  CSI 00000137 [SR] Verify complete
2012-08-27 13:03:07, Info CSI 00000138 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:07, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:11, Info CSI 0000013b [SR] Verify complete
2012-08-27 13:03:11, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:11, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:23, Info CSI 0000013f [SR] Verify complete
2012-08-27 13:03:23, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:23, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:29, Info CSI 00000144 [SR] Verify complete
2012-08-27 13:03:29, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:29, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:32, Info CSI 00000149 [SR] Verify complete
2012-08-27 13:03:32, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:32, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:34, Info CSI 0000014d [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:03:37, Info CSI 0000014f [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:03:37, Info CSI 00000150 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-27 13:03:37, Info CSI 00000153 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-27 13:03:38, Info CSI 00000155 [SR] Verify complete
2012-08-27 13:03:38, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:38, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:45, Info CSI 0000015a [SR] Verify complete
2012-08-27 13:03:45, Info CSI 0000015b [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:45, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:49, Info CSI 0000015e [SR] Verify complete
2012-08-27 13:03:49, Info CSI 0000015f [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:49, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:53, Info CSI 00000162 [SR] Verify complete
2012-08-27 13:03:53, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:53, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-08-27 13:03:57, Info CSI 00000167 [SR] Verify complete
2012-08-27 13:03:57, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:03:57, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:01, Info CSI 0000016b [SR] Verify complete
2012-08-27 13:04:01, Info CSI 0000016c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:01, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:06, Info CSI 00000170 [SR] Verify complete
2012-08-27 13:04:06, Info CSI 00000171 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:06, Info CSI 00000172 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:11, Info CSI 00000174 [SR] Verify complete
2012-08-27 13:04:11, Info CSI 00000175 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:11, Info CSI 00000176 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:15, Info CSI 0000017a [SR] Verify complete
2012-08-27 13:04:15, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:15, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:18, Info CSI 0000017e [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:04:19, Info CSI 00000180 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:04:19, Info CSI 00000181 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-27 13:04:19, Info CSI 00000184 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-27 13:04:20, Info CSI 00000186 [SR] Verify complete
2012-08-27 13:04:20, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:20, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:25, Info CSI 0000018b [SR] Verify complete
2012-08-27 13:04:25, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:25, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:31, Info CSI 0000018f [SR] Verify complete
2012-08-27 13:04:31, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:31, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:32, Info CSI 00000193 [SR] Verify complete
2012-08-27 13:04:32, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:32, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:35, Info CSI 00000197 [SR] Verify complete
2012-08-27 13:04:35, Info  CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:35, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:38, Info CSI 0000019b [SR] Verify complete
2012-08-27 13:04:39, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:39, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:42, Info CSI 0000019f [SR] Verify complete
2012-08-27 13:04:43, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:43, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:46, Info CSI 000001a3 [SR] Verify complete
2012-08-27 13:04:46, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:46, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:48, Info CSI 000001a7 [SR] Verify complete
2012-08-27 13:04:49, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:49, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-08-27 13:04:59, Info CSI 000001ab [SR] Verify complete
2012-08-27 13:04:59, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:04:59, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:20, Info CSI 000001af [SR] Verify complete
2012-08-27 13:05:20, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:20, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:23, Info CSI 000001b3 [SR] Verify complete
2012-08-27 13:05:24, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:24, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:28, Info CSI 000001b7 [SR] Verify complete
2012-08-27 13:05:28, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:28, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:29, Info CSI 000001bb [SR] Verify complete
2012-08-27 13:05:29, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:29, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:31, Info CSI 000001bf [SR] Verify complete
2012-08-27 13:05:31, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:31, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:35, Info CSI 000001c3 [SR] Verify complete
2012-08-27 13:05:35, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:35, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:40, Info CSI 000001cd [SR] Verify complete
2012-08-27 13:05:40, Info CSI 000001ce [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:40, Info CSI 000001cf [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:43, Info CSI 000001d1 [SR] Verify complete
2012-08-27 13:05:43, Info CSI 000001d2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:43, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:45, Info CSI 000001d5 [SR] Verify complete
2012-08-27 13:05:45, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:45, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:48, Info CSI 000001d9 [SR] Verify complete
2012-08-27 13:05:48, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:48, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:53, Info CSI 000001dd [SR] Verify complete
2012-08-27 13:05:53, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:53, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2012-08-27 13:05:58, Info CSI 000001e2 [SR] Verify complete
2012-08-27 13:05:58, Info CSI 000001e3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:05:58, Info CSI 000001e4 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:00, Info CSI 000001e6 [SR] Verify complete
2012-08-27 13:06:00, Info CSI 000001e7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:00, Info CSI 000001e8 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:03, Info CSI 000001ea [SR] Verify complete
2012-08-27 13:06:03, Info CSI 000001eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:03, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:12, Info CSI 000001f1 [SR] Verify complete
2012-08-27 13:06:13, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:13, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:19, Info CSI 000001f8 [SR] Verify complete
2012-08-27 13:06:19, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:19, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:25, Info CSI 000001fd [SR] Verify complete
2012-08-27 13:06:25, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:25, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:31, Info CSI 0000020a [SR] Verify complete
2012-08-27 13:06:31, Info CSI 0000020b [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:31, Info CSI 0000020c [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:35, Info CSI 00000212 [SR] Verify complete
2012-08-27 13:06:35, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:35, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:39, Info CSI 00000216 [SR] Verify complete
2012-08-27 13:06:39, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:39, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:42, Info CSI 0000021c [SR] Verify complete
2012-08-27 13:06:42, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:42, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:47, Info CSI 00000231 [SR] Verify complete
2012-08-27 13:06:47, Info CSI 00000232 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:47, Info CSI 00000233 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:51, Info CSI 00000247 [SR] Verify complete
2012-08-27 13:06:51, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:51, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:55, Info CSI 0000024b [SR] Verify complete
2012-08-27 13:06:56, Info CSI 0000024c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:56, Info CSI 0000024d [SR] Beginning Verify and Repair transaction
2012-08-27 13:06:59, Info CSI 0000024f [SR] Verify complete
2012-08-27 13:06:59, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:06:59, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:03, Info CSI 0000025f [SR] Verify complete
2012-08-27 13:07:03, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:03, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:10, Info CSI 00000263 [SR] Verify complete
2012-08-27 13:07:10, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:10, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:15, Info CSI 00000273 [SR] Verify complete
2012-08-27 13:07:15, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:15, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:17, Info CSI 00000277 [SR] Verify complete
2012-08-27 13:07:17, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:17, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:20, Info CSI 0000027b [SR] Verify complete
2012-08-27 13:07:20, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:20, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:24, Info CSI 00000280 [SR] Verify complete
2012-08-27 13:07:25, Info CSI 00000281 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:25, Info CSI 00000282 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:27, Info CSI 00000284 [SR] Verify complete
2012-08-27 13:07:27, Info CSI 00000285 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:27, Info CSI 00000286 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:33, Info CSI 00000288 [SR] Verify complete
2012-08-27 13:07:33, Info CSI 00000289 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:33, Info CSI 0000028a [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:37, Info CSI 0000028c [SR] Verify complete
2012-08-27 13:07:37, Info CSI 0000028d [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:37, Info  CSI 0000028e [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:44, Info CSI 00000295 [SR] Verify complete
2012-08-27 13:07:44, Info CSI 00000296 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:44, Info CSI 00000297 [SR] Beginning Verify and Repair transaction
2012-08-27 13:07:49, Info CSI 000002ac [SR] Verify complete
2012-08-27 13:07:49, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:07:49, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:01, Info CSI 000002b0 [SR] Verify complete
2012-08-27 13:08:01, Info CSI 000002b1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:01, Info CSI 000002b2 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:04, Info CSI 000002b4 [SR] Verify complete
2012-08-27 13:08:04, Info CSI 000002b5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:04, Info CSI 000002b6 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:08, Info CSI 000002b9 [SR] Verify complete
2012-08-27 13:08:08, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:08, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:11, Info CSI 000002be [SR] Verify complete
2012-08-27 13:08:11, Info CSI 000002bf [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:11, Info CSI 000002c0 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:15, Info CSI 000002c2 [SR] Verify complete
2012-08-27 13:08:15, Info CSI 000002c3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:15, Info CSI 000002c4 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:20, Info CSI 000002c6 [SR] Verify complete
2012-08-27 13:08:20, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:20, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:24, Info CSI 000002cb [SR] Verify complete
2012-08-27 13:08:24, Info CSI 000002cc [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:24, Info CSI 000002cd [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:27, Info CSI 000002cf [SR] Verify complete
2012-08-27 13:08:27, Info CSI 000002d0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:27, Info CSI 000002d1 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:31, Info CSI 000002d3 [SR] Verify complete
2012-08-27 13:08:31, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:31, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:35, Info CSI 000002d7 [SR] Verify complete
2012-08-27 13:08:35, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:35, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:42, Info CSI 000002dc [SR] Verify complete
2012-08-27 13:08:42, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:42, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:45, Info CSI 000002e0 [SR] Verify complete
2012-08-27 13:08:45, Info CSI 000002e1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:45, Info CSI 000002e2 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:49, Info CSI 000002e4 [SR] Verify complete
2012-08-27 13:08:49, Info CSI 000002e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:49, Info CSI 000002e6 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:53, Info CSI 000002e8 [SR] Verify complete
2012-08-27 13:08:53, Info CSI 000002e9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-27 13:08:53, Info CSI 000002ea [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:57, Info CSI 000002ec [SR] Verify complete
2012-08-27 13:08:57, Info CSI 000002ed [SR] Verifying 31 (0x000000000000001f) components
2012-08-27 13:08:57, Info CSI 000002ee [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:58, Info CSI 000002f0 [SR] Verify complete
2012-08-27 13:08:58, Info CSI 000002f1 [SR] Repairing 2 components
2012-08-27 13:08:58, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2012-08-27 13:08:58, Info CSI 000002f4 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:08:58, Info CSI 000002f6 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:08:58, Info CSI 000002f8 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:08:58, Info CSI 000002f9 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-27 13:08:58, Info CSI 000002fc [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-27 13:08:58, Info CSI 000002fe [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-27 13:08:58, Info CSI 000002ff [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-27 13:08:58, Info CSI 00000302 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-27 13:08:58, Info  CSI 00000304 [SR] Repair complete
2012-08-27 13:08:58, Info CSI 00000305 [SR] Committing transaction
2012-08-27 13:08:58, Info CSI 00000309 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2012-08-28 12:25:39, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:39, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:42, Info CSI 0000000c [SR] Verify complete
2012-08-28 12:25:42, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:42, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:45, Info CSI 00000010 [SR] Verify complete
2012-08-28 12:25:45, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:45, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:47, Info CSI 00000014 [SR] Verify complete
2012-08-28 12:25:47, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:47, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:51, Info CSI 00000018 [SR] Verify complete
2012-08-28 12:25:51, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:51, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:54, Info CSI 0000001c [SR] Verify complete
2012-08-28 12:25:54, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:54, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-08-28 12:25:57, Info CSI 00000020 [SR] Verify complete
2012-08-28 12:25:57, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:25:57, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:00, Info CSI 00000024 [SR] Verify complete
2012-08-28 12:26:00, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:00, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:03, Info CSI 00000028 [SR] Verify complete
2012-08-28 12:26:04, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:04, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:05, Info CSI 0000002c [SR] Verify complete
2012-08-28 12:26:05, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:05, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:06, Info CSI 00000030 [SR] Verify complete
2012-08-28 12:26:06, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:06, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:10, Info CSI 00000035 [SR] Verify complete
2012-08-28 12:26:10, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:10, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:16, Info CSI 0000003b [SR] Verify complete
2012-08-28 12:26:16, Info CSI 0000003c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:16, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:19, Info CSI 00000040 [SR] Verify complete
2012-08-28 12:26:19, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:19, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:23, Info CSI 00000045 [SR] Verify complete
2012-08-28 12:26:23, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:23, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:27, Info CSI 00000049 [SR] Verify complete
2012-08-28 12:26:27, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:27, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:32, Info CSI 00000070 [SR] Verify complete
2012-08-28 12:26:33, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:33, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:37, Info CSI 00000074 [SR] Verify complete
2012-08-28 12:26:37, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:37, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:41, Info CSI 00000078 [SR] Verify complete
2012-08-28 12:26:41, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:41, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:46, Info CSI 0000007c [SR] Verify complete
2012-08-28 12:26:46, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:46, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:50, Info CSI 00000080 [SR] Verify complete
2012-08-28 12:26:50, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:50, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-08-28 12:26:55, Info CSI 00000084 [SR] Verify complete
2012-08-28 12:26:56, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:26:56, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:03, Info CSI 000000a9 [SR] Verify complete
2012-08-28 12:27:03, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:03, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:09, Info CSI 000000ad [SR] Verify complete
2012-08-28 12:27:09, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:09, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:22, Info CSI 000000b3 [SR] Verify complete
2012-08-28 12:27:22, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:22, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:24, Info CSI 000000b7 [SR] Verify complete
2012-08-28 12:27:24, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:24, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:25, Info CSI 000000bb [SR] Verify complete
2012-08-28 12:27:25, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:25, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:27, Info CSI 000000bf [SR] Verify complete
2012-08-28 12:27:27, Info CSI 000000c0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:27, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:33, Info CSI 000000d4 [SR] Verify complete
2012-08-28 12:27:34, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:34, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:36, Info CSI 000000d8 [SR] Verify complete
2012-08-28 12:27:36, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:36, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:37, Info CSI 000000dc [SR] Verify complete
2012-08-28 12:27:37, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:37, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:40, Info CSI 000000e0 [SR] Verify complete
2012-08-28 12:27:40, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:40, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:44, Info CSI 000000e4 [SR] Verify complete
2012-08-28 12:27:44, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:44, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:51, Info CSI 000000ea [SR] Verify complete
2012-08-28 12:27:51, Info CSI 000000eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:51, Info CSI 000000ec [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:53, Info CSI 000000ee [SR] Verify complete
2012-08-28 12:27:54, Info CSI 000000ef [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:54, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction
2012-08-28 12:27:56, Info CSI 000000f2 [SR] Verify complete
2012-08-28 12:27:56, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:27:56, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:02, Info CSI 000000f6 [SR] Verify complete
2012-08-28 12:28:02, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:02, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:07, Info CSI 000000fa [SR] Verify complete
2012-08-28 12:28:07, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:07, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:11, Info CSI 000000fe [SR] Verify complete
2012-08-28 12:28:11, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:11, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:19, Info CSI 00000118 [SR] Verify complete
2012-08-28 12:28:19, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:19, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:24, Info CSI 0000011c [SR] Verify complete
2012-08-28 12:28:24, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:24, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:36, Info CSI 00000120 [SR] Verify complete
2012-08-28 12:28:36, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:36, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:47, Info CSI 00000125 [SR] Verify complete
2012-08-28 12:28:47, Info CSI 00000126 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:47, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:54, Info CSI 00000129 [SR] Verify complete
2012-08-28 12:28:54, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:54, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2012-08-28 12:28:58, Info CSI 0000012d [SR] Verify complete
2012-08-28 12:28:58, Info CSI 0000012e [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:28:58, Info CSI 0000012f [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:03, Info CSI 00000131 [SR] Verify complete
2012-08-28 12:29:03, Info CSI 00000132 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:03, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:06, Info CSI 00000137 [SR] Verify complete
2012-08-28 12:29:06, Info CSI 00000138 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:06, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:10, Info CSI 0000013b [SR] Verify complete
2012-08-28 12:29:10, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:10, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:21, Info CSI 0000013f [SR] Verify complete
2012-08-28 12:29:21, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:21, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:27, Info CSI 00000144 [SR] Verify complete
2012-08-28 12:29:27, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:27, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:30, Info CSI 00000149 [SR] Verify complete
2012-08-28 12:29:30, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:30, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:32, Info CSI 0000014d [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:29:35, Info CSI 0000014f [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:29:35, Info CSI 00000150 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-28 12:29:35, Info CSI 00000153 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-28 12:29:35, Info CSI 00000155 [SR] Verify complete
2012-08-28 12:29:36, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:36, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:42, Info CSI 0000015a [SR] Verify complete
2012-08-28 12:29:42, Info CSI 0000015b [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:42, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:46, Info CSI 0000015e [SR] Verify complete
2012-08-28 12:29:46, Info CSI 0000015f [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:46, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:50, Info CSI 00000162 [SR] Verify complete
2012-08-28 12:29:50, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:50, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:54, Info CSI 00000167 [SR] Verify complete
2012-08-28 12:29:54, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:54, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2012-08-28 12:29:58, Info CSI 0000016b [SR] Verify complete
2012-08-28 12:29:58, Info CSI 0000016c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:29:58, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:02, Info CSI 00000170 [SR] Verify complete
2012-08-28 12:30:02, Info CSI 00000171 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:02, Info CSI 00000172 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:08, Info CSI 00000174 [SR] Verify complete
2012-08-28 12:30:08, Info CSI 00000175 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:08, Info CSI 00000176 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:13, Info CSI 0000017a [SR] Verify complete
2012-08-28 12:30:13, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:13, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:16, Info CSI 0000017e [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:30:17, Info CSI 00000180 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:30:17, Info CSI 00000181 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-28 12:30:17, Info CSI 00000184 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-28 12:30:18, Info CSI 00000186 [SR] Verify complete
2012-08-28 12:30:18, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:18, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:23, Info CSI 0000018b [SR] Verify complete
2012-08-28 12:30:23, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:23, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:29, Info CSI 0000018f [SR] Verify complete
2012-08-28 12:30:29, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:29, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:30, Info CSI 00000193 [SR] Verify complete
2012-08-28 12:30:30, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:30, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:33, Info CSI 00000197 [SR] Verify complete
2012-08-28 12:30:33, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:33, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:37, Info CSI 0000019b [SR] Verify complete
2012-08-28 12:30:37, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:37, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:41, Info CSI 0000019f [SR] Verify complete
2012-08-28 12:30:41, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:41, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:44, Info CSI 000001a3 [SR] Verify complete
2012-08-28 12:30:44, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:44, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:47, Info CSI 000001a7 [SR] Verify complete
2012-08-28 12:30:47, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:47, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-08-28 12:30:57, Info CSI 000001ab [SR] Verify complete
2012-08-28 12:30:57, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:30:57, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:15, Info CSI 000001af [SR] Verify complete
2012-08-28 12:31:15, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:15, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:19, Info CSI 000001b3 [SR] Verify complete
2012-08-28 12:31:19, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:19, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:23, Info CSI 000001b7 [SR] Verify complete
2012-08-28 12:31:23, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:23, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:24, Info CSI 000001bb [SR] Verify complete
2012-08-28 12:31:24, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:24, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:26, Info CSI 000001bf [SR] Verify complete
2012-08-28 12:31:27, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:27, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:30, Info CSI 000001c3 [SR] Verify complete
2012-08-28 12:31:30, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:30, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:35, Info CSI 000001cd [SR] Verify complete
2012-08-28 12:31:35, Info CSI 000001ce [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:35, Info CSI 000001cf [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:38, Info CSI 000001d1 [SR] Verify complete
2012-08-28 12:31:38, Info CSI 000001d2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:38, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:41, Info CSI 000001d5 [SR] Verify complete
2012-08-28 12:31:41, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:41, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:44, Info CSI 000001d9 [SR] Verify complete
2012-08-28 12:31:44, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:44, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:49, Info CSI 000001dd [SR] Verify complete
2012-08-28 12:31:49, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:49, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:54, Info CSI 000001e2 [SR] Verify complete
2012-08-28 12:31:54, Info CSI 000001e3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:54, Info CSI 000001e4 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:57, Info CSI 000001e6 [SR] Verify complete
2012-08-28 12:31:57, Info CSI 000001e7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:57, Info CSI 000001e8 [SR] Beginning Verify and Repair transaction
2012-08-28 12:31:59, Info  CSI 000001ea [SR] Verify complete
2012-08-28 12:31:59, Info CSI 000001eb [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:31:59, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:09, Info CSI 000001f1 [SR] Verify complete
2012-08-28 12:32:09, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:09, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:15, Info CSI 000001f8 [SR] Verify complete
2012-08-28 12:32:15, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:15, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:22, Info CSI 000001fd [SR] Verify complete
2012-08-28 12:32:22, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:22, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:30, Info CSI 0000020a [SR] Verify complete
2012-08-28 12:32:30, Info CSI 0000020b [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:30, Info CSI 0000020c [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:35, Info CSI 00000212 [SR] Verify complete
2012-08-28 12:32:35, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:35, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:39, Info CSI 00000216 [SR] Verify complete
2012-08-28 12:32:39, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:39, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:43, Info CSI 0000021c [SR] Verify complete
2012-08-28 12:32:43, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:43, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:49, Info CSI 00000231 [SR] Verify complete
2012-08-28 12:32:49, Info CSI 00000232 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:49, Info CSI 00000233 [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:54, Info CSI 00000247 [SR] Verify complete
2012-08-28 12:32:54, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:54, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2012-08-28 12:32:58, Info CSI 0000024b [SR] Verify complete
2012-08-28 12:32:58, Info CSI 0000024c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:32:58, Info CSI 0000024d [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:01, Info CSI 0000024f [SR] Verify complete
2012-08-28 12:33:01, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:01, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:05, Info CSI 0000025f [SR] Verify complete
2012-08-28 12:33:05, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:05, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:12, Info CSI 00000263 [SR] Verify complete
2012-08-28 12:33:12, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:12, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:18, Info CSI 00000273 [SR] Verify complete
2012-08-28 12:33:18, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:18, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:20, Info CSI 00000277 [SR] Verify complete
2012-08-28 12:33:20, Info CSI 00000278 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:20, Info CSI 00000279 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:23, Info CSI 0000027b [SR] Verify complete
2012-08-28 12:33:23, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:23, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:27, Info CSI 00000280 [SR] Verify complete
2012-08-28 12:33:27, Info CSI 00000281 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:27, Info CSI 00000282 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:30, Info CSI 00000284 [SR] Verify complete
2012-08-28 12:33:30, Info CSI 00000285 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:30, Info CSI 00000286 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:36, Info CSI 00000288 [SR] Verify complete
2012-08-28 12:33:36, Info CSI 00000289 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:36, Info CSI 0000028a [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:41, Info CSI 0000028c [SR] Verify complete
2012-08-28 12:33:41, Info CSI 0000028d [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:41, Info CSI 0000028e [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:47, Info CSI 00000295 [SR] Verify complete
2012-08-28 12:33:47, Info CSI 00000296 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:47, Info CSI 00000297 [SR] Beginning Verify and Repair transaction
2012-08-28 12:33:53, Info CSI 000002ac [SR] Verify complete
2012-08-28 12:33:53, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:33:53, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:06, Info CSI 000002b0 [SR] Verify complete
2012-08-28 12:34:06, Info CSI 000002b1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:06, Info CSI 000002b2 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:09, Info CSI 000002b4 [SR] Verify complete
2012-08-28 12:34:09, Info CSI 000002b5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:09, Info CSI 000002b6 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:13, Info CSI 000002b9 [SR] Verify complete
2012-08-28 12:34:13, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:13, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:16, Info CSI 000002be [SR] Verify complete
2012-08-28 12:34:16, Info CSI 000002bf [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:16, Info CSI 000002c0 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:20, Info CSI 000002c2 [SR] Verify complete
2012-08-28 12:34:20, Info CSI 000002c3 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:20, Info CSI 000002c4 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:25, Info CSI 000002c6 [SR] Verify complete
2012-08-28 12:34:25, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:25, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:29, Info CSI 000002cb [SR] Verify complete
2012-08-28 12:34:29, Info CSI 000002cc [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:29, Info CSI 000002cd [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:33, Info CSI 000002cf [SR] Verify complete
2012-08-28 12:34:34, Info CSI 000002d0 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:34, Info CSI 000002d1 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:37, Info CSI 000002d3 [SR] Verify complete
2012-08-28 12:34:38, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:38, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:41, Info CSI 000002d7 [SR] Verify complete
2012-08-28 12:34:42, Info CSI 000002d8 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:42, Info CSI 000002d9 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:48, Info CSI 000002dc [SR] Verify complete
2012-08-28 12:34:48, Info CSI 000002dd [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:48, Info CSI 000002de [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:52, Info CSI 000002e0 [SR] Verify complete
2012-08-28 12:34:52, Info CSI 000002e1 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:52, Info CSI 000002e2 [SR] Beginning Verify and Repair transaction
2012-08-28 12:34:57, Info CSI 000002e4 [SR] Verify complete
2012-08-28 12:34:57, Info CSI 000002e5 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:34:57, Info CSI 000002e6 [SR] Beginning Verify and Repair transaction
2012-08-28 12:35:01, Info CSI 000002e8 [SR] Verify complete
2012-08-28 12:35:01, Info CSI 000002e9 [SR] Verifying 100 (0x0000000000000064) components
2012-08-28 12:35:01, Info CSI 000002ea [SR] Beginning Verify and Repair transaction
2012-08-28 12:35:06, Info CSI 000002ec [SR] Verify complete
2012-08-28 12:35:06, Info CSI 000002ed [SR] Verifying 31 (0x000000000000001f) components
2012-08-28 12:35:06, Info CSI 000002ee [SR] Beginning Verify and Repair transaction
2012-08-28 12:35:07, Info CSI 000002f0 [SR] Verify complete
2012-08-28 12:35:07, Info CSI 000002f1 [SR] Repairing 2 components
2012-08-28 12:35:07, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2012-08-28 12:35:07, Info CSI 000002f4 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:35:07, Info CSI 000002f6 [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:35:07, Info CSI 000002f8 [SR] Cannot repair member file [l:18{9}]"slmgr.vbs" of Microsoft-Windows-Security-SPP-Tools, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:35:07, Info CSI 000002f9 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-28 12:35:07, Info CSI 000002fc [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs"; source file in store is also corrupted
2012-08-28 12:35:07, Info CSI 000002fe [SR] Cannot repair member file [l:20{10}]"winver.exe" of Microsoft-Windows-winver, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-28 12:35:07, Info CSI 000002ff [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-08-28 12:35:07, Info CSI 00000302 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe"; source file in store is also corrupted
2012-08-28 12:35:07, Info CSI 00000304 [SR] Repair complete
2012-08-28 12:35:07, Info CSI 00000305 [SR] Committing transaction
2012-08-28 12:35:07, Info CSI 00000309 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


----------



## JonesIndustries (Aug 18, 2012)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JOHN :: JOHN-PC [administrator]

Protection: Enabled

8/28/2012 1:12:49 PM
mbam-log-2012-08-28 (13-12-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439732
Time elapsed: 1 hour(s), 29 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## JonesIndustries (Aug 18, 2012)

Bump.


----------



## JonesIndustries (Aug 18, 2012)

Bump


----------



## JonesIndustries (Aug 18, 2012)

Malwarebytes keep notifying me that there's a problem even after it's found a Trojan Horse and than deletes it. I'll scan again after and nothing will be found. 

Also MSE will install and update the first time but whenever it attempts to update again I get this.


----------



## JonesIndustries (Aug 18, 2012)

Bump


----------



## CatByte (Feb 24, 2009)

Please download TDSSKiller.zip

Extract it to your desktop
Double click *TDSSKiller.exe*
when the window opens, click on *Change Parameters*
under *"Additional options"*, put a check mark in the box next to *"Detect TDLFS File System"*
click *OK* 
Press *Start Scan*
If *Malicious objects* are found then ensure *Cure* is selected
If *TDLFS File System/TDSS File system* is found then ensure *Cure* is selected (if cure is not available, choose skip)
Then click *Continue* > *Reboot now*

Copy and paste the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_


----------



## JonesIndustries (Aug 18, 2012)

No cure was found. Here's the report and also, thank you big time for the help.

17:44:31.0027 4480 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:44:31.0729 4480 ============================================================
17:44:31.0729 4480 Current date / time: 2012/09/06 17:44:31.0729
17:44:31.0729 4480 SystemInfo:
17:44:31.0729 4480 
17:44:31.0729 4480 OS Version: 6.1.7601 ServicePack: 1.0
17:44:31.0729 4480 Product type: Workstation
17:44:31.0729 4480 ComputerName: JOHN-PC
17:44:31.0729 4480 UserName: JOHN
17:44:31.0729 4480 Windows directory: C:\Windows
17:44:31.0729 4480 System windows directory: C:\Windows
17:44:31.0729 4480 Running under WOW64
17:44:31.0729 4480 Processor architecture: Intel x64
17:44:31.0729 4480 Number of processors: 4
17:44:31.0729 4480 Page size: 0x1000
17:44:31.0729 4480 Boot type: Normal boot
17:44:31.0729 4480 ============================================================
17:44:33.0851 4480 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:33.0882 4480 ============================================================
17:44:33.0882 4480 \Device\Harddisk0\DR0:
17:44:33.0882 4480 MBR partitions:
17:44:33.0882 4480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:44:33.0882 4480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
17:44:33.0882 4480 ============================================================
17:44:33.0929 4480 C: <-> \Device\Harddisk0\DR0\Partition2
17:44:33.0929 4480 ============================================================
17:44:33.0929 4480 Initialize success
17:44:33.0929 4480 ============================================================
17:45:00.0028 2112 ============================================================
17:45:00.0028 2112 Scan started
17:45:00.0028 2112 Mode: Manual; TDLFS; 
17:45:00.0028 2112 ============================================================
17:45:01.0166 2112 ================ Scan system memory ========================
17:45:01.0166 2112 System memory - ok
17:45:01.0166 2112 ================ Scan services =============================
17:45:01.0556 2112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:45:01.0556 2112 1394ohci - ok
17:45:01.0603 2112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:45:01.0603 2112 ACPI - ok
17:45:01.0650 2112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:45:01.0650 2112 AcpiPmi - ok
17:45:01.0946 2112 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:45:01.0946 2112 AdobeARMservice - ok
17:45:02.0227 2112 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:02.0227 2112 AdobeFlashPlayerUpdateSvc - ok
17:45:02.0290 2112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:45:02.0305 2112 adp94xx - ok
17:45:02.0368 2112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:45:02.0368 2112 adpahci - ok
17:45:02.0414 2112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:45:02.0430 2112 adpu320 - ok
17:45:02.0508 2112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:45:02.0508 2112 AeLookupSvc - ok
17:45:03.0366 2112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:45:03.0382 2112 AFD - ok
17:45:03.0444 2112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:45:03.0444 2112 agp440 - ok
17:45:03.0460 2112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:45:03.0475 2112 ALG - ok
17:45:03.0491 2112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide  C:\Windows\system32\drivers\aliide.sys
17:45:03.0491 2112 aliide - ok
17:45:03.0522 2112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:45:03.0538 2112 amdide - ok
17:45:03.0631 2112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:45:03.0631 2112 AmdK8 - ok
17:45:03.0631 2112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:45:03.0631 2112 AmdPPM - ok
17:45:03.0850 2112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:45:03.0865 2112 amdsata - ok
17:45:03.0896 2112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:45:03.0912 2112 amdsbs - ok
17:45:03.0928 2112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:45:03.0928 2112 amdxata - ok
17:45:03.0959 2112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:45:03.0959 2112 AppID - ok
17:45:04.0068 2112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:45:04.0068 2112 AppIDSvc - ok
17:45:04.0115 2112 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:45:04.0130 2112 Appinfo - ok
17:45:04.0240 2112 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:45:04.0240 2112 Apple Mobile Device - ok
17:45:04.0333 2112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:45:04.0333 2112 arc - ok
17:45:04.0349 2112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:45:04.0349 2112 arcsas - ok
17:45:04.0380 2112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:45:04.0380 2112 AsyncMac - ok
17:45:04.0458 2112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:45:04.0458 2112 atapi - ok
17:45:04.0567 2112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:45:04.0598 2112 AudioEndpointBuilder - ok
17:45:04.0630 2112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:45:04.0630 2112 AudioSrv - ok
17:45:04.0630 2112 AVGIDSHA - ok
17:45:04.0692 2112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:45:04.0692 2112 AxInstSV - ok
17:45:04.0739 2112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:45:04.0739 2112 b06bdrv - ok
17:45:04.0848 2112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:45:04.0848 2112 b57nd60a - ok
17:45:04.0926 2112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:45:04.0926 2112 BDESVC - ok
17:45:04.0957 2112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:45:04.0973 2112 Beep - ok
17:45:05.0378 2112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:45:05.0378 2112 BFE - ok
17:45:05.0488 2112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:45:05.0503 2112 blbdrive - ok
17:45:05.0581 2112 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:45:05.0581 2112 Bonjour Service - ok
17:45:05.0659 2112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:45:05.0659 2112 bowser - ok
17:45:05.0753 2112 [ A91B4392B326F6AED0052CB2592E979D ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
17:45:05.0768 2112 bpenum - ok
17:45:05.0800 2112 [ 7057339774618E38CFEFE0B5D1FDD58E ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
17:45:05.0846 2112 bpmp - ok
17:45:05.0846 2112 [ 2636C9619120A6B16DCB51886C46AC20 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
17:45:05.0846 2112 bpusb - ok
17:45:05.0940 2112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:45:05.0940 2112 BrFiltLo - ok
17:45:05.0940 2112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:45:05.0940 2112 BrFiltUp - ok
17:45:05.0987 2112 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:45:05.0987 2112 BridgeMP - ok
17:45:06.0034 2112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:45:06.0034 2112 Browser - ok
17:45:06.0096 2112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:45:06.0112 2112 Brserid - ok
17:45:06.0112 2112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:45:06.0112 2112 BrSerWdm - ok
17:45:06.0143 2112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:45:06.0158 2112 BrUsbMdm - ok
17:45:06.0158 2112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:45:06.0158 2112 BrUsbSer - ok
17:45:06.0158 2112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:45:06.0174 2112 BTHMODEM - ok
17:45:06.0205 2112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:45:06.0221 2112 bthserv - ok
17:45:06.0252 2112 catchme - ok
17:45:06.0299 2112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:45:06.0299 2112 cdfs - ok
17:45:06.0377 2112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:45:06.0377 2112 cdrom - ok
17:45:06.0439 2112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:45:06.0439 2112 CertPropSvc - ok
17:45:06.0486 2112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:45:06.0502 2112 circlass - ok
17:45:06.0611 2112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:45:06.0626 2112 CLFS - ok
17:45:06.0938 2112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:06.0954 2112 clr_optimization_v2.0.50727_32 - ok
17:45:07.0219 2112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:45:07.0219 2112 clr_optimization_v2.0.50727_64 - ok
17:45:07.0500 2112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:07.0859 2112 clr_optimization_v4.0.30319_32 - ok
17:45:08.0077 2112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:45:08.0093 2112 clr_optimization_v4.0.30319_64 - ok
17:45:08.0171 2112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:45:08.0186 2112 CmBatt - ok
17:45:08.0233 2112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:45:08.0233 2112 cmdide - ok
17:45:08.0342 2112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:45:08.0389 2112 CNG - ok
17:45:08.0452 2112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:45:08.0452 2112 Compbatt - ok
17:45:08.0467 2112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:45:08.0483 2112 CompositeBus - ok
17:45:08.0483 2112 COMSysApp - ok
17:45:08.0514 2112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:45:08.0514 2112 crcdisk - ok
17:45:08.0561 2112 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:45:08.0561 2112 CryptSvc - ok
17:45:08.0701 2112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:45:08.0701 2112 DcomLaunch - ok
17:45:08.0795 2112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:45:08.0888 2112 defragsvc - ok
17:45:08.0966 2112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:45:08.0966 2112 DfsC - ok
17:45:09.0154 2112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:45:09.0200 2112 Dhcp - ok
17:45:09.0247 2112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:45:09.0247 2112 discache - ok
17:45:09.0278 2112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:45:09.0278 2112 Disk - ok
17:45:09.0434 2112 [ E56778551BF535500D6B02E68E5BFB47 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:45:09.0481 2112 DMAgent - ok
17:45:09.0528 2112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:45:09.0528 2112 Dnscache - ok
17:45:09.0731 2112 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:45:09.0731 2112 DockLoginService - ok
17:45:09.0856 2112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:45:09.0871 2112 dot3svc - ok
17:45:09.0949 2112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:45:09.0949 2112 DPS - ok
17:45:10.0027 2112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:45:10.0043 2112 drmkaud - ok
17:45:10.0214 2112 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:45:10.0214 2112 DXGKrnl - ok
17:45:10.0292 2112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:45:10.0292 2112 EapHost - ok
17:45:10.0948 2112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:45:11.0104 2112 ebdrv - ok
17:45:11.0166 2112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:45:11.0166 2112 EFS - ok
17:45:11.0462 2112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:45:11.0650 2112 ehRecvr - ok
17:45:11.0743 2112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:45:11.0774 2112 ehSched - ok
17:45:11.0977 2112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:45:12.0024 2112 elxstor - ok
17:45:12.0086 2112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:45:12.0102 2112 ErrDev - ok
17:45:12.0383 2112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:45:12.0398 2112 EventSystem - ok
17:45:12.0851 2112 [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:45:12.0913 2112 EvtEng - ok
17:45:12.0976 2112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:45:12.0976 2112 exfat - ok
17:45:13.0069 2112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:45:13.0085 2112 fastfat - ok
17:45:13.0490 2112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:45:13.0537 2112 Fax - ok
17:45:13.0631 2112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:45:13.0646 2112 fdc - ok
17:45:13.0740 2112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:45:13.0756 2112 fdPHost - ok
17:45:13.0896 2112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:45:13.0912 2112 FDResPub - ok
17:45:13.0943 2112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:45:13.0958 2112 FileInfo - ok
17:45:13.0990 2112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:45:13.0990 2112 Filetrace - ok
17:45:14.0005 2112 FLEXnet Licensing Manager - ok
17:45:14.0083 2112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:14.0083 2112 flpydisk - ok
17:45:14.0255 2112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:45:14.0302 2112 FltMgr - ok
17:45:14.0629 2112 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:45:14.0770 2112 FontCache - ok
17:45:14.0972 2112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:45:14.0988 2112 FontCache3.0.0.0 - ok
17:45:15.0066 2112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:45:15.0066 2112 FsDepends - ok
17:45:15.0144 2112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:45:15.0144 2112 Fs_Rec - ok
17:45:15.0191 2112 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:45:15.0191 2112 fvevol - ok
17:45:15.0253 2112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:45:15.0253 2112 gagp30kx - ok
17:45:15.0331 2112 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:45:15.0331 2112 GEARAspiWDM - ok
17:45:15.0503 2112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:45:15.0659 2112 gpsvc - ok
17:45:15.0877 2112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:45:15.0877 2112 gupdate - ok
17:45:15.0877 2112 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:45:15.0877 2112 gupdatem - ok
17:45:15.0908 2112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:45:15.0908 2112 hcw85cir - ok
17:45:16.0018 2112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:16.0018 2112 HdAudAddService - ok
17:45:16.0064 2112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:45:16.0064 2112 HDAudBus - ok
17:45:16.0142 2112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:45:16.0158 2112 HidBatt - ok
17:45:16.0158 2112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:45:16.0158 2112 HidBth - ok
17:45:16.0189 2112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:45:16.0189 2112 HidIr - ok
17:45:16.0236 2112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:45:16.0252 2112 hidserv - ok
17:45:16.0283 2112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:45:16.0298 2112 HidUsb - ok
17:45:16.0361 2112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:45:16.0361 2112 hkmsvc - ok
17:45:16.0408 2112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:45:16.0423 2112 HomeGroupListener - ok
17:45:16.0470 2112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:45:16.0470 2112 HomeGroupProvider - ok
17:45:16.0548 2112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:45:16.0564 2112 HpSAMD - ok
17:45:16.0813 2112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:45:16.0985 2112 HTTP - ok
17:45:17.0047 2112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:45:17.0047 2112 hwpolicy - ok
17:45:17.0125 2112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:45:17.0141 2112 i8042prt - ok
17:45:17.0297 2112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:45:17.0344 2112 iaStorV - ok
17:45:17.0578 2112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:45:17.0624 2112 idsvc - ok
17:45:19.0949 2112 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:45:20.0136 2112 igfx - ok
17:45:20.0230 2112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:45:20.0230 2112 iirsp - ok
17:45:20.0526 2112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:45:20.0604 2112 IKEEXT - ok
17:45:20.0651 2112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:45:20.0651 2112 intelide - ok
17:45:20.0698 2112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:45:20.0698 2112 intelppm - ok
17:45:20.0744 2112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:45:20.0760 2112 IPBusEnum - ok
17:45:20.0822 2112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:20.0822 2112 IpFilterDriver - ok
17:45:21.0197 2112 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:45:21.0322 2112 iphlpsvc - ok
17:45:21.0400 2112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:45:21.0400 2112 IPMIDRV - ok
17:45:21.0478 2112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:45:21.0493 2112 IPNAT - ok
17:45:21.0758 2112 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:45:21.0805 2112 iPod Service - ok
17:45:21.0821 2112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:45:21.0821 2112 IRENUM - ok
17:45:21.0914 2112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:45:21.0914 2112 isapnp - ok
17:45:21.0946 2112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:45:21.0961 2112 iScsiPrt - ok
17:45:21.0977 2112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:45:21.0992 2112 kbdclass - ok
17:45:22.0039 2112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid  C:\Windows\system32\drivers\kbdhid.sys
17:45:22.0039 2112 kbdhid - ok
17:45:22.0070 2112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:45:22.0086 2112 KeyIso - ok
17:45:22.0148 2112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:45:22.0164 2112 KSecDD - ok
17:45:22.0289 2112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:45:22.0289 2112 KSecPkg - ok
17:45:22.0382 2112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:45:22.0382 2112 ksthunk - ok
17:45:22.0570 2112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:45:22.0585 2112 KtmRm - ok
17:45:22.0663 2112 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:45:22.0663 2112 L1C - ok
17:45:22.0772 2112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:45:22.0788 2112 LanmanServer - ok
17:45:22.0850 2112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:22.0866 2112 LanmanWorkstation - ok
17:45:23.0194 2112 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
17:45:23.0240 2112 LBTServ - ok
17:45:23.0303 2112 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:45:23.0303 2112 LHidFilt - ok
17:45:23.0365 2112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:45:23.0365 2112 lltdio - ok
17:45:23.0474 2112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:45:23.0474 2112 lltdsvc - ok
17:45:23.0537 2112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:45:23.0537 2112 lmhosts - ok
17:45:23.0599 2112 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:45:23.0599 2112 LMouFilt - ok
17:45:23.0771 2112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:45:23.0786 2112 LSI_FC - ok
17:45:23.0818 2112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:45:23.0818 2112 LSI_SAS - ok
17:45:23.0833 2112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:45:23.0833 2112 LSI_SAS2 - ok
17:45:23.0833 2112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:45:23.0833 2112 LSI_SCSI - ok
17:45:23.0864 2112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:45:23.0880 2112 luafv - ok
17:45:24.0114 2112 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:45:24.0114 2112 MBAMProtector - ok
17:45:24.0332 2112 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:45:24.0364 2112 MBAMService - ok
17:45:26.0688 2112 Mcx2Svc - ok
17:45:26.0782 2112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:45:26.0782 2112 megasas - ok
17:45:26.0844 2112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:45:26.0875 2112 MegaSR - ok
17:45:26.0953 2112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:45:26.0953 2112 MMCSS - ok
17:45:27.0000 2112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:45:27.0016 2112 Modem - ok
17:45:27.0078 2112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:45:27.0078 2112 monitor - ok
17:45:27.0109 2112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:45:27.0125 2112 mouclass - ok
17:45:27.0156 2112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:45:27.0172 2112 mouhid - ok
17:45:27.0234 2112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:45:27.0250 2112 mountmgr - ok
17:45:27.0359 2112 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:45:27.0374 2112 MozillaMaintenance - ok
17:45:27.0499 2112 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:45:27.0515 2112 MpFilter - ok
17:45:27.0546 2112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:45:27.0546 2112 mpio - ok
17:45:27.0593 2112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:45:27.0608 2112 mpsdrv - ok
17:45:27.0858 2112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:45:28.0061 2112 MpsSvc - ok
17:45:28.0139 2112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV  C:\Windows\system32\drivers\mrxdav.sys
17:45:28.0139 2112 MRxDAV - ok
17:45:28.0232 2112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:28.0295 2112 mrxsmb - ok
17:45:28.0451 2112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:28.0513 2112 mrxsmb10 - ok
17:45:28.0576 2112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:28.0576 2112 mrxsmb20 - ok
17:45:28.0638 2112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:45:28.0638 2112 msahci - ok
17:45:28.0716 2112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:45:28.0763 2112 msdsm - ok
17:45:28.0841 2112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:45:28.0856 2112 MSDTC - ok
17:45:28.0950 2112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:45:28.0950 2112 Msfs - ok
17:45:28.0997 2112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:45:28.0997 2112 mshidkmdf - ok
17:45:29.0090 2112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:45:29.0090 2112 msisadrv - ok
17:45:29.0200 2112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:45:29.0215 2112 MSiSCSI - ok
17:45:29.0215 2112 msiserver - ok
17:45:29.0246 2112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:45:29.0262 2112 MSKSSRV - ok
17:45:29.0558 2112 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:45:29.0558 2112 MsMpSvc - ok
17:45:29.0605 2112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:29.0605 2112 MSPCLOCK - ok
17:45:29.0652 2112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:45:29.0652 2112 MSPQM - ok
17:45:29.0777 2112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:45:29.0824 2112 MsRPC - ok
17:45:29.0902 2112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:45:29.0902 2112 mssmbios - ok
17:45:29.0948 2112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:45:29.0948 2112 MSTEE - ok
17:45:29.0995 2112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:45:29.0995 2112 MTConfig - ok
17:45:30.0042 2112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:45:30.0042 2112 Mup - ok
17:45:30.0198 2112 [ A94EEBD860AD00A0BFE91C0FD3F5FEB1 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:45:30.0214 2112 MyWiFiDHCPDNS - ok
17:45:30.0370 2112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:45:30.0416 2112 napagent - ok
17:45:30.0557 2112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:45:30.0604 2112 NativeWifiP - ok
17:45:30.0838 2112 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:45:30.0869 2112 NDIS - ok
17:45:30.0962 2112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:45:30.0962 2112 NdisCap - ok
17:45:30.0994 2112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:31.0009 2112 NdisTapi - ok
17:45:31.0087 2112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:31.0087 2112 Ndisuio - ok
17:45:31.0212 2112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:31.0259 2112 NdisWan - ok
17:45:31.0352 2112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:45:31.0352 2112 NDProxy - ok
17:45:31.0415 2112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:45:31.0415 2112 NetBIOS - ok
17:45:31.0555 2112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:45:31.0602 2112 NetBT - ok
17:45:31.0664 2112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:45:31.0664 2112 Netlogon - ok
17:45:31.0852 2112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:45:31.0867 2112 Netman - ok
17:45:32.0039 2112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:45:32.0086 2112 netprofm - ok
17:45:32.0179 2112 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:45:32.0195 2112 NetTcpPortSharing - ok
17:45:34.0114 2112 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:45:34.0285 2112 NETw5s64 - ok
17:45:34.0379 2112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:34.0394 2112 nfrd960 - ok
17:45:34.0769 2112 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:45:34.0784 2112 NisDrv - ok
17:45:34.0956 2112 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:45:34.0987 2112 NisSrv - ok
17:45:35.0174 2112 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:45:35.0252 2112 NlaSvc - ok
17:45:35.0315 2112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:45:35.0315 2112 Npfs - ok
17:45:35.0377 2112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:45:35.0377 2112 nsi - ok
17:45:35.0424 2112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:45:35.0424 2112 nsiproxy - ok
17:45:35.0861 2112 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:45:35.0923 2112 Ntfs - ok
17:45:35.0970 2112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:45:35.0970 2112 Null - ok
17:45:36.0173 2112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:45:36.0188 2112 nvraid - ok
17:45:36.0251 2112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:45:36.0251 2112 nvstor - ok
17:45:36.0282 2112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:45:36.0298 2112 nv_agp - ok
17:45:36.0844 2112 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:45:36.0890 2112 odserv - ok
17:45:36.0953 2112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:45:36.0968 2112 ohci1394 - ok
17:45:37.0078 2112 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:45:37.0109 2112 ose - ok
17:45:37.0312 2112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:45:37.0421 2112 p2pimsvc - ok
17:45:37.0546 2112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:45:37.0624 2112 p2psvc - ok
17:45:37.0686 2112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:45:37.0686 2112 Parport - ok
17:45:37.0733 2112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:45:37.0748 2112 partmgr - ok
17:45:37.0795 2112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:45:37.0795 2112 PcaSvc - ok
17:45:37.0889 2112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:45:37.0889 2112 pci - ok
17:45:37.0951 2112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:45:37.0951 2112 pciide - ok
17:45:37.0998 2112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:45:37.0998 2112 pcmcia - ok
17:45:38.0029 2112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:45:38.0029 2112 pcw - ok
17:45:38.0060 2112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:45:38.0076 2112 PEAUTH - ok
17:45:38.0092 2112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:45:38.0092 2112 PerfHost - ok
17:45:38.0201 2112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:45:38.0232 2112 pla - ok
17:45:38.0310 2112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:45:38.0326 2112 PlugPlay - ok
17:45:38.0341 2112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:45:38.0341 2112 PNRPAutoReg - ok
17:45:38.0388 2112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:45:38.0388 2112 PNRPsvc - ok
17:45:38.0497 2112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:45:38.0513 2112 PolicyAgent - ok
17:45:38.0544 2112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:45:38.0544 2112 Power - ok
17:45:38.0591 2112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:45:38.0591 2112 PptpMiniport - ok
17:45:38.0606 2112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:45:38.0622 2112 Processor - ok
17:45:38.0653 2112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:45:38.0669 2112 ProfSvc - ok
17:45:38.0700 2112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:38.0700 2112 ProtectedStorage - ok
17:45:38.0747 2112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:45:38.0747 2112 Psched - ok
17:45:38.0825 2112 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:45:38.0825 2112 PxHlpa64 - ok
17:45:38.0950 2112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:45:38.0996 2112 ql2300 - ok
17:45:39.0059 2112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:45:39.0059 2112 ql40xx - ok
17:45:39.0121 2112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:45:39.0121 2112 QWAVE - ok
17:45:39.0199 2112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:45:39.0215 2112 QWAVEdrv - ok
17:45:39.0230 2112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:45:39.0246 2112 RasAcd - ok
17:45:39.0277 2112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:45:39.0293 2112 RasAgileVpn - ok
17:45:39.0340 2112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:45:39.0340 2112 RasAuto - ok
17:45:39.0402 2112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:39.0402 2112 Rasl2tp - ok
17:45:39.0464 2112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:45:39.0480 2112 RasMan - ok
17:45:39.0511 2112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:39.0527 2112 RasPppoe - ok
17:45:39.0542 2112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:45:39.0558 2112 RasSstp - ok
17:45:39.0620 2112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:45:39.0620 2112 rdbss - ok
17:45:39.0667 2112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:39.0667 2112 rdpbus - ok
17:45:39.0683 2112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:39.0683 2112 RDPCDD - ok
17:45:39.0698 2112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:45:39.0698 2112 RDPENCDD - ok
17:45:39.0714 2112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:45:39.0714 2112 RDPREFMP - ok
17:45:39.0761 2112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:45:39.0776 2112 RDPWD - ok
17:45:39.0808 2112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:45:39.0808 2112 rdyboost - ok
17:45:39.0948 2112 [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:45:39.0964 2112 RegSrvc - ok
17:45:39.0964 2112 RemoteAccess - ok
17:45:40.0010 2112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:45:40.0010 2112 RemoteRegistry - ok
17:45:40.0026 2112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:45:40.0042 2112 RpcEptMapper - ok
17:45:40.0057 2112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:45:40.0073 2112 RpcLocator - ok
17:45:40.0151 2112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:45:40.0151 2112 RpcSs - ok
17:45:40.0229 2112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:45:40.0229 2112 rspndr - ok
17:45:40.0260 2112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:45:40.0260 2112 SamSs - ok
17:45:40.0291 2112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:45:40.0307 2112 sbp2port - ok
17:45:40.0338 2112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:45:40.0354 2112 SCardSvr - ok
17:45:40.0400 2112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:45:40.0400 2112 scfilter - ok
17:45:40.0463 2112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:45:40.0494 2112 Schedule - ok
17:45:40.0541 2112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:45:40.0541 2112 SCPolicySvc - ok
17:45:40.0588 2112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:45:40.0588 2112 SDRSVC - ok
17:45:40.0634 2112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:45:40.0634 2112 secdrv - ok
17:45:40.0666 2112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:45:40.0666 2112 seclogon - ok
17:45:40.0697 2112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:45:40.0697 2112 SENS - ok
17:45:40.0712 2112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:45:40.0712 2112 SensrSvc - ok
17:45:40.0728 2112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:45:40.0728 2112 Serenum - ok
17:45:40.0759 2112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:45:40.0775 2112 Serial - ok
17:45:40.0806 2112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:45:40.0806 2112 sermouse - ok
17:45:40.0853 2112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:45:40.0868 2112 SessionEnv - ok
17:45:40.0915 2112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:45:40.0915 2112 sffdisk - ok
17:45:40.0931 2112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:45:40.0946 2112 sffp_mmc - ok
17:45:40.0962 2112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:45:40.0962 2112 sffp_sd - ok
17:45:40.0993 2112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:45:40.0993 2112 sfloppy - ok
17:45:41.0087 2112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:45:41.0087 2112 SharedAccess - ok
17:45:41.0134 2112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:41.0149 2112 ShellHWDetection - ok
17:45:41.0180 2112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:45:41.0180 2112 SiSRaid2 - ok
17:45:41.0196 2112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:45:41.0196 2112 SiSRaid4 - ok
17:45:41.0227 2112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:45:41.0227 2112 Smb - ok
17:45:41.0258 2112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:45:41.0258 2112 SNMPTRAP - ok
17:45:41.0274 2112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:45:41.0274 2112 spldr - ok
17:45:41.0368 2112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:45:41.0383 2112 Spooler - ok
17:45:41.0477 2112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:45:41.0539 2112 sppsvc - ok
17:45:41.0586 2112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:45:41.0602 2112 sppuinotify - ok
17:45:41.0664 2112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:45:41.0680 2112 srv - ok
17:45:41.0695 2112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:45:41.0695 2112 srv2 - ok
17:45:41.0726 2112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:45:41.0726 2112 srvnet - ok
17:45:41.0758 2112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:45:41.0773 2112 SSDPSRV - ok
17:45:41.0789 2112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:45:41.0789 2112 SstpSvc - ok
17:45:41.0820 2112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:45:41.0820 2112 stexstor - ok
17:45:41.0867 2112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:45:41.0882 2112 stisvc - ok
17:45:41.0914 2112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:45:41.0914 2112 swenum - ok
17:45:42.0132 2112 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:45:42.0148 2112 SwitchBoard - ok
17:45:42.0179 2112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:45:42.0179 2112 swprv - ok
17:45:42.0257 2112 [ C25866BDF0E818E02BB8E76845D26E54 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:45:42.0257 2112 SynTP - ok
17:45:42.0538 2112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:45:42.0584 2112 SysMain - ok
17:45:42.0616 2112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:45:42.0616 2112 TabletInputService - ok
17:45:42.0694 2112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:45:42.0709 2112 TapiSrv - ok
17:45:42.0725 2112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:45:42.0740 2112 TBS - ok
17:45:42.0818 2112 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:45:42.0896 2112 Tcpip - ok
17:45:42.0928 2112 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:45:42.0943 2112 TCPIP6 - ok
17:45:43.0084 2112 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:45:43.0084 2112 tcpipreg - ok
17:45:43.0130 2112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:45:43.0146 2112 TDPIPE - ok
17:45:43.0177 2112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:45:43.0177 2112 TDTCP - ok
17:45:43.0224 2112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:45:43.0224 2112 tdx - ok
17:45:43.0240 2112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:45:43.0240 2112 TermDD - ok
17:45:43.0255 2112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:45:43.0255 2112 TermService - ok
17:45:43.0286 2112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:45:43.0286 2112 Themes - ok
17:45:43.0302 2112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:45:43.0302 2112 THREADORDER - ok
17:45:43.0318 2112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:45:43.0318 2112 TrkWks - ok
17:45:43.0380 2112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:45:43.0380 2112 TrustedInstaller - ok
17:45:43.0411 2112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:43.0411 2112 tssecsrv - ok
17:45:43.0442 2112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:45:43.0442 2112 TsUsbFlt - ok
17:45:43.0489 2112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:45:43.0489 2112 tunnel - ok
17:45:43.0552 2112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:45:43.0552 2112 uagp35 - ok
17:45:43.0614 2112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:45:43.0614 2112 udfs - ok
17:45:43.0645 2112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:45:43.0661 2112 UI0Detect - ok
17:45:43.0676 2112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:45:43.0676 2112 uliagpkx - ok
17:45:43.0708 2112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:45:43.0708 2112 umbus - ok
17:45:43.0723 2112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:45:43.0739 2112 UmPass - ok
17:45:43.0754 2112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:45:43.0754 2112 upnphost - ok
17:45:43.0801 2112 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:45:43.0801 2112 USBAAPL64 - ok
17:45:43.0832 2112 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:43.0832 2112 usbccgp - ok
17:45:43.0879 2112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:45:43.0879 2112 usbcir - ok
17:45:43.0910 2112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:45:43.0910 2112 usbehci - ok
17:45:43.0957 2112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:45:43.0957 2112 usbhub - ok
17:45:44.0004 2112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:45:44.0004 2112 usbohci - ok
17:45:44.0020 2112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:45:44.0020 2112 usbprint - ok
17:45:44.0098 2112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:44.0098 2112 USBSTOR - ok
17:45:44.0113 2112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:45:44.0129 2112 usbuhci - ok
17:45:44.0144 2112 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:45:44.0144 2112 usbvideo - ok
17:45:44.0176 2112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:45:44.0176 2112 UxSms - ok
17:45:44.0191 2112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:45:44.0191 2112 VaultSvc - ok
17:45:44.0207 2112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:45:44.0207 2112 vdrvroot - ok
17:45:44.0472 2112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:45:44.0488 2112 vds - ok
17:45:44.0534 2112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:44.0550 2112 vga - ok
17:45:44.0566 2112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:45:44.0566 2112 VgaSave - ok
17:45:44.0612 2112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:45:44.0612 2112 vhdmp - ok
17:45:44.0644 2112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:45:44.0644 2112  viaide - ok
17:45:44.0659 2112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:45:44.0659 2112 volmgr - ok
17:45:44.0706 2112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:45:44.0706 2112 volmgrx - ok
17:45:44.0722 2112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:45:44.0722 2112 volsnap - ok
17:45:44.0768 2112 vphqgfxu - ok
17:45:44.0815 2112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:44.0815 2112 vsmraid - ok
17:45:45.0018 2112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:45:45.0049 2112 VSS - ok
17:45:45.0065 2112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:45:45.0065 2112 vwifibus - ok
17:45:45.0080 2112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:45:45.0080 2112 vwififlt - ok
17:45:45.0096 2112 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:45:45.0096 2112 vwifimp - ok
17:45:45.0205 2112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:45:45.0205 2112 W32Time - ok
17:45:45.0221 2112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:45:45.0236 2112 WacomPen - ok
17:45:45.0268 2112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:45:45.0268 2112 WANARP - ok
17:45:45.0268 2112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:45:45.0268 2112 Wanarpv6 - ok
17:45:45.0314 2112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:45:45.0361 2112 WatAdminSvc - ok
17:45:45.0424 2112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:45:45.0455 2112 wbengine - ok
17:45:45.0470 2112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:45:45.0486 2112 WbioSrvc - ok
17:45:45.0517 2112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:45:45.0533 2112 wcncsvc - ok
17:45:45.0548 2112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:45:45.0548 2112 WcsPlugInService - ok
17:45:45.0564 2112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:45:45.0564 2112 Wd - ok
17:45:45.0611 2112 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:45:45.0611 2112 WDC_SAM - ok
17:45:45.0642 2112 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:45:45.0658 2112 Wdf01000 - ok
17:45:45.0673 2112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:45:45.0673 2112 WdiServiceHost - ok
17:45:45.0673 2112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:45:45.0673 2112 WdiSystemHost - ok
17:45:45.0720 2112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:45:45.0736 2112 WebClient - ok
17:45:45.0751 2112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:45:45.0751 2112 Wecsvc - ok
17:45:45.0767 2112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:45:45.0767 2112 wercplsupport - ok
17:45:45.0782 2112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:45:45.0782 2112 WerSvc - ok
17:45:45.0814 2112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:45.0814 2112 WfpLwf - ok
17:45:45.0860 2112 [ 971423A6B38DDC1501BF1752987DCFD6 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:45:45.0860 2112 WiMAXAppSrv - ok
17:45:45.0892 2112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:45:45.0892 2112 WIMMount - ok
17:45:46.0001 2112 WinDefend - ok
17:45:46.0016 2112 WinHttpAutoProxySvc - ok
17:45:46.0079 2112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:45:46.0094 2112 Winmgmt - ok
17:45:46.0360 2112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:45:46.0422 2112 WinRM - ok
17:45:46.0453 2112 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:46.0469 2112 WinUsb - ok
17:45:46.0516 2112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:45:46.0547 2112 Wlansvc - ok
17:45:46.0687 2112 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:45:46.0734 2112 wlidsvc - ok
17:45:46.0765 2112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:45:46.0765 2112 WmiAcpi - ok
17:45:46.0843 2112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:45:46.0859 2112 wmiApSrv - ok
17:45:46.0906 2112 WMPNetworkSvc - ok
17:45:46.0921 2112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:45:46.0921 2112 WPCSvc - ok
17:45:46.0968 2112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:45:46.0968 2112 WPDBusEnum - ok
17:45:47.0015 2112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:45:47.0015 2112 ws2ifsl - ok
17:45:47.0077 2112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:45:47.0077 2112 wscsvc - ok
17:45:47.0140 2112 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:45:47.0140 2112 WSDPrintDevice - ok
17:45:47.0155 2112 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
17:45:47.0155 2112 WSDScan - ok
17:45:47.0171 2112 WSearch - ok
17:45:47.0280 2112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:45:47.0342 2112 wuauserv - ok
17:45:47.0374 2112 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:45:47.0389 2112 WudfPf - ok
17:45:47.0420 2112 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:47.0420 2112 WUDFRd - ok
17:45:47.0467 2112 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:45:47.0467 2112 wudfsvc - ok
17:45:47.0514 2112 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:45:47.0514 2112 WwanSvc - ok
17:45:47.0530 2112 ================ Scan global ===============================
17:45:47.0717 2112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:45:47.0779 2112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:47.0795 2112 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:47.0842 2112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:45:47.0873 2112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:45:47.0873 2112 [Global] - ok
17:45:47.0873 2112 ================ Scan MBR ==================================
17:45:47.0888 2112 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:45:49.0355 2112 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:45:49.0355 2112 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:45:49.0355 2112 ================ Scan VBR ==================================
17:45:49.0402 2112 [ 39493ED361059959419BC84AA0468C20 ] \Device\Harddisk0\DR0\Partition1
17:45:49.0402 2112 \Device\Harddisk0\DR0\Partition1 - ok
17:45:49.0448 2112 [ 8F55C3FFAAB85E891A2F64F2D2CB9B2A ] \Device\Harddisk0\DR0\Partition2
17:45:49.0448 2112 \Device\Harddisk0\DR0\Partition2 - ok
17:45:49.0448 2112 ============================================================
17:45:49.0448 2112 Scan finished
17:45:49.0448 2112 ============================================================
17:45:49.0464 2880 Detected object count: 1
17:45:49.0464 2880 Actual detected object count: 1
17:46:25.0032 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:46:25.0032 2880 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
17:46:43.0549 2372 Deinitialize success


----------



## CatByte (Feb 24, 2009)

OK,

Please run the following:

Refer to the *ComboFix User's Guide*


 Download ComboFix from the following location:

*Link *

** IMPORTANT !!! Place ComboFix.exe on your Desktop*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs *here*

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
 When finished, it shall produce a log for you. Post that log in your next reply

*Note: 
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.*

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message *"illegal operation attempted on registry key that has been marked for deletion"* and no programs will run - please just reboot and that will resolve that error.


----------



## JonesIndustries (Aug 18, 2012)

Combofix report

ComboFix 12-09-06.02 - JOHN 09/06/2012 18:19:32.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7989.6002 [GMT -7:00]
Running from: c:\users\JOHN\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 01:25 . 2012-09-07 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 18:40 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BDBB593-380F-4733-B871-33ED73AB0197}\gapaengine.dll
2012-09-03 18:40 . 2012-08-28 08:49 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ABAFE81-F3F4-4515-AF62-6E756CCAA88D}\mpengine.dll
2012-09-03 18:38 . 2012-09-03 18:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-03 18:38 . 2012-09-03 18:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-03 18:31 . 2012-09-03 18:31 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-03 18:30 . 2012-09-03 18:38 -------- d-----w- c:\users\JOHN\AppData\Roaming\uTorrent
2012-08-29 21:15 . 2012-08-29 21:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\users\JOHN\AppData\Roaming\Malwarebytes
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 20:12 . 2012-08-28 20:12 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 20:12 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 19:17 . 2012-08-28 19:18 -------- d-----w- c:\windows\system32\MpEngineStore
2012-08-26 15:34 . 2012-08-26 15:34 -------- d-----w- C:\WINSSLog
2012-08-20 23:41 . 2012-08-20 23:41 50392 ----a-w- c:\windows\system32\drivers\elyvtctz.sys
2012-08-20 16:06 . 2012-08-20 16:06 328704 ----a-w- c:\windows\system32\services.exe.E68069FAE2D3A59E
2012-08-16 21:07 . 2012-08-16 21:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-15 09:13 . 2012-08-15 09:13 1837568 ----a-w- c:\windows\SysWow64\Mcx2Svc.dll
2012-08-15 01:03 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 01:03 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 01:03 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 01:03 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 01:03 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 01:03 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 01:03 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 01:03 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 01:03 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 01:03 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 01:03 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 01:03 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 04:49 . 2012-08-13 04:49 -------- d-----w- c:\users\JOHN\AppData\Roaming\Xilisoft
2012-08-13 02:40 . 2012-08-13 02:40 -------- d-----w- c:\programdata\Xilisoft
2012-08-13 02:39 . 2012-08-13 02:39 -------- d-----w- c:\program files (x86)\Xilisoft
2012-08-11 10:00 . 2012-08-11 10:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-09 19:19 . 2012-08-09 19:19 -------- d-----w- c:\program files (x86)\Nuance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 01:27 . 2011-05-13 17:43 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 00:50 . 2012-04-01 21:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:50 . 2011-05-14 15:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 15:26 . 2012-07-03 15:26 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-03 15:26 . 2012-07-03 15:26 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-09 05:43 . 2012-07-11 13:00 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-06_00.45.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-07 01:25 . 2012-09-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-06 00:44 . 2012-09-06 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-07 01:25 . 2012-09-07 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-06 00:44 . 2012-09-06 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-09-07 01:25 361600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-06 00:43 361600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-13 20:28 . 2012-09-07 01:25 33109308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3903430519-452506101-3320713040-1000-8192.dat
- 2011-05-13 20:28 . 2012-09-06 00:43 33109308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3903430519-452506101-3320713040-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Belkin Storage Manager"="c:\program files (x86)\Belkin Storage Manager\StorageManager.exe" [2009-02-04 858624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AdobeCS5ServiceManager"="c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-14 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R1 vphqgfxu;vphqgfxu;c:\windows\system32\drivers\vphqgfxu.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:50]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 05:42]
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-31 05:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-09-06 18:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-07 01:32
ComboFix2.txt 2012-09-06 00:52
ComboFix3.txt 2012-08-28 22:06
ComboFix4.txt 2012-08-28 20:10
ComboFix5.txt 2012-09-07 01:18
.
Pre-Run: 64,205,762,560 bytes free
Post-Run: 64,121,294,848 bytes free
.
- - End Of File - - 9848356559A12F760182A1FA6E303FD2


----------



## CatByte (Feb 24, 2009)

please run the following:


Download RogueKiller and save it to your desktop. 
*Quit* all other programs
Start *RogueKiller.exe*
Wait until the *Prescan* has finished ... 
Click on *Scan*








Wait for the end of the scan
Click on *Report* when the scan has finished, copy/paste the content of the notepad into your next reply


----------



## JonesIndustries (Aug 18, 2012)

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Scan -- Date : 09/06/2012 19:44:00

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS ATA Device +++++
--- User ---
[MBR] 916d29861c5bf5308cbc222eab99f17b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## CatByte (Feb 24, 2009)

OK

re-run roguekiller and choose to DELETE what has been found

post the new logs


----------



## JonesIndustries (Aug 18, 2012)

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Scan -- Date : 09/06/2012 19:44:00

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> FOUND
[ZeroAccess][FILE] @ : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS ATA Device +++++
--- User ---
[MBR] 916d29861c5bf5308cbc222eab99f17b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## CatByte (Feb 24, 2009)

there should be a newer log on your desktop after the deletions?


----------



## JonesIndustries (Aug 18, 2012)

Whoops, selected the wrong one. Sorry about that.

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Remove -- Date : 09/06/2012 20:24:20

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[SUSP PATH] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[RESIDUE] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[RESIDUE] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[RESIDUE] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]
[RESIDUE] browsemngr.exe -- C:\ProgramData\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> REMOVED
[ZeroAccess][FILE] @ : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\JOHN\AppData\Local\{56a7f5f7-197b-e22b-4a2e-e11e15c4b4f5}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS ATA Device +++++
--- User ---
[MBR] 916d29861c5bf5308cbc222eab99f17b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


----------



## CatByte (Feb 24, 2009)

looks better

Please do the following:


Please open your *MalwareBytes AntiMalware* Program
Click the *Update Tab* and *search for updates*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
*Copy&Paste the entire report in your next reply.*

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

Go *here* to run an online scanner from *ESET.*

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activeX control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked* and the *Scan Archives* option is ticked.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Click *Scan*
Wait for the scan to finish
When the scan completes, press the *LIST OF THREATS FOUND* button
Press *EXPORT TO TEXT FILE *, name the file *ESETSCAN* and save it to your desktop 
Include the contents of this report in your next reply.
Press the *BACK* button.
Press *Finish*


----------



## JonesIndustries (Aug 18, 2012)

ESET is scanning. I'll put it up as soon as it finishes.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JOHN :: JOHN-PC [administrator]

Protection: Enabled

9/6/2012 8:53:43 PM
mbam-log-2012-09-06 (20-53-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198451
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-3903430519-452506101-3320713040-1000\$RXV29HH.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)

2012/09/06 17:43:49 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 17:43:50 -0700 JOHN-PC JOHN MESSAGE Executing scheduled update: Daily
2012/09/06 17:43:51 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 17:43:54 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 17:43:56 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 17:44:02 -0700 JOHN-PC  JOHN MESSAGE Scheduled update executed successfully: database updated from version v2012.09.05.11 to version v2012.09.07.01
2012/09/06 17:44:02 -0700 JOHN-PC JOHN MESSAGE Starting database refresh
2012/09/06 17:44:02 -0700 JOHN-PC JOHN MESSAGE Stopping IP protection
2012/09/06 17:46:19 -0700 JOHN-PC JOHN MESSAGE IP Protection stopped
2012/09/06 17:46:21 -0700 JOHN-PC JOHN MESSAGE Database refreshed successfully
2012/09/06 17:46:21 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 17:46:22 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 17:50:16 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 17:50:18 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 17:50:21 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 17:50:23 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 18:17:00 -0700 JOHN-PC JOHN MESSAGE Stopping IP protection
2012/09/06 18:19:25 -0700 JOHN-PC JOHN MESSAGE IP Protection stopped
2012/09/06 19:27:50 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 19:27:52 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 19:27:55 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 19:27:57 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 19:39:49 -0700 JOHN-PC JOHN MESSAGE Stopping IP protection
2012/09/06 19:39:50 -0700 JOHN-PC JOHN DETECTION C:\Users\JOHN\Desktop\PDFCreatorSetup.exe Adware.Agent ALLOW
2012/09/06 19:39:50 -0700 JOHN-PC JOHN DETECTION C:\Users\JOHN\Desktop\PDFCreatorSetup.exe Adware.Agent ALLOW
2012/09/06 19:39:50 -0700 JOHN-PC JOHN DETECTION C:\Users\JOHN\Desktop\PDFCreatorSetup.exe Adware.Agent ALLOW
2012/09/06 19:39:50 -0700 JOHN-PC JOHN DETECTION C:\Users\JOHN\Desktop\PDFCreatorSetup.exe Adware.Agent ALLOW
2012/09/06 19:39:54 -0700 JOHN-PC JOHN DETECTION C:\Users\JOHN\Desktop\PDFCreatorSetup.exe Adware.Agent ALLOW
2012/09/06 19:42:22 -0700 JOHN-PC JOHN MESSAGE IP Protection stopped
2012/09/06 20:43:38 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 20:43:41 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 20:43:44 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 20:43:46 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 20:49:58 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 20:50:00 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 20:50:03 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 20:50:05 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 20:52:58 -0700 JOHN-PC JOHN MESSAGE Starting database refresh
2012/09/06 20:52:58 -0700 JOHN-PC JOHN MESSAGE Stopping IP protection
2012/09/06 20:55:25 -0700 JOHN-PC JOHN MESSAGE IP Protection stopped
2012/09/06 20:55:27 -0700 JOHN-PC JOHN MESSAGE Database refreshed successfully
2012/09/06 20:55:27 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 20:55:29 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully
2012/09/06 21:00:20 -0700 JOHN-PC JOHN MESSAGE Starting protection
2012/09/06 21:00:22 -0700 JOHN-PC JOHN MESSAGE Protection started successfully
2012/09/06 21:00:25 -0700 JOHN-PC JOHN MESSAGE Starting IP protection
2012/09/06 21:00:27 -0700 JOHN-PC JOHN MESSAGE IP Protection started successfully


----------



## JonesIndustries (Aug 18, 2012)

C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application


----------



## CatByte (Feb 24, 2009)

*C:\Program Files (x86)\PDFCreator\message.exe* you can right click and delete this installer file if you no longer need it.

*NEXT*

Please download Farbar Service Scanner and run it 
Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## JonesIndustries (Aug 18, 2012)

Farbar Service Scanner Version: 06-08-2012
Ran by JOHN (administrator) on 07-09-2012 at 14:24:54
Running from "C:\Users\JOHN\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## CatByte (Feb 24, 2009)

Your BITS registry key is missing so we need to replace it or Windows update wont work, please download the attached registry fix and save it to your desktop.
Right click and choose to *Merge* it into your registry (then delete the file as you wont need it again)

Now reboot the computer and check that windows update is working correctly.


----------



## JonesIndustries (Aug 18, 2012)

Success. It Updated. You rock.


----------



## CatByte (Feb 24, 2009)

Good 

Does MSE update correctly now? If not, you may need to uninstall and re-install it,

now that the infection appears to be clear, you can re-run TDSSKiller as you did before and this time choose to delete the TDSS File system it found


please advise how the computer is running now and if there are any outstanding issues


----------



## JonesIndustries (Aug 18, 2012)

The svchost warning hasn't come up in a while so that's good I think. When I download roguekiller I got some babylon search tab that keeps popping up. Any quick way to 86 that? I uninstalled everything that had babylon but every new tab in firefox is opened in a babylon tab.


----------



## CatByte (Feb 24, 2009)

please run the following:

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select *All Users*
Under the Custom Scan box paste this in
*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Post both logs


----------



## JonesIndustries (Aug 18, 2012)

OTL logfile created on: 9/7/2012 3:35:06 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\JOHN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 76.27% Memory free
15.60 Gb Paging File | 13.71 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 57.71 Gb Free Space | 9.68% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: JOHN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 19:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2010/01/19 17:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2010/01/19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2010/01/19 17:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:*64bit:* - [2009/09/15 21:59:44 | 000,907,264 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:*64bit:* - [2009/09/15 21:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:*64bit:* - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/06 20:43:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 02:13:12 | 001,837,568 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2012/08/14 17:50:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/05/06 18:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/01/13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:*64bit:* - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2009/09/15 21:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:*64bit:* - [2009/09/15 21:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:*64bit:* - [2009/09/15 21:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:*64bit:* - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:*64bit:* - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ea1a1c51000000000000f04da26220ab
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ea1a1c51000000000000f04da26220ab
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 04 12 9F B9 11 CC 01 [binary data]
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=3612_6&babsrc=SP_ss&mntrId=ea1a1c51000000000000f04da26220ab
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{EC3393B8-E9E3-467A-802F-340E636B60AD}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp3tst&p={searchTerms}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp3tst"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/26 21:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 20:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/13 18:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Extensions
[2012/09/07 14:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions
[2012/06/19 14:45:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/04/25 14:46:04 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/05/13 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/06 20:43:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/26 09:15:21 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 14:14:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 14:14:58 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: AVG Safe Search = C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/09/06 18:26:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:*64bit:* - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:*64bit:* - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529D71E2-43C3-4193-8913-98B4A8DD7211}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:*64bit:* - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: Mcx2Svc - C:\Windows\SysWOW64\Mcx2Svc.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 15:32:44 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/07 15:05:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/06 21:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/06 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\JOHN\Desktop\RK_Quarantine
[2012/09/06 19:40:43 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2012/09/06 18:32:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/06 18:26:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/06 18:18:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/03 11:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/03 11:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/03 11:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/09/03 11:30:17 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/28 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Malwarebytes
[2012/08/28 13:12:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/28 12:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/08/26 08:34:39 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/08/20 17:12:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 17:12:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 17:12:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 17:03:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 17:03:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 14:07:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/16 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Local\{C783B4D1-2062-4289-997B-CF0533F94C90}
[2012/08/16 13:16:35 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Local\{59876DC3-BD98-43F3-9A26-487BB8ACAAE1}
[2012/08/12 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/12 19:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/08/12 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/08/12 19:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/08/11 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/09 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/07 15:15:38 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 15:15:38 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 15:08:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 15:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 15:07:55 | 1987,461,119 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 15:06:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 18:26:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/05 16:32:17 | 000,729,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/05 16:32:17 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/05 16:32:17 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/03 11:38:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/03 11:38:26 | 000,743,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/19 12:51:06 | 000,007,605 | ---- | M] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2012/08/15 02:13:19 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/14 18:54:19 | 004,867,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/12 21:31:46 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/03 11:38:33 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/20 17:46:15 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/20 17:45:59 | 000,743,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 17:12:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 17:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 17:12:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 17:12:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 17:12:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 02:13:19 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/12 19:40:07 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/07 17:05:51 | 000,007,605 | ---- | C] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2011/05/14 23:21:15 | 000,000,024 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\Final Draft Tagger Preferences
[2011/05/14 16:14:54 | 000,000,760 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\setup_ldm.iss
[2011/05/13 22:08:29 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/11 19:15:08 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/11 19:15:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== LOP Check ==========

[2011/08/09 22:04:21 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Amazon
[2012/08/26 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\AVG2012
[2012/09/07 15:09:07 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Dropbox
[2012/08/20 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\DVDVideoSoft
[2011/05/13 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Final Draft
[2011/08/25 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Garmin
[2012/04/30 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\GoPro
[2011/12/07 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\IObit
[2011/05/14 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Leadertech
[2011/05/14 08:29:42 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PCDr
[2011/05/14 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/03 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/12 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/14 18:53:12 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9640320AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - 
Interface type: USB
Media Type: 
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 596.00GB
Starting Offset: 105906176
Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 9/7/2012 3:35:06 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\JOHN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.95 Gb Available Physical Memory | 76.27% Memory free
15.60 Gb Paging File | 13.71 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 57.71 Gb Free Space | 9.68% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: JOHN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

[HKEY_USERS\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1B76ECEB-8044-4C1E-8083-9BDF21D7A0D2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3A9126A-C66F-4BE0-AFC6-46CD6147ECE8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{77F2435B-76C4-415F-BAB6-77A962EBE780}C:\program files (x86)\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
"TCP Query User{A726DAE2-8153-45ED-ACCE-285029F87F72}C:\program files (x86)\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
"TCP Query User{C4801D13-A858-4893-9466-C5D743456A00}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"UDP Query User{040E21AE-E2C4-4C3B-A153-A0BA87DE25B4}C:\program files (x86)\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
"UDP Query User{55757F02-68F5-40F7-BAC7-67FEBB3F570C}C:\program files (x86)\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\belkin storage manager\storagemanager.exe | 
"UDP Query User{E397EACF-D4F4-496B-A51D-6FFBDE0755CC}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{00AF82FC-00F1-1375-87C4-0578364E036B}" = ATI Catalyst Install Manager
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi Software
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Dell Dock" = Dell Dock
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"GoPro CineForm Studio" = GoPro CineForm Studio 1.1.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoStitch" = Canon Utilities PhotoStitch
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Xilisoft DVD Ripper Ultimate" = Xilisoft DVD Ripper Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2012 3:18:15 PM | Computer Name = JOHN-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/5/2012 7:58:53 PM | Computer Name = JOHN-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/6/2012 9:18:33 PM | Computer Name = JOHN-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/6/2012 9:51:14 PM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/7/2012 12:00:57 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/7/2012 12:01:00 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/7/2012 12:01:19 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/7/2012 12:01:20 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/7/2012 12:01:23 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/7/2012 12:01:25 AM | Computer Name = JOHN-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JOHN\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components 
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 9/7/2012 5:38:06 PM | Computer Name = JOHN-PC | Source = Service Control Manager | ID = 7000
Description = The FLEXnet Licensing Manager for Adobe Products service failed to
start due to the following error: %%2

Error - 9/7/2012 5:38:18 PM | Computer Name = JOHN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA

Error - 9/7/2012 5:39:00 PM | Computer Name = JOHN-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 9/7/2012 5:39:00 PM | Computer Name = JOHN-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 9/7/2012 5:40:13 PM | Computer Name = JOHN-PC | Source = DCOM | ID = 10016
Description =

Error - 9/7/2012 6:08:15 PM | Computer Name = JOHN-PC | Source = Service Control Manager | ID = 7000
Description = The FLEXnet Licensing Manager for Adobe Products service failed to
start due to the following error: %%2

Error - 9/7/2012 6:08:27 PM | Computer Name = JOHN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA

Error - 9/7/2012 6:09:01 PM | Computer Name = JOHN-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 9/7/2012 6:09:01 PM | Computer Name = JOHN-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 9/7/2012 6:10:29 PM | Computer Name = JOHN-PC | Source = DCOM | ID = 10016
Description =

< End of report >


----------



## CatByte (Feb 24, 2009)

Please run the following:

Run *OTL.exe*

Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=110...00f04da26220ab
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110...00f04da26220ab
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=3612_6&babsrc=SP_ss&mntrId=ea1a1c510000000 00000f04da26220ab
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Please let me know how the computer is running


----------



## JonesIndustries (Aug 18, 2012)

All processes killed
========== OTL ==========
HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "Search the web (Babylon)" removed from sweetim.toolbar.previous.browser.search.defaultenginename
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\JOHN\Desktop\cmd.bat deleted successfully.
C:\Users\JOHN\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JOHN
->Temp folder emptied: 63558198 bytes
->Temporary Internet Files folder emptied: 7979816 bytes
->FireFox cache emptied: 172097120 bytes
->Google Chrome cache emptied: 6292340 bytes
->Flash cache emptied: 73918 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119083183 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 65234864 bytes
RecycleBin emptied: 1423978 bytes

Total Files Cleaned = 416.00 mb

OTL by OldTimer - Version 3.2.61.1 log created on 09072012_160742

Files\Folders moved on Reboot...
C:\Users\JOHN\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## CatByte (Feb 24, 2009)

how is the computer running now?


----------



## JonesIndustries (Aug 18, 2012)

It seems to be working good. The babylon stuff is still popping up but I wasn't sure if that's anything you were worried about. It seems faster on boot-up too.


----------



## CatByte (Feb 24, 2009)

It shouldn't be

please look in Programs and Features and see if there is anything there with Babylon in the title and remove it

please run another scan with OTL


----------



## JonesIndustries (Aug 18, 2012)

The search tabe is what keeps popping up. If it's not something that'll screw up my computer, no worries. I don't want to bother you any more than I already have.

OTL logfile created on: 9/7/2012 6:10:16 PM - Run 2
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\JOHN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 77.19% Memory free
15.60 Gb Paging File | 13.78 Gb Available in Paging File | 88.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 57.00 Gb Free Space | 9.56% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: JOHN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 19:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2010/01/19 17:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2010/01/19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2010/01/19 17:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:*64bit:* - [2009/09/15 21:59:44 | 000,907,264 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:*64bit:* - [2009/09/15 21:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:*64bit:* - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/15 02:13:12 | 001,837,568 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2012/08/14 17:50:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/05/06 18:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/01/13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:*64bit:* - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2009/09/15 21:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:*64bit:* - [2009/09/15 21:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:*64bit:* - [2009/09/15 21:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:*64bit:* - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:*64bit:* - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 04 12 9F B9 11 CC 01 [binary data]
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
IE - HKCU\..\SearchScopes\{EC3393B8-E9E3-467A-802F-340E636B60AD}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp3tst&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp3tst"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/26 21:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 20:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/13 18:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Extensions
[2012/09/07 14:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions
[2012/06/19 14:45:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/04/25 14:46:04 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/05/13 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/06 20:43:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/26 09:15:21 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 14:14:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 14:14:58 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: AVG Safe Search = C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/09/07 16:07:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:*64bit:* - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529D71E2-43C3-4193-8913-98B4A8DD7211}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:*64bit:* - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 16:07:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 15:32:44 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/07 15:05:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/06 21:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/06 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\JOHN\Desktop\RK_Quarantine
[2012/09/06 19:40:43 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2012/09/06 18:32:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/06 18:26:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/06 18:18:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/03 11:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/03 11:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/03 11:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/09/03 11:30:17 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/28 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Malwarebytes
[2012/08/28 13:12:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/28 12:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/08/26 08:34:39 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/08/20 17:12:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 17:12:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 17:12:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 17:03:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 17:03:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 14:07:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/16 13:16:47 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Local\{C783B4D1-2062-4289-997B-CF0533F94C90}
[2012/08/16 13:16:35 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Local\{59876DC3-BD98-43F3-9A26-487BB8ACAAE1}
[2012/08/12 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/12 19:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/08/12 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/08/12 19:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/08/11 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/09 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance

========== Files - Modified Within 30 Days ==========

[2012/09/07 18:12:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 18:12:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 18:06:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 18:05:15 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 18:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 18:04:56 | 1987,461,119 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 16:40:25 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/07 16:40:25 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/07 16:40:25 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/07 16:07:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/07 16:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/03 11:38:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/03 11:38:26 | 000,743,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/19 12:51:06 | 000,007,605 | ---- | M] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2012/08/15 02:13:19 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/14 18:54:19 | 004,867,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/12 21:31:46 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk

========== Files Created - No Company Name ==========

[2012/09/03 11:38:33 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/20 17:46:15 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/20 17:45:59 | 000,743,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 17:12:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 17:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 17:12:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 17:12:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 17:12:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 02:13:19 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/12 19:40:07 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/07 17:05:51 | 000,007,605 | ---- | C] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2011/05/14 23:21:15 | 000,000,024 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\Final Draft Tagger Preferences
[2011/05/14 16:14:54 | 000,000,760 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\setup_ldm.iss
[2011/05/13 22:08:29 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/11 19:15:08 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/11 19:15:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== LOP Check ==========

[2011/08/09 22:04:21 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Amazon
[2012/08/26 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\AVG2012
[2012/09/07 18:06:31 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Dropbox
[2012/08/20 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\DVDVideoSoft
[2011/05/13 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Final Draft
[2011/08/25 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Garmin
[2012/04/30 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\GoPro
[2011/12/07 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\IObit
[2011/05/14 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Leadertech
[2011/05/14 08:29:42 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PCDr
[2011/05/14 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/03 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/12 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/14 18:53:12 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


----------



## CatByte (Feb 24, 2009)

it's no bother,

check in the browsers > add-ons > see if babylon shows up in the browser add-ons

please run the following:

Download *AdwCleaner* from  here  and save it to your desktop.

Run *AdwCleaner* and select *Delete*
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply


----------



## JonesIndustries (Aug 18, 2012)

I see it in there but I don't know how to remove it.

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 20:57:26
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JOHN - JOHN-PC
# Boot Mode : Normal
# Running from : C:\Users\JOHN\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\JOHN\AppData\Local\Conduit
Folder Found : C:\Users\JOHN\AppData\LocalLow\Conduit
Folder Found : C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\ConduitCommon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=NT_ss&mntrId=ea1a1c51000000000000f04da26220ab

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default 
File : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\prefs.js

Found : user_pref("CT3072253..clientLogIsEnabled", false);
Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Found : user_pref("CT3072253.CTID", "CT3072253");
Found : user_pref("CT3072253.CurrentServerDate", "8-9-2012");
Found : user_pref("CT3072253.DSInstall", false);
Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Sep 05 2012 16:23:42 GMT-0700 (Pacific Daylig[...]
Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Found : user_pref("CT3072253.FirstServerDate", "4-5-2012");
Found : user_pref("CT3072253.FirstTime", true);
Found : user_pref("CT3072253.FirstTimeFF3", true);
Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3072253.HPInstall", false);
Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com/");
Found : user_pref("CT3072253.Initialize", true);
Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3072253.InstallationId", "fft6E77.tmp.exe");
Found : user_pref("CT3072253.InstallationType", "XPE");
Found : user_pref("CT3072253.InstalledDate", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific Daylight Time)");
Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Found : user_pref("CT3072253.IsGrouping", false);
Found : user_pref("CT3072253.IsInitSetupIni", true);
Found : user_pref("CT3072253.IsMulticommunity", false);
Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Thu Sep 06 2012 17:50:01 GMT-0700 (Pacific Dayligh[...]
Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3072253.LastLogin_3.12.0.8", "Fri May 04 2012 06:50:40 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed May 30 2012 14:57:56 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 07:39:06 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 08:02:42 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Fri Sep 07 2012 14:19:56 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Found : user_pref("CT3072253.Locale", "en");
Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Found : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Thu Sep 06 2012 17:50:00 GMT-0700 (Pacific Dayli[...]
Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Thu Sep 06 2012 17:50:00 GMT-0700 (Pacific Daylight [...]
Found : user_pref("CT3072253.SettingsLastCheckTime", "Fri Sep 07 2012 14:19:55 GMT-0700 (Pacific Daylight Ti[...]
Found : user_pref("CT3072253.SettingsLastUpdate", "1346938891");
Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific Day[...]
Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3072253.UserID", "UN92629854623842731");
Found : user_pref("CT3072253.alertChannelId", "1463702");
Found : user_pref("CT3072253.autoDisableScopes", -1);
Found : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204D617920303420323031322030363A35303A34312[...]
Found : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F626C313435772E626C753134352E6D6[...]
Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific [...]
Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3072253.initDone", true);
Found : user_pref("CT3072253.isAppTrackingManagerOn", true);
Found : user_pref("CT3072253.myStuffEnabled", true);
Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
Found : user_pref("CT3072253.revertSettingsEnabled", false);
Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Found : user_pref("CT3072253.testingCtid", "");
Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Thu Sep 06 2012 17:50:01 GMT-0700 (Pacific D[...]
Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri May 04 2012 06:50:40 GMT-0700 (Pacific D[...]
Found : user_pref("CT3072253.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"05b[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\JOHN\\AppData\\Roaming\\Mozilla\\Fi[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Found : user_pref("CommunityToolbar.globalUserId", "7a56c4d5-7c03-4370-9213-f9adc372ae54");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri May 04 2012 06:50:4[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 04 2012 06:50:40 GMT-0700 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "1c2956a2-5ab4-4abd-b058-0be13269cb6e");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=HP[...]
Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=NT_ss&mntr[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=3612_6");
Found : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Found : user_pref("extensions.BabylonToolbar.cntry", "US");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "3F3D00889F2144CC8BA54C7023D56627");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "ea1a1c51000000000000f04da26220ab");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15590");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:40:30");
Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.sg", "none");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:40:30");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=3612_6");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:40:30");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16150 octets] - [07/09/2012 20:57:26]

########## EOF - C:\AdwCleaner[R1].txt - [16211 octets] ##########


----------



## JonesIndustries (Aug 18, 2012)

Oh and malwarebytes just notified me about that the svchost.exe again.


----------



## CatByte (Feb 24, 2009)

did you select the Delete button in adwcleaner?

Please re-run TDSSKiller, post the new log


----------



## JonesIndustries (Aug 18, 2012)

Don't know if this helps.


----------



## JonesIndustries (Aug 18, 2012)

Deleted. TDSSKiller going now.

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 21:31:01
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JOHN - JOHN-PC
# Boot Mode : Normal
# Running from : C:\Users\JOHN\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\JOHN\AppData\Local\Conduit
Folder Deleted : C:\Users\JOHN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=NT_ss&mntrId=ea1a1c51000000000000f04da26220ab --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default 
File : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\prefs.js

C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\pej30tu7.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "8-9-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Sep 05 2012 16:23:42 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "4-5-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft6E77.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Thu Sep 06 2012 17:50:01 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Fri May 04 2012 06:50:40 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Wed May 30 2012 14:57:56 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 07:39:06 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 08:02:42 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Fri Sep 07 2012 14:19:56 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Thu Sep 06 2012 17:50:00 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Thu Sep 06 2012 17:50:00 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Sep 07 2012 14:19:55 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1346938891");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN92629854623842731");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204D617920303420323031322030363A35303A34312[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F626C313435772E626C753134352E6D6[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri May 04 2012 06:50:38 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Thu Sep 06 2012 17:50:01 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri May 04 2012 06:50:40 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"05b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\JOHN\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "7a56c4d5-7c03-4370-9213-f9adc372ae54");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri May 04 2012 06:50:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 04 2012 06:50:40 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "1c2956a2-5ab4-4abd-b058-0be13269cb6e");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=HP[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc=NT_ss&mntr[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=3612_6");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "6");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "3F3D00889F2144CC8BA54C7023D56627");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "ea1a1c51000000000000f04da26220ab");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15590");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:40:30");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "none");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:40:30");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=3612_6");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:40:30");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=110790&tt=3612_6&babsrc[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16281 octets] - [07/09/2012 20:57:26]
AdwCleaner[R2].txt - [16342 octets] - [07/09/2012 21:30:52]
AdwCleaner[S2].txt - [17378 octets] - [07/09/2012 21:31:01]

########## EOF - C:\AdwCleaner[S2].txt - [17439 octets] ##########


----------



## JonesIndustries (Aug 18, 2012)

21:36:02.0964 3380 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:36:03.0464 3380 ============================================================
21:36:03.0464 3380 Current date / time: 2012/09/07 21:36:03.0464
21:36:03.0464 3380 SystemInfo:
21:36:03.0464 3380 
21:36:03.0464 3380 OS Version: 6.1.7601 ServicePack: 1.0
21:36:03.0464 3380 Product type: Workstation
21:36:03.0464 3380 ComputerName: JOHN-PC
21:36:03.0464 3380 UserName: JOHN
21:36:03.0464 3380 Windows directory: C:\Windows
21:36:03.0464 3380 System windows directory: C:\Windows
21:36:03.0464 3380 Running under WOW64
21:36:03.0464 3380 Processor architecture: Intel x64
21:36:03.0464 3380 Number of processors: 4
21:36:03.0464 3380 Page size: 0x1000
21:36:03.0464 3380 Boot type: Normal boot
21:36:03.0464 3380 ============================================================
21:36:06.0525 3380 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:06.0555 3380 ============================================================
21:36:06.0555 3380 \Device\Harddisk0\DR0:
21:36:06.0565 3380 MBR partitions:
21:36:06.0565 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:36:06.0565 3380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
21:36:06.0565 3380 ============================================================
21:36:06.0655 3380 C: <-> \Device\Harddisk0\DR0\Partition2
21:36:06.0655 3380 ============================================================
21:36:06.0655 3380 Initialize success
21:36:06.0655 3380 ============================================================
21:36:16.0096 3704 ============================================================
21:36:16.0096 3704 Scan started
21:36:16.0096 3704 Mode: Manual; 
21:36:16.0096 3704 ============================================================
21:36:17.0516 3704 ================ Scan system memory ========================
21:36:17.0516 3704 System memory - ok
21:36:17.0516 3704 ================ Scan services =============================
21:36:17.0765 3704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:36:17.0765 3704 1394ohci - ok
21:36:17.0812 3704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:36:17.0812 3704 ACPI - ok
21:36:17.0843 3704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:36:17.0843 3704 AcpiPmi - ok
21:36:18.0186 3704 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:36:18.0186 3704 AdobeARMservice - ok
21:36:18.0701 3704 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:18.0701 3704 AdobeFlashPlayerUpdateSvc - ok
21:36:18.0795 3704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:36:18.0810 3704 adp94xx - ok
21:36:18.0888 3704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:36:18.0920 3704 adpahci - ok
21:36:18.0935 3704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:36:18.0951 3704 adpu320 - ok
21:36:18.0982 3704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:36:18.0998 3704 AeLookupSvc - ok
21:36:19.0060 3704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:36:19.0091 3704 AFD - ok
21:36:19.0169 3704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:36:19.0169 3704 agp440 - ok
21:36:19.0216 3704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:36:19.0216 3704 ALG - ok
21:36:19.0263 3704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:36:19.0263 3704 aliide - ok
21:36:19.0294 3704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:36:19.0294 3704 amdide - ok
21:36:19.0341 3704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:36:19.0341 3704 AmdK8 - ok
21:36:19.0356 3704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:36:19.0356 3704 AmdPPM - ok
21:36:19.0388 3704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:36:19.0388 3704 amdsata - ok
21:36:19.0434 3704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:36:19.0450 3704 amdsbs - ok
21:36:19.0466 3704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:36:19.0466 3704 amdxata - ok
21:36:19.0512 3704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:36:19.0512 3704 AppID - ok
21:36:19.0544 3704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:36:19.0544 3704 AppIDSvc - ok
21:36:19.0590 3704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:36:19.0590 3704 Appinfo - ok
21:36:19.0746 3704 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:36:19.0746 3704 Apple Mobile Device - ok
21:36:19.0824 3704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:36:19.0824 3704 arc - ok
21:36:19.0840 3704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:36:19.0840 3704 arcsas - ok
21:36:19.0856 3704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:19.0856 3704 AsyncMac - ok
21:36:19.0887 3704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:36:19.0887 3704 atapi - ok
21:36:20.0027 3704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:36:20.0058 3704 AudioEndpointBuilder - ok
21:36:20.0090 3704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:36:20.0105 3704 AudioSrv - ok
21:36:20.0105 3704 AVGIDSHA - ok
21:36:20.0152 3704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:36:20.0152 3704 AxInstSV - ok
21:36:20.0183 3704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:36:20.0199 3704 b06bdrv - ok
21:36:20.0230 3704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:36:20.0230 3704 b57nd60a - ok
21:36:20.0277 3704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:36:20.0277 3704 BDESVC - ok
21:36:20.0277 3704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:36:20.0292 3704 Beep - ok
21:36:20.0355 3704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:36:20.0370 3704 BFE - ok
21:36:20.0464 3704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:36:20.0495 3704 BITS - ok
21:36:20.0511 3704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:36:20.0511 3704 blbdrive - ok
21:36:20.0604 3704 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:36:20.0604 3704 Bonjour Service - ok
21:36:20.0651 3704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:36:20.0651 3704 bowser - ok
21:36:20.0698 3704 [ A91B4392B326F6AED0052CB2592E979D ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
21:36:20.0698 3704 bpenum - ok
21:36:20.0714 3704 [ 7057339774618E38CFEFE0B5D1FDD58E ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
21:36:20.0714 3704 bpmp - ok
21:36:20.0729 3704 [ 2636C9619120A6B16DCB51886C46AC20 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
21:36:20.0729 3704 bpusb - ok
21:36:20.0760 3704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:36:20.0760 3704 BrFiltLo - ok
21:36:20.0760 3704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:36:20.0760 3704 BrFiltUp - ok
21:36:20.0776 3704 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:36:20.0776 3704 BridgeMP - ok
21:36:20.0823 3704 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:36:20.0823 3704 Browser - ok
21:36:20.0838 3704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:36:20.0838 3704 Brserid - ok
21:36:20.0854 3704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:36:20.0854 3704 BrSerWdm - ok
21:36:20.0854 3704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:36:20.0854 3704 BrUsbMdm - ok
21:36:20.0854 3704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:36:20.0870 3704 BrUsbSer - ok
21:36:20.0870 3704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:36:20.0870 3704 BTHMODEM - ok
21:36:20.0901 3704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:36:20.0901 3704 bthserv - ok
21:36:20.0948 3704 catchme - ok
21:36:20.0948 3704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:36:20.0948 3704 cdfs - ok
21:36:20.0979 3704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:36:20.0994 3704 cdrom - ok
21:36:21.0026 3704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:36:21.0036 3704 CertPropSvc - ok
21:36:21.0056 3704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:36:21.0056 3704 circlass - ok
21:36:21.0096 3704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:36:21.0096 3704 CLFS - ok
21:36:21.0166 3704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:21.0176 3704 clr_optimization_v2.0.50727_32 - ok
21:36:21.0216 3704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:36:21.0216 3704 clr_optimization_v2.0.50727_64 - ok
21:36:21.0276 3704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:21.0336 3704 clr_optimization_v4.0.30319_32 - ok
21:36:21.0376 3704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:36:21.0376 3704 clr_optimization_v4.0.30319_64 - ok
21:36:21.0406 3704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:36:21.0406 3704 CmBatt - ok
21:36:21.0436 3704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:36:21.0446 3704 cmdide - ok
21:36:21.0496 3704 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:36:21.0506 3704 CNG - ok
21:36:21.0526 3704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:36:21.0526 3704 Compbatt - ok
21:36:21.0536 3704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:36:21.0546 3704 CompositeBus - ok
21:36:21.0556 3704 COMSysApp - ok
21:36:21.0586 3704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:36:21.0596 3704 crcdisk - ok
21:36:21.0646 3704 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:36:21.0646 3704 CryptSvc - ok
21:36:21.0726 3704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:36:21.0756 3704 DcomLaunch - ok
21:36:21.0796 3704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:36:21.0816 3704 defragsvc - ok
21:36:21.0856 3704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:36:21.0856 3704 DfsC - ok
21:36:21.0896 3704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:36:21.0896 3704 Dhcp - ok
21:36:21.0916 3704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:36:21.0916 3704 discache - ok
21:36:21.0926 3704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:36:21.0936 3704 Disk - ok
21:36:21.0986 3704 [ E56778551BF535500D6B02E68E5BFB47 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
21:36:22.0026 3704 DMAgent - ok
21:36:22.0056 3704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:36:22.0066 3704 Dnscache - ok
21:36:22.0116 3704 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:36:22.0116 3704 DockLoginService - ok
21:36:22.0166 3704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:36:22.0166 3704 dot3svc - ok
21:36:22.0186 3704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:36:22.0186 3704 DPS - ok
21:36:22.0216 3704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:36:22.0216 3704 drmkaud - ok
21:36:22.0266 3704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:36:22.0276 3704 DXGKrnl - ok
21:36:22.0306 3704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:36:22.0316 3704 EapHost - ok
21:36:22.0466 3704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:36:22.0556 3704 ebdrv - ok
21:36:22.0596 3704 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:36:22.0596 3704 EFS - ok
21:36:22.0656 3704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:36:22.0736 3704 ehRecvr - ok
21:36:22.0766 3704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:36:22.0786 3704 ehSched - ok
21:36:22.0836 3704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:36:22.0846 3704 elxstor - ok
21:36:22.0886 3704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:36:22.0896 3704 ErrDev - ok
21:36:22.0936 3704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:36:22.0946 3704 EventSystem - ok
21:36:23.0268 3704 [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:36:23.0331 3704 EvtEng - ok
21:36:23.0362 3704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:36:23.0362 3704 exfat - ok
21:36:23.0424 3704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:36:23.0424 3704 fastfat - ok
21:36:23.0502 3704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:36:23.0534 3704 Fax - ok
21:36:23.0549 3704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:36:23.0549 3704 fdc - ok
21:36:23.0580 3704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:36:23.0580 3704 fdPHost - ok
21:36:23.0596 3704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:36:23.0596 3704 FDResPub - ok
21:36:23.0612 3704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:36:23.0612 3704 FileInfo - ok
21:36:23.0627 3704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:36:23.0627 3704 Filetrace - ok
21:36:23.0627 3704 FLEXnet Licensing Manager - ok
21:36:23.0643 3704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:36:23.0643 3704 flpydisk - ok
21:36:23.0690 3704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:36:23.0705 3704 FltMgr - ok
21:36:23.0752 3704 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:36:23.0783 3704 FontCache - ok
21:36:23.0830 3704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:23.0846 3704 FontCache3.0.0.0 - ok
21:36:23.0877 3704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:36:23.0892 3704 FsDepends - ok
21:36:23.0939 3704 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:36:23.0939 3704 Fs_Rec - ok
21:36:24.0002 3704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:36:24.0002 3704 fvevol - ok
21:36:24.0033 3704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:36:24.0048 3704 gagp30kx - ok
21:36:24.0080 3704 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:36:24.0080 3704 GEARAspiWDM - ok
21:36:24.0204 3704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:36:24.0236 3704 gpsvc - ok
21:36:24.0314 3704 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:24.0314 3704 gupdate - ok
21:36:24.0329 3704 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:24.0329 3704 gupdatem - ok
21:36:24.0360 3704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:36:24.0360 3704 hcw85cir - ok
21:36:24.0407 3704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:24.0407 3704 HdAudAddService - ok
21:36:24.0438 3704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:36:24.0438 3704 HDAudBus - ok
21:36:24.0470 3704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:36:24.0470 3704 HidBatt - ok
21:36:24.0485 3704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:36:24.0485 3704 HidBth - ok
21:36:24.0485 3704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:36:24.0501 3704 HidIr - ok
21:36:24.0516 3704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:36:24.0516 3704 hidserv - ok
21:36:24.0532 3704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:36:24.0532 3704 HidUsb - ok
21:36:24.0579 3704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:36:24.0579 3704 hkmsvc - ok
21:36:24.0626 3704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:24.0626 3704 HomeGroupListener - ok
21:36:24.0672 3704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:24.0688 3704 HomeGroupProvider - ok
21:36:24.0704 3704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:36:24.0704 3704 HpSAMD - ok
21:36:24.0813 3704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:36:24.0844 3704 HTTP - ok
21:36:25.0016 3704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:36:25.0016 3704 hwpolicy - ok
21:36:25.0062 3704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:36:25.0062 3704 i8042prt - ok
21:36:25.0125 3704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:36:25.0140 3704 iaStorV - ok
21:36:25.0265 3704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:36:25.0281 3704 idsvc - ok
21:36:26.0045 3704 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:36:26.0264 3704 igfx - ok
21:36:26.0310 3704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:36:26.0326 3704 iirsp - ok
21:36:26.0420 3704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:36:26.0435 3704 IKEEXT - ok
21:36:26.0466 3704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:36:26.0482 3704 intelide - ok
21:36:26.0498 3704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:36:26.0498 3704 intelppm - ok
21:36:26.0544 3704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:36:26.0544 3704 IPBusEnum - ok
21:36:26.0591 3704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:26.0591 3704 IpFilterDriver - ok
21:36:26.0732 3704 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:36:26.0747 3704 iphlpsvc - ok
21:36:26.0778 3704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:36:26.0778 3704 IPMIDRV - ok
21:36:26.0810 3704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:36:26.0810 3704 IPNAT - ok
21:36:26.0872 3704 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:36:26.0903 3704 iPod Service - ok
21:36:26.0919 3704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:36:26.0934 3704 IRENUM - ok
21:36:26.0950 3704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:36:26.0950 3704 isapnp - ok
21:36:26.0966 3704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:36:26.0966 3704 iScsiPrt - ok
21:36:26.0997 3704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:36:26.0997 3704 kbdclass - ok
21:36:27.0012 3704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:36:27.0012 3704 kbdhid - ok
21:36:27.0044 3704 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:36:27.0044 3704 KeyIso - ok
21:36:27.0075 3704 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:36:27.0090 3704 KSecDD - ok
21:36:27.0106 3704 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:36:27.0106 3704 KSecPkg - ok
21:36:27.0122 3704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:36:27.0137 3704 ksthunk - ok
21:36:27.0168 3704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:36:27.0184 3704 KtmRm - ok
21:36:27.0200 3704 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:36:27.0200 3704 L1C - ok
21:36:27.0246 3704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:36:27.0246 3704 LanmanServer - ok
21:36:27.0278 3704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:27.0278 3704 LanmanWorkstation - ok
21:36:27.0356 3704 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:36:27.0356 3704 LBTServ - ok
21:36:27.0371 3704 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:36:27.0371 3704 LHidFilt - ok
21:36:27.0418 3704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:36:27.0418 3704 lltdio - ok
21:36:27.0465 3704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:36:27.0480 3704 lltdsvc - ok
21:36:27.0496 3704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:36:27.0496 3704 lmhosts - ok
21:36:27.0496 3704 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:36:27.0512 3704 LMouFilt - ok
21:36:27.0527 3704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:36:27.0527 3704 LSI_FC - ok
21:36:27.0558 3704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:36:27.0558 3704 LSI_SAS - ok
21:36:27.0574 3704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:36:27.0574 3704 LSI_SAS2 - ok
21:36:27.0574 3704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:36:27.0574 3704 LSI_SCSI - ok
21:36:27.0590 3704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:36:27.0590 3704 luafv - ok
21:36:27.0652 3704 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:36:27.0652 3704 MBAMProtector - ok
21:36:27.0792 3704 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:27.0824 3704 MBAMService - ok
21:36:27.0886 3704 Mcx2Svc - ok
21:36:27.0917 3704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:36:27.0933 3704 megasas - ok
21:36:27.0964 3704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:36:27.0964 3704 MegaSR - ok
21:36:27.0980 3704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:36:27.0995 3704 MMCSS - ok
21:36:28.0011 3704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:36:28.0011 3704 Modem - ok
21:36:28.0042 3704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:36:28.0042 3704 monitor - ok
21:36:28.0073 3704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:36:28.0073 3704 mouclass - ok
21:36:28.0089 3704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:36:28.0089 3704 mouhid - ok
21:36:28.0136 3704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:36:28.0136 3704 mountmgr - ok
21:36:28.0198 3704 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:36:28.0198 3704 MpFilter - ok
21:36:28.0229 3704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:36:28.0229 3704 mpio - ok
21:36:28.0260 3704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:36:28.0260 3704 mpsdrv - ok
21:36:28.0416 3704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:36:28.0432 3704 MpsSvc - ok
21:36:28.0463 3704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:36:28.0463 3704 MRxDAV - ok
21:36:28.0494 3704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:28.0510 3704 mrxsmb - ok
21:36:28.0541 3704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:28.0541 3704 mrxsmb10 - ok
21:36:28.0572 3704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:28.0572 3704 mrxsmb20 - ok
21:36:28.0604 3704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:36:28.0604 3704 msahci - ok
21:36:28.0650 3704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:36:28.0650 3704 msdsm - ok
21:36:28.0666 3704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:36:28.0682 3704 MSDTC - ok
21:36:28.0697 3704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:36:28.0713 3704 Msfs - ok
21:36:28.0728 3704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:36:28.0728 3704 mshidkmdf - ok
21:36:28.0775 3704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:36:28.0775 3704 msisadrv - ok
21:36:28.0791 3704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:36:28.0806 3704 MSiSCSI - ok
21:36:28.0806 3704 msiserver - ok
21:36:28.0838 3704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:36:28.0838 3704 MSKSSRV - ok
21:36:28.0962 3704 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:36:28.0962 3704 MsMpSvc - ok
21:36:28.0994 3704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:28.0994 3704 MSPCLOCK - ok
21:36:29.0009 3704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:36:29.0025 3704 MSPQM - ok
21:36:29.0072 3704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:36:29.0087 3704 MsRPC - ok
21:36:29.0118 3704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:36:29.0118 3704 mssmbios - ok
21:36:29.0165 3704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:36:29.0165 3704 MSTEE - ok
21:36:29.0181 3704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:36:29.0196 3704 MTConfig - ok
21:36:29.0228 3704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:36:29.0228 3704 Mup - ok
21:36:29.0290 3704 [ A94EEBD860AD00A0BFE91C0FD3F5FEB1 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:36:29.0306 3704 MyWiFiDHCPDNS - ok
21:36:29.0368 3704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:36:29.0399 3704 napagent - ok
21:36:29.0446 3704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:36:29.0524 3704 NativeWifiP - ok
21:36:29.0555 3704 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:36:29.0586 3704 NDIS - ok
21:36:29.0618 3704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:29.0618 3704 NdisCap - ok
21:36:29.0618 3704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:29.0633 3704 NdisTapi - ok
21:36:29.0664 3704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:29.0664 3704 Ndisuio - ok
21:36:29.0727 3704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:29.0727 3704 NdisWan - ok
21:36:29.0774 3704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:36:29.0774 3704 NDProxy - ok
21:36:29.0805 3704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:36:29.0805 3704 NetBIOS - ok
21:36:29.0852 3704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:36:29.0852 3704 NetBT - ok
21:36:29.0852 3704 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:36:29.0867 3704 Netlogon - ok
21:36:29.0883 3704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:36:29.0898 3704 Netman - ok
21:36:29.0914 3704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:36:29.0930 3704 netprofm - ok
21:36:29.0961 3704 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:36:29.0961 3704 NetTcpPortSharing - ok
21:36:30.0636 3704 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
21:36:30.0806 3704 NETw5s64 - ok
21:36:30.0836 3704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:36:30.0836 3704 nfrd960 - ok
21:36:30.0926 3704 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:36:30.0936 3704 NisDrv - ok
21:36:30.0966 3704 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:36:30.0966 3704 NisSrv - ok
21:36:31.0016 3704 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:36:31.0016 3704 NlaSvc - ok
21:36:31.0066 3704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:36:31.0076 3704 Npfs - ok
21:36:31.0096 3704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:36:31.0106 3704 nsi - ok
21:36:31.0106 3704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:36:31.0116 3704 nsiproxy - ok
21:36:31.0316 3704 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:36:31.0396 3704 Ntfs - ok
21:36:31.0436 3704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:36:31.0436 3704 Null - ok
21:36:31.0486 3704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:36:31.0496 3704 nvraid - ok
21:36:31.0566 3704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:36:31.0576 3704 nvstor - ok
21:36:31.0606 3704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:36:31.0606 3704 nv_agp - ok
21:36:31.0766 3704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:36:31.0766 3704 odserv - ok
21:36:31.0806 3704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:36:31.0816 3704 ohci1394 - ok
21:36:31.0876 3704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:31.0886 3704 ose - ok
21:36:31.0946 3704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:36:31.0946 3704 p2pimsvc - ok
21:36:31.0976 3704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:36:31.0986 3704 p2psvc - ok
21:36:32.0016 3704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:36:32.0032 3704 Parport - ok
21:36:32.0063 3704 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:36:32.0063 3704 partmgr - ok
21:36:32.0126 3704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:36:32.0126 3704 PcaSvc - ok
21:36:32.0188 3704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:36:32.0188 3704 pci - ok
21:36:32.0204 3704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:36:32.0204 3704 pciide - ok
21:36:32.0235 3704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:36:32.0250 3704 pcmcia - ok
21:36:32.0266 3704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:36:32.0266 3704 pcw - ok
21:36:32.0297 3704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:36:32.0313 3704 PEAUTH - ok
21:36:32.0344 3704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:36:32.0344 3704 PerfHost - ok
21:36:32.0609 3704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:36:32.0640 3704 pla - ok
21:36:32.0703 3704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:36:32.0703 3704 PlugPlay - ok
21:36:32.0718 3704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:36:32.0734 3704 PNRPAutoReg - ok
21:36:32.0750 3704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:36:32.0750 3704 PNRPsvc - ok
21:36:32.0812 3704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:36:32.0812 3704 PolicyAgent - ok
21:36:32.0843 3704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:36:32.0843 3704 Power - ok
21:36:32.0890 3704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:36:32.0890 3704 PptpMiniport - ok
21:36:32.0906 3704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:36:32.0921 3704 Processor - ok
21:36:32.0952 3704 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:36:32.0952 3704 ProfSvc - ok
21:36:32.0968 3704 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:32.0968 3704 ProtectedStorage - ok
21:36:33.0015 3704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:36:33.0015 3704 Psched - ok
21:36:33.0062 3704 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:36:33.0062 3704 PxHlpa64 - ok
21:36:33.0155 3704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:36:33.0202 3704 ql2300 - ok
21:36:33.0218 3704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:36:33.0218 3704 ql40xx - ok
21:36:33.0249 3704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:36:33.0264 3704 QWAVE - ok
21:36:33.0264 3704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:36:33.0264 3704 QWAVEdrv - ok
21:36:33.0296 3704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:36:33.0296 3704 RasAcd - ok
21:36:33.0311 3704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:33.0311 3704 RasAgileVpn - ok
21:36:33.0327 3704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:36:33.0342 3704 RasAuto - ok
21:36:33.0374 3704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:33.0389 3704 Rasl2tp - ok
21:36:33.0405 3704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:36:33.0420 3704 RasMan - ok
21:36:33.0420 3704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:33.0436 3704 RasPppoe - ok
21:36:33.0452 3704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:36:33.0452 3704 RasSstp - ok
21:36:33.0467 3704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:36:33.0483 3704 rdbss - ok
21:36:33.0498 3704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:36:33.0498 3704 rdpbus - ok
21:36:33.0514 3704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:33.0514 3704 RDPCDD - ok
21:36:33.0530 3704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:36:33.0530 3704 RDPENCDD - ok
21:36:33.0545 3704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:36:33.0545 3704 RDPREFMP - ok
21:36:33.0576 3704 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:36:33.0592 3704 RDPWD - ok
21:36:33.0623 3704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:36:33.0639 3704 rdyboost - ok
21:36:33.0779 3704 [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:36:33.0842 3704 RegSrvc - ok
21:36:33.0857 3704 RemoteAccess - ok
21:36:33.0904 3704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:36:33.0904 3704 RemoteRegistry - ok
21:36:33.0904 3704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:36:33.0920 3704 RpcEptMapper - ok
21:36:33.0935 3704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:36:33.0935 3704 RpcLocator - ok
21:36:34.0013 3704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:36:34.0013 3704 RpcSs - ok
21:36:34.0044 3704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:36:34.0044 3704 rspndr - ok
21:36:34.0076 3704 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:36:34.0076 3704 SamSs - ok
21:36:34.0107 3704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:36:34.0107 3704 sbp2port - ok
21:36:34.0154 3704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:36:34.0154 3704 SCardSvr - ok
21:36:34.0185 3704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:36:34.0200 3704 scfilter - ok
21:36:34.0263 3704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:36:34.0294 3704 Schedule - ok
21:36:34.0341 3704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:36:34.0341 3704 SCPolicySvc - ok
21:36:34.0388 3704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:36:34.0388 3704 SDRSVC - ok
21:36:34.0419 3704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:36:34.0419 3704 secdrv - ok
21:36:34.0466 3704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:36:34.0466 3704 seclogon - ok
21:36:34.0497 3704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:36:34.0497 3704 SENS - ok
21:36:34.0528 3704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:36:34.0528 3704 SensrSvc - ok
21:36:34.0544 3704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:36:34.0544 3704 Serenum - ok
21:36:34.0590 3704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:36:34.0606 3704 Serial - ok
21:36:34.0653 3704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:36:34.0653 3704 sermouse - ok
21:36:34.0700 3704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:36:34.0715 3704 SessionEnv - ok
21:36:34.0746 3704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:36:34.0762 3704 sffdisk - ok
21:36:34.0778 3704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:36:34.0778 3704 sffp_mmc - ok
21:36:34.0809 3704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:36:34.0809 3704 sffp_sd - ok
21:36:34.0840 3704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:36:34.0840 3704 sfloppy - ok
21:36:34.0918 3704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:36:34.0934 3704 SharedAccess - ok
21:36:35.0012 3704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:35.0012 3704 ShellHWDetection - ok
21:36:35.0136 3704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:36:35.0152 3704 SiSRaid2 - ok
21:36:35.0168 3704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:36:35.0168 3704 SiSRaid4 - ok
21:36:35.0183 3704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:36:35.0199 3704 Smb - ok
21:36:35.0230 3704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:36:35.0246 3704 SNMPTRAP - ok
21:36:35.0246 3704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:36:35.0246 3704 spldr - ok
21:36:35.0308 3704 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:36:35.0308 3704 Spooler - ok
21:36:35.0433 3704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:36:35.0542 3704 sppsvc - ok
21:36:35.0573 3704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:36:35.0573 3704 sppuinotify - ok
21:36:35.0621 3704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:36:35.0621 3704 srv - ok
21:36:35.0668 3704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:36:35.0668 3704 srv2 - ok
21:36:35.0699 3704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:36:35.0699 3704 srvnet - ok
21:36:35.0715 3704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:36:35.0715 3704 SSDPSRV - ok
21:36:35.0730 3704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:36:35.0730 3704 SstpSvc - ok
21:36:35.0761 3704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:36:35.0761 3704 stexstor - ok
21:36:35.0824 3704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:36:35.0839 3704 stisvc - ok
21:36:35.0871 3704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:36:35.0871 3704 swenum - ok
21:36:36.0027 3704 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:36:36.0042 3704 SwitchBoard - ok
21:36:36.0073 3704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:36:36.0089 3704 swprv - ok
21:36:36.0120 3704 [ C25866BDF0E818E02BB8E76845D26E54 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:36:36.0120 3704 SynTP - ok
21:36:36.0417 3704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:36:36.0495 3704 SysMain - ok
21:36:36.0526 3704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:36.0526 3704 TabletInputService - ok
21:36:36.0541 3704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:36:36.0557 3704 TapiSrv - ok
21:36:36.0588 3704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:36:36.0588 3704 TBS - ok
21:36:36.0682 3704 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:36:36.0729 3704 Tcpip - ok
21:36:36.0775 3704 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:36:36.0791 3704 TCPIP6 - ok
21:36:36.0853 3704 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:36:36.0853 3704 tcpipreg - ok
21:36:36.0885 3704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:36:36.0885 3704 TDPIPE - ok
21:36:36.0947 3704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:36:36.0947 3704 TDTCP - ok
21:36:36.0978 3704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:36:36.0994 3704 tdx - ok
21:36:36.0994 3704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:36:36.0994 3704 TermDD - ok
21:36:37.0025 3704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:36:37.0056 3704 TermService - ok
21:36:37.0072 3704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:36:37.0072 3704 Themes - ok
21:36:37.0103 3704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:36:37.0103 3704 THREADORDER - ok
21:36:37.0119 3704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:36:37.0119 3704 TrkWks - ok
21:36:37.0212 3704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:37.0212 3704 TrustedInstaller - ok
21:36:37.0275 3704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:37.0290 3704 tssecsrv - ok
21:36:37.0321 3704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:36:37.0321 3704 TsUsbFlt - ok
21:36:37.0353 3704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:36:37.0368 3704 tunnel - ok
21:36:37.0399 3704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:36:37.0399 3704 uagp35 - ok
21:36:37.0477 3704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:36:37.0493 3704 udfs - ok
21:36:37.0524 3704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:36:37.0524 3704 UI0Detect - ok
21:36:37.0555 3704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:36:37.0555 3704 uliagpkx - ok
21:36:37.0602 3704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:36:37.0618 3704 umbus - ok
21:36:37.0665 3704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:36:37.0665 3704 UmPass - ok
21:36:37.0727 3704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:36:37.0743 3704 upnphost - ok
21:36:37.0774 3704 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:36:37.0789 3704 USBAAPL64 - ok
21:36:37.0821 3704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:37.0836 3704 usbccgp - ok
21:36:37.0930 3704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:36:37.0930 3704 usbcir - ok
21:36:37.0977 3704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:36:37.0992 3704 usbehci - ok
21:36:38.0055 3704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:36:38.0055 3704 usbhub - ok
21:36:38.0070 3704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:36:38.0070 3704 usbohci - ok
21:36:38.0101 3704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:36:38.0117 3704 usbprint - ok
21:36:38.0148 3704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:38.0164 3704 USBSTOR - ok
21:36:38.0195 3704 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:36:38.0195 3704 usbuhci - ok
21:36:38.0242 3704 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:36:38.0273 3704 usbvideo - ok
21:36:38.0304 3704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:36:38.0304 3704 UxSms - ok
21:36:38.0320 3704 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:36:38.0335 3704 VaultSvc - ok
21:36:38.0351 3704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:36:38.0351 3704 vdrvroot - ok
21:36:38.0445 3704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:36:38.0460 3704 vds - ok
21:36:38.0476 3704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:38.0491 3704 vga - ok
21:36:38.0507 3704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:36:38.0507 3704 VgaSave - ok
21:36:38.0538 3704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:36:38.0538 3704 vhdmp - ok
21:36:38.0569 3704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:36:38.0569 3704 viaide - ok
21:36:38.0585 3704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:36:38.0601 3704 volmgr - ok
21:36:38.0679 3704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:36:38.0694 3704 volmgrx - ok
21:36:38.0725 3704 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:36:38.0741 3704 volsnap - ok
21:36:38.0757 3704 vphqgfxu - ok
21:36:38.0788 3704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:36:38.0788 3704 vsmraid - ok
21:36:38.0850 3704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:36:38.0897 3704 VSS - ok
21:36:38.0913 3704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:38.0913 3704 vwifibus - ok
21:36:38.0913 3704 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:38.0928 3704 vwififlt - ok
21:36:38.0928 3704 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:38.0928 3704 vwifimp - ok
21:36:38.0975 3704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:36:38.0991 3704 W32Time - ok
21:36:39.0022 3704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:36:39.0022 3704 WacomPen - ok
21:36:39.0053 3704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:36:39.0069 3704 WANARP - ok
21:36:39.0069 3704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:36:39.0069 3704 Wanarpv6 - ok
21:36:39.0240 3704 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:39.0303 3704 WatAdminSvc - ok
21:36:39.0365 3704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:36:39.0412 3704 wbengine - ok
21:36:39.0443 3704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:36:39.0443 3704 WbioSrvc - ok
21:36:39.0490 3704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:36:39.0490 3704 wcncsvc - ok
21:36:39.0505 3704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:39.0505 3704 WcsPlugInService - ok
21:36:39.0552 3704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:36:39.0568 3704 Wd - ok
21:36:39.0615 3704 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:36:39.0630 3704 WDC_SAM - ok
21:36:39.0646 3704 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:36:39.0677 3704 Wdf01000 - ok
21:36:39.0693 3704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:36:39.0693 3704 WdiServiceHost - ok
21:36:39.0693 3704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:36:39.0708 3704 WdiSystemHost - ok
21:36:39.0739 3704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:36:39.0739 3704 WebClient - ok
21:36:39.0755 3704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:36:39.0771 3704 Wecsvc - ok
21:36:39.0786 3704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:36:39.0786 3704 wercplsupport - ok
21:36:39.0802 3704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:36:39.0802 3704 WerSvc - ok
21:36:39.0833 3704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:39.0833 3704 WfpLwf - ok
21:36:39.0895 3704 [ 971423A6B38DDC1501BF1752987DCFD6 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
21:36:39.0911 3704 WiMAXAppSrv - ok
21:36:39.0927 3704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:36:39.0927 3704 WIMMount - ok
21:36:39.0973 3704 WinDefend - ok
21:36:39.0989 3704 WinHttpAutoProxySvc - ok
21:36:40.0301 3704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:36:40.0317 3704 Winmgmt - ok
21:36:40.0379 3704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:36:40.0441 3704 WinRM - ok
21:36:40.0535 3704 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:40.0535 3704 WinUsb - ok
21:36:40.0629 3704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:36:40.0675 3704 Wlansvc - ok
21:36:40.0847 3704 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:40.0894 3704 wlidsvc - ok
21:36:40.0925 3704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:36:40.0925 3704 WmiAcpi - ok
21:36:40.0972 3704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:36:40.0987 3704 wmiApSrv - ok
21:36:41.0003 3704 WMPNetworkSvc - ok
21:36:41.0034 3704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:36:41.0034 3704 WPCSvc - ok
21:36:41.0081 3704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:36:41.0081 3704 WPDBusEnum - ok
21:36:41.0097 3704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:36:41.0112 3704 ws2ifsl - ok
21:36:41.0159 3704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:36:41.0159 3704 wscsvc - ok
21:36:41.0206 3704 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:36:41.0206 3704 WSDPrintDevice - ok
21:36:41.0221 3704 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:36:41.0221 3704 WSDScan - ok
21:36:41.0237 3704 WSearch - ok
21:36:41.0346 3704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:36:41.0424 3704 wuauserv - ok
21:36:41.0440 3704 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:36:41.0440 3704 WudfPf - ok
21:36:41.0487 3704 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:41.0487 3704 WUDFRd - ok
21:36:41.0518 3704 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:36:41.0533 3704 wudfsvc - ok
21:36:41.0565 3704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:36:41.0565 3704 WwanSvc - ok
21:36:41.0580 3704 ================ Scan global ===============================
21:36:41.0627 3704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:36:41.0674 3704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:36:41.0689 3704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:36:41.0721 3704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:36:41.0736 3704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:36:41.0752 3704 [Global] - ok
21:36:41.0752 3704 ================ Scan MBR ==================================
21:36:41.0767 3704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:43.0905 3704 \Device\Harddisk0\DR0 - ok
21:36:43.0905 3704 ================ Scan VBR ==================================
21:36:43.0936 3704 [ 39493ED361059959419BC84AA0468C20 ] \Device\Harddisk0\DR0\Partition1
21:36:43.0951 3704 \Device\Harddisk0\DR0\Partition1 - ok
21:36:43.0983 3704 [ 8F55C3FFAAB85E891A2F64F2D2CB9B2A ] \Device\Harddisk0\DR0\Partition2
21:36:43.0983 3704 \Device\Harddisk0\DR0\Partition2 - ok
21:36:43.0983 3704 ============================================================
21:36:43.0983 3704 Scan finished
21:36:43.0983 3704 ============================================================
21:36:43.0998 1928 Detected object count: 0
21:36:43.0998 1928 Actual detected object count: 0


----------



## JonesIndustries (Aug 18, 2012)

more


----------



## CatByte (Feb 24, 2009)

Please do the following:

download Farbar Recovery Scan Tool  and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press *Scan* button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.


----------



## JonesIndustries (Aug 18, 2012)

Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 08-09-2012 09:18:40
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1926928 2010-01-19] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Belkin Storage Manager] "C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe" [858624 2009-02-03] (Belkin International, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\JOHN\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\JOHN\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\JOHN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services ====================

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [1837568 2012-08-15] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2010-01-19] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 FLEXnet Licensing Manager; C:\Windows\System32\regw2.exe [x]
4 RemoteAccess; C:\Windows\SysWOW64\mpreim.dll [x]

==================== Drivers =================================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 vphqgfxu; \??\C:\Windows\system32\drivers\vphqgfxu.sys [x]

==================== NetSvcs (Whitelisted) =================

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ()

==================== One Month Created Files and Folders ======================

2012-09-08 08:10 - 2012-09-08 08:10 - 01453141 ____A (Farbar) C:\Users\JOHN\Downloads\FRST64.exe
2012-09-07 20:31 - 2012-09-07 20:31 - 00017505 ____A C:\AdwCleaner[S2].txt
2012-09-07 20:30 - 2012-09-07 20:30 - 00016342 ____A C:\AdwCleaner[R2].txt
2012-09-07 19:57 - 2012-09-07 19:57 - 00016281 ____A C:\AdwCleaner[R1].txt
2012-09-07 19:55 - 2012-09-07 19:55 - 00511265 ____A C:\Users\JOHN\Desktop\adwcleaner.exe
2012-09-07 15:07 - 2012-09-07 15:07 - 00000000 ____D C:\_OTL
2012-09-07 14:44 - 2012-09-07 14:44 - 00064106 ____A C:\Users\JOHN\Desktop\Extras.Txt
2012-09-07 14:41 - 2012-09-07 17:18 - 00065138 ____A C:\Users\JOHN\Desktop\OTL.Txt
2012-09-07 14:32 - 2012-09-07 14:32 - 00599552 ____A (OldTimer Tools) C:\Users\JOHN\Desktop\OTL.exe
2012-09-07 14:05 - 2012-09-07 14:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-07 13:36 - 2012-09-07 13:36 - 00000000 ____D C:\Users\JOHN\Downloads\bits7
2012-09-07 13:35 - 2012-09-07 13:35 - 00001044 ____A C:\Users\JOHN\Downloads\bits7.zip
2012-09-07 13:24 - 2012-09-07 13:25 - 00002647 ____A C:\Users\JOHN\Desktop\FSS.txt
2012-09-06 20:51 - 2012-09-06 20:51 - 00000092 ____A C:\Users\JOHN\Desktop\ESETSCAN.txt
2012-09-06 20:01 - 2012-09-06 20:01 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-06 19:24 - 2012-09-06 19:24 - 00003121 ____A C:\Users\JOHN\Desktop\RKreport[3].txt
2012-09-06 19:22 - 2012-09-06 19:22 - 00002825 ____A C:\Users\JOHN\Desktop\RKreport[2].txt
2012-09-06 18:44 - 2012-09-06 18:44 - 00002515 ____A C:\Users\JOHN\Desktop\RKreport[1].txt
2012-09-06 18:42 - 2012-09-06 19:23 - 00000000 ____D C:\Users\JOHN\Desktop\RK_Quarantine
2012-09-06 18:40 - 2012-09-06 19:37 - 00000000 ____D C:\Program Files\PDFCreator
2012-09-06 18:40 - 2012-09-06 18:40 - 00000000 ____D C:\Program Files (x86)\GPLGS
2012-09-06 18:24 - 2012-09-06 18:24 - 00020174 ____A C:\Users\JOHN\Documents\Combofix report 9-6-12.txt
2012-09-06 17:32 - 2012-09-06 17:32 - 00020174 ____A C:\ComboFix.txt
2012-09-06 17:18 - 2012-09-06 17:32 - 00000000 ____D C:\ComboFix
2012-09-05 16:52 - 2012-09-05 16:52 - 00164912 ____A C:\Users\JOHN\Documents\Combofix report 9-5-12.txt
2012-09-03 10:38 - 2012-09-03 10:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-03 10:38 - 2012-09-03 10:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-03 10:36 - 2012-09-03 10:36 - 12621696 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\mseinstall(1).exe
2012-09-03 10:31 - 2012-09-03 10:31 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-09-03 10:30 - 2012-09-03 10:38 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\uTorrent
2012-08-29 13:04 - 2012-08-29 13:12 - 00008666 ____A C:\Users\JOHN\Desktop\hijackthis.log
2012-08-29 13:04 - 2012-08-29 13:04 - 00073165 ____A C:\Users\JOHN\Desktop\DDS Attach.txt
2012-08-29 13:00 - 2012-08-29 13:00 - 00019984 ____A C:\Users\JOHN\Desktop\DDS.txt
2012-08-29 12:57 - 2012-08-29 12:57 - 00607260 ____R (Swearware) C:\Users\JOHN\Downloads\dds.com
2012-08-29 12:52 - 2012-08-29 12:52 - 00000000 ____D C:\Users\JOHN\Downloads\ProcessExplorer
2012-08-28 14:13 - 2012-08-28 14:13 - 00021862 ____A C:\Users\JOHN\Documents\Combofix report 8-28-12-a.txt
2012-08-28 13:48 - 2012-08-24 12:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\JOHN\Desktop\TDSSKiller.exe
2012-08-28 12:12 - 2012-08-28 12:12 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2012-08-28 12:12 - 2012-08-28 12:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-28 12:12 - 2012-08-28 12:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-28 12:12 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-28 12:11 - 2012-08-28 12:11 - 00022548 ____A C:\Users\JOHN\Documents\Combofix report 8-28-12.txt
2012-08-28 12:03 - 2012-09-07 15:09 - 00008598 ____A C:\Windows\PFRO.log
2012-08-28 11:44 - 2012-08-28 11:44 - 00126768 ____A C:\Users\JOHN\Desktop\sfcdetails.txt
2012-08-28 11:17 - 2012-08-28 11:18 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-08-28 09:21 - 2012-08-28 09:21 - 72228400 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\msert.exe
2012-08-28 09:18 - 2012-08-28 09:18 - 00347424 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\MicrosoftFixit.wu.LB.134269604611398218.2.1.Run.exe
2012-08-28 09:14 - 2012-08-28 09:14 - 00677376 ____A C:\Users\JOHN\Downloads\MicrosoftFixit50687.msi
2012-08-28 09:10 - 2012-08-28 09:10 - 00347424 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\MicrosoftFixit.wu.Run.exe
2012-08-28 09:05 - 2012-08-28 09:05 - 00007586 ____A C:\Users\JOHN\Downloads\WinDefend.reg
2012-08-28 09:04 - 2012-08-28 09:04 - 00005256 ____A C:\Users\JOHN\Downloads\wscsvc.reg
2012-08-28 08:57 - 2012-08-28 08:57 - 00176940 ____A C:\Users\JOHN\Downloads\BFE.reg
2012-08-28 08:57 - 2012-08-28 08:57 - 00006396 ____A C:\Users\JOHN\Downloads\MpsSvc.reg
2012-08-28 07:21 - 2012-08-28 14:31 - 00000000 ____D C:\Users\JOHN\Downloads\Religious Literacy
2012-08-27 19:28 - 2012-09-08 07:10 - 00001904 ____A C:\Windows\setupact.log
2012-08-27 19:28 - 2012-08-27 19:28 - 00000000 ____A C:\Windows\setuperr.log
2012-08-27 18:35 - 2012-08-27 18:35 - 61915136 ____A C:\Windows\System32\config\software.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 38162432 ____A C:\Windows\System32\config\components.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 16130048 ____A C:\Windows\System32\config\system.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00262144 ____A C:\Windows\System32\config\default.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00057344 ____A C:\Windows\System32\config\sam.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00024576 ____A C:\Windows\System32\config\security.iobit
2012-08-27 12:40 - 2012-08-27 12:40 - 00022523 ____A C:\Users\JOHN\Documents\Combofix report 8-27-12.txt
2012-08-26 20:31 - 2012-08-26 20:31 - 12621696 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\mseinstall.exe
2012-08-26 20:25 - 2012-08-26 20:25 - 00022067 ____A C:\Users\JOHN\Documents\Combofix report 8-26-12.txt
2012-08-26 07:34 - 2012-08-26 07:34 - 00000000 ____D C:\WINSSLog
2012-08-22 09:20 - 2012-08-22 09:26 - 00000000 ____D C:\Users\JOHN\Downloads\The Beginning of Infinity - David Deutsch
2012-08-20 16:46 - 2012-09-03 10:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-20 16:45 - 2012-09-03 10:38 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-20 16:38 - 2012-08-20 16:38 - 00021654 ____A C:\Users\JOHN\Documents\combo fix.txt
2012-08-20 16:12 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-20 16:12 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-20 16:12 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-20 16:12 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-20 16:12 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-20 16:12 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-20 16:12 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-20 16:12 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-20 16:03 - 2012-09-06 17:32 - 00000000 ____D C:\Qoobox
2012-08-20 16:03 - 2012-08-26 20:14 - 00000000 ____D C:\Windows\erdnt
2012-08-20 15:41 - 2012-08-20 15:41 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elyvtctz.sys
2012-08-20 08:06 - 2012-08-20 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E68069FAE2D3A59E
2012-08-18 09:51 - 2012-08-18 10:15 - 00000000 ____D C:\Users\JOHN\Downloads\The.Kite.Runner.DVDRip.XviD-DiAMOND
2012-08-16 13:07 - 2012-08-16 13:07 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-16 12:16 - 2012-08-16 12:16 - 00000000 ____D C:\Users\JOHN\AppData\Local\{C783B4D1-2062-4289-997B-CF0533F94C90}
2012-08-16 12:16 - 2012-08-16 12:16 - 00000000 ____D C:\Users\JOHN\AppData\Local\{59876DC3-BD98-43F3-9A26-487BB8ACAAE1}
2012-08-15 01:13 - 2012-08-15 01:13 - 01837568 ____A C:\Windows\SysWOW64\Mcx2Svc.dll
2012-08-15 01:13 - 2012-08-15 01:13 - 00000438 ____A C:\Windows\SysWOW64\Mcx2Svc.ocx
2012-08-14 17:29 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 17:29 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 17:29 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-14 17:29 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 17:29 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 17:29 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-14 17:29 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 17:29 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 17:29 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-14 17:29 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-14 17:29 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 17:29 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 17:29 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 17:29 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 17:29 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-14 17:29 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-14 17:29 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-14 17:29 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-14 17:29 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-14 17:29 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-14 17:29 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-14 17:29 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-14 17:29 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-14 17:29 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-14 17:29 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-14 17:29 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-14 17:29 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-14 17:29 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-14 17:03 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 17:03 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 17:03 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 17:03 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 17:03 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-14 17:03 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-14 17:03 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 17:03 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 17:03 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-14 17:03 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 17:03 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 17:03 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-14 17:03 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-12 20:49 - 2012-08-12 20:49 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Xilisoft
2012-08-12 20:30 - 2012-08-17 08:18 - 00001794 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-08-12 18:40 - 2012-08-12 20:31 - 00001215 ____A C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
2012-08-12 18:40 - 2012-08-12 18:40 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-08-12 18:39 - 2012-08-12 18:39 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-08-11 02:00 - 2012-08-11 02:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-08-10 14:01 - 2012-08-10 14:01 - 00000000 ____D C:\Users\JOHN\Downloads\Nuance Dragon Naturally Speaking 11 Premium English
2012-08-09 11:19 - 2012-08-09 11:19 - 00000000 ____D C:\Program Files (x86)\Nuance

==================== 3 Months Modified Files ================================

2012-09-08 08:13 - 2011-05-13 00:16 - 02071918 ____A C:\Windows\WindowsUpdate.log
2012-09-08 08:10 - 2012-09-08 08:10 - 01453141 ____A (Farbar) C:\Users\JOHN\Downloads\FRST64.exe
2012-09-08 08:06 - 2012-05-30 21:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-08 08:05 - 2012-06-11 12:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-08 07:17 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-08 07:17 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-08 07:10 - 2012-08-27 19:28 - 00001904 ____A C:\Windows\setupact.log
2012-09-08 07:10 - 2012-05-30 21:42 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-08 07:10 - 2011-05-13 08:48 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
2012-09-08 07:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-07 20:36 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-07 20:31 - 2012-09-07 20:31 - 00017505 ____A C:\AdwCleaner[S2].txt
2012-09-07 20:30 - 2012-09-07 20:30 - 00016342 ____A C:\AdwCleaner[R2].txt
2012-09-07 19:57 - 2012-09-07 19:57 - 00016281 ____A C:\AdwCleaner[R1].txt
2012-09-07 19:55 - 2012-09-07 19:55 - 00511265 ____A C:\Users\JOHN\Desktop\adwcleaner.exe
2012-09-07 17:18 - 2012-09-07 14:41 - 00065138 ____A C:\Users\JOHN\Desktop\OTL.Txt
2012-09-07 15:09 - 2012-08-28 12:03 - 00008598 ____A C:\Windows\PFRO.log
2012-09-07 14:44 - 2012-09-07 14:44 - 00064106 ____A C:\Users\JOHN\Desktop\Extras.Txt
2012-09-07 14:32 - 2012-09-07 14:32 - 00599552 ____A (OldTimer Tools) C:\Users\JOHN\Desktop\OTL.exe
2012-09-07 13:35 - 2012-09-07 13:35 - 00001044 ____A C:\Users\JOHN\Downloads\bits7.zip
2012-09-07 13:25 - 2012-09-07 13:24 - 00002647 ____A C:\Users\JOHN\Desktop\FSS.txt
2012-09-06 20:51 - 2012-09-06 20:51 - 00000092 ____A C:\Users\JOHN\Desktop\ESETSCAN.txt
2012-09-06 19:24 - 2012-09-06 19:24 - 00003121 ____A C:\Users\JOHN\Desktop\RKreport[3].txt
2012-09-06 19:22 - 2012-09-06 19:22 - 00002825 ____A C:\Users\JOHN\Desktop\RKreport[2].txt
2012-09-06 18:44 - 2012-09-06 18:44 - 00002515 ____A C:\Users\JOHN\Desktop\RKreport[1].txt
2012-09-06 18:24 - 2012-09-06 18:24 - 00020174 ____A C:\Users\JOHN\Documents\Combofix report 9-6-12.txt
2012-09-06 17:32 - 2012-09-06 17:32 - 00020174 ____A C:\ComboFix.txt
2012-09-06 17:26 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-05 16:52 - 2012-09-05 16:52 - 00164912 ____A C:\Users\JOHN\Documents\Combofix report 9-5-12.txt
2012-09-03 10:38 - 2012-08-20 16:46 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-03 10:38 - 2012-08-20 16:45 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-03 10:36 - 2012-09-03 10:36 - 12621696 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\mseinstall(1).exe
2012-08-29 13:12 - 2012-08-29 13:04 - 00008666 ____A C:\Users\JOHN\Desktop\hijackthis.log
2012-08-29 13:04 - 2012-08-29 13:04 - 00073165 ____A C:\Users\JOHN\Desktop\DDS Attach.txt
2012-08-29 13:00 - 2012-08-29 13:00 - 00019984 ____A C:\Users\JOHN\Desktop\DDS.txt
2012-08-29 12:57 - 2012-08-29 12:57 - 00607260 ____R (Swearware) C:\Users\JOHN\Downloads\dds.com
2012-08-28 14:13 - 2012-08-28 14:13 - 00021862 ____A C:\Users\JOHN\Documents\Combofix report 8-28-12-a.txt
2012-08-28 12:11 - 2012-08-28 12:11 - 00022548 ____A C:\Users\JOHN\Documents\Combofix report 8-28-12.txt
2012-08-28 11:44 - 2012-08-28 11:44 - 00126768 ____A C:\Users\JOHN\Desktop\sfcdetails.txt
2012-08-28 09:21 - 2012-08-28 09:21 - 72228400 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\msert.exe
2012-08-28 09:18 - 2012-08-28 09:18 - 00347424 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\MicrosoftFixit.wu.LB.134269604611398218.2.1.Run.exe
2012-08-28 09:14 - 2012-08-28 09:14 - 00677376 ____A C:\Users\JOHN\Downloads\MicrosoftFixit50687.msi
2012-08-28 09:10 - 2012-08-28 09:10 - 00347424 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\MicrosoftFixit.wu.Run.exe
2012-08-28 09:05 - 2012-08-28 09:05 - 00007586 ____A C:\Users\JOHN\Downloads\WinDefend.reg
2012-08-28 09:04 - 2012-08-28 09:04 - 00005256 ____A C:\Users\JOHN\Downloads\wscsvc.reg
2012-08-28 08:57 - 2012-08-28 08:57 - 00176940 ____A C:\Users\JOHN\Downloads\BFE.reg
2012-08-28 08:57 - 2012-08-28 08:57 - 00006396 ____A C:\Users\JOHN\Downloads\MpsSvc.reg
2012-08-27 19:28 - 2012-08-27 19:28 - 00000000 ____A C:\Windows\setuperr.log
2012-08-27 18:35 - 2012-08-27 18:35 - 61915136 ____A C:\Windows\System32\config\software.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 38162432 ____A C:\Windows\System32\config\components.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 16130048 ____A C:\Windows\System32\config\system.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00262144 ____A C:\Windows\System32\config\default.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00057344 ____A C:\Windows\System32\config\sam.iobit
2012-08-27 18:35 - 2012-08-27 18:35 - 00024576 ____A C:\Windows\System32\config\security.iobit
2012-08-27 12:40 - 2012-08-27 12:40 - 00022523 ____A C:\Users\JOHN\Documents\Combofix report 8-27-12.txt
2012-08-26 20:31 - 2012-08-26 20:31 - 12621696 ____A (Microsoft Corporation) C:\Users\JOHN\Downloads\mseinstall.exe
2012-08-26 20:25 - 2012-08-26 20:25 - 00022067 ____A C:\Users\JOHN\Documents\Combofix report 8-26-12.txt
2012-08-24 12:28 - 2012-08-28 13:48 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\JOHN\Desktop\TDSSKiller.exe
2012-08-20 16:38 - 2012-08-20 16:38 - 00021654 ____A C:\Users\JOHN\Documents\combo fix.txt
2012-08-20 15:41 - 2012-08-20 15:41 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elyvtctz.sys
2012-08-20 08:06 - 2012-08-20 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E68069FAE2D3A59E
2012-08-19 11:51 - 2011-11-07 16:05 - 00007605 ____A C:\Users\JOHN\AppData\Local\resmon.resmoncfg
2012-08-17 08:18 - 2012-08-12 20:30 - 00001794 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-08-15 01:13 - 2012-08-15 01:13 - 01837568 ____A C:\Windows\SysWOW64\Mcx2Svc.dll
2012-08-15 01:13 - 2012-08-15 01:13 - 00000438 ____A C:\Windows\SysWOW64\Mcx2Svc.ocx
2012-08-14 17:54 - 2009-07-13 20:45 - 04867248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 17:53 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-14 17:27 - 2011-05-13 09:43 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 16:50 - 2012-04-01 13:40 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-14 16:50 - 2011-05-14 07:42 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-12 20:31 - 2012-08-12 18:40 - 00001215 ____A C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
2012-07-31 08:15 - 2012-07-31 08:15 - 00001037 ____A C:\Users\JOHN\Desktop\Dropbox.lnk
2012-07-31 08:05 - 2012-07-31 08:05 - 17798272 ____A (Dropbox, Inc.) C:\Users\JOHN\Downloads\Dropbox 1.4.12.exe
2012-07-18 10:15 - 2012-08-14 17:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-14 17:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 17:03 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 17:03 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 17:03 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 17:03 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 12:46 - 2012-08-28 12:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 07:26 - 2012-07-03 07:26 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-03 07:26 - 2012-07-03 07:26 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-28 20:55 - 2012-08-14 17:29 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-14 17:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-14 17:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-14 17:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-14 17:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-14 17:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-14 17:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-14 17:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-14 17:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-14 17:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-14 17:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-14 17:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-14 17:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-14 17:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-14 17:29 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-14 17:29 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-14 17:29 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-14 17:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-14 17:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-14 17:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 17:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-14 17:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 17:29 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-14 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 17:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-14 17:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 17:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 17:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-25 23:13:11
Restore point made on: 2012-08-26 07:28:13
Restore point made on: 2012-08-26 19:41:03
Restore point made on: 2012-08-27 18:43:58
Restore point made on: 2012-08-28 09:14:58
Restore point made on: 2012-09-05 16:37:35
Restore point made on: 2012-09-06 19:45:55
Restore point made on: 2012-09-07 13:40:51
Restore point made on: 2012-09-07 14:36:23

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 7988.52 MB
Available physical RAM: 7199.5 MB
Total Pagefile: 7986.67 MB
Available Pagefile: 7189.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:596.07 GB) (Free:56.51 GB) NTFS
3 Drive f: () (Removable) (Total:30.07 GB) (Free:30.06 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B 
Disk 1 Online 30 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 596 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 596 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 30 GB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 30 GB Healthy

==================================================================================

Last Boot: 2012-09-06 17:50

==================== End Of Log =============================


----------



## CatByte (Feb 24, 2009)

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*


```
start
1 vphqgfxu; \??\C:\Windows\system32\drivers\vphqgfxu.sys [x]
2012-08-20 15:41 - 2012-08-20 15:41 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\elyvtctz.sys
2012-08-20 08:06 - 2012-08-20 08:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E68069FAE2D3A59E
2012-08-16 12:16 - 2012-08-16 12:16 - 00000000 ____D C:\Users\JOHN\AppData\Local\{C783B4D1-2062-4289-997B-CF0533F94C90}
2012-08-16 12:16 - 2012-08-16 12:16 - 00000000 ____D C:\Users\JOHN\AppData\Local\{59876DC3-BD98-43F3-9A26-487BB8ACAAE1}
cmd: bootrec /FixMbr
end
```
*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system*

Now please enter *System Recovery Options* then select *Command Prompt*

Run *FRST* (or FRST64 if you have the 64bit version) and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

*NEXT*

re-run OTL with the following custom scan


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select *All Users*
Under the Custom Scan box paste this in
*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Post both logs


----------



## JonesIndustries (Aug 18, 2012)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-08 10:04:44 Run:1
Running from F:\

==============================================

vphqgfxu service deleted successfully.
C:\Windows\System32\Drivers\elyvtctz.sys moved successfully.
C:\Windows\System32\services.exe.E68069FAE2D3A59E moved successfully.
C:\Users\JOHN\AppData\Local\{C783B4D1-2062-4289-997B-CF0533F94C90} moved successfully.
C:\Users\JOHN\AppData\Local\{59876DC3-BD98-43F3-9A26-487BB8ACAAE1} moved successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

OTL logfile created on: 9/8/2012 10:08:05 AM - Run 3
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\JOHN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 77.42% Memory free
15.60 Gb Paging File | 13.74 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 56.49 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Drive F: | 30.07 Gb Total Space | 30.06 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: JOHN-PC | User Name: JOHN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 19:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2010/01/19 17:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2010/01/19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2010/01/19 17:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2010/01/11 11:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:*64bit:* - [2009/09/15 21:59:44 | 000,907,264 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:*64bit:* - [2009/09/15 21:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:*64bit:* - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/15 02:13:12 | 001,837,568 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2012/08/14 17:50:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/05/06 18:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/01/13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:*64bit:* - [2009/12/22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:*64bit:* - [2009/09/15 21:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:*64bit:* - [2009/09/15 21:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:*64bit:* - [2009/09/15 21:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:*64bit:* - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:*64bit:* - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:*64bit:* - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = 
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 04 12 9F B9 11 CC 01 [binary data]
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\..\SearchScopes\{EC3393B8-E9E3-467A-802F-340E636B60AD}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749_yserp3tst&p={searchTerms}
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749_yserp3tst"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/26 21:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 20:43:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/13 18:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Extensions
[2012/09/07 14:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions
[2012/06/19 14:45:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/04/25 14:46:04 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\JOHN\AppData\Roaming\mozilla\Firefox\Profiles\pej30tu7.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/05/13 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/06 20:43:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 14:14:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 14:14:58 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: AVG Safe Search = C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/09/07 16:07:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:*64bit:* - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:*64bit:* - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3903430519-452506101-3320713040-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529D71E2-43C3-4193-8913-98B4A8DD7211}: DhcpNameServer = 192.168.1.254
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:*64bit:* - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: Mcx2Svc - C:\Windows\SysWOW64\Mcx2Svc.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 10:18:26 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/07 16:07:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 15:32:44 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/07 15:05:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/06 21:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/09/06 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2012/09/06 18:32:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/06 18:26:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/06 18:18:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/03 11:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/03 11:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/03 11:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/09/03 11:30:17 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/28 14:48:52 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JOHN\Desktop\TDSSKiller.exe
[2012/08/28 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Malwarebytes
[2012/08/28 13:12:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 13:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/28 12:17:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/08/26 08:34:39 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/08/20 17:12:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 17:12:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 17:12:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 17:03:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 17:03:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 14:07:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/12 21:49:10 | 000,000,000 | ---D | C] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/12 19:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/08/12 19:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/08/12 19:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/08/11 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/08/09 12:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance

========== Files - Modified Within 30 Days ==========

[2012/09/08 10:12:57 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 10:12:57 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 10:06:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 10:05:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 10:05:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/08 10:05:25 | 1987,461,119 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/08 09:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 21:36:48 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/07 21:36:48 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/07 21:36:48 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/07 20:55:37 | 000,511,265 | ---- | M] () -- C:\Users\JOHN\Desktop\adwcleaner.exe
[2012/09/07 16:07:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/07 15:32:46 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JOHN\Desktop\OTL.exe
[2012/09/03 11:38:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/03 11:38:26 | 000,743,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JOHN\Desktop\TDSSKiller.exe
[2012/08/19 12:51:06 | 000,007,605 | ---- | M] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2012/08/15 02:13:19 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | M] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/14 18:54:19 | 004,867,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/12 21:31:46 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk

========== Files Created - No Company Name ==========

[2012/09/07 20:55:26 | 000,511,265 | ---- | C] () -- C:\Users\JOHN\Desktop\adwcleaner.exe
[2012/09/03 11:38:33 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/20 17:46:15 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/20 17:45:59 | 000,743,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 17:12:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 17:12:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 17:12:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 17:12:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 17:12:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 02:13:19 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.ocx
[2012/08/15 02:13:12 | 001,837,568 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.dll
[2012/08/12 19:40:07 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft DVD Ripper Ultimate.lnk
[2011/11/07 17:05:51 | 000,007,605 | ---- | C] () -- C:\Users\JOHN\AppData\Local\resmon.resmoncfg
[2011/05/14 23:21:15 | 000,000,024 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\Final Draft Tagger Preferences
[2011/05/14 16:14:54 | 000,000,760 | ---- | C] () -- C:\Users\JOHN\AppData\Roaming\setup_ldm.iss
[2011/05/13 22:08:29 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/11 19:15:08 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/11 19:15:08 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== LOP Check ==========

[2011/08/09 22:04:21 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Amazon
[2012/08/26 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\AVG2012
[2012/09/08 10:06:27 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Dropbox
[2012/08/20 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\DVDVideoSoft
[2011/05/13 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Final Draft
[2011/08/25 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Garmin
[2012/04/30 15:54:55 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\GoPro
[2011/12/07 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\IObit
[2011/05/14 16:14:59 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Leadertech
[2011/05/14 08:29:42 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PACE Anti-Piracy
[2011/05/13 14:23:50 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\PCDr
[2011/05/14 08:31:22 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/03 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\uTorrent
[2012/08/12 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\JOHN\AppData\Roaming\Xilisoft
[2012/08/14 18:53:12 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9640320AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Generic- Multi-Card USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 596.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 30.00GB
Starting Offset: 4194304
Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


----------



## CatByte (Feb 24, 2009)

Do you know what this file is? It's been on your system for a while, but it is hidden

[2011/05/13 22:08:29 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995

let's try analyzing it, you will need to show hidden files and folders:

submit a file to virustotal for analysis

Use the *browse button* on that page to navigate to the location of the file to be scanned.
In the *right hand panel*, 
click on the file *C:\ProgramData\.811261211181235583101118113995*
then click the *open* button. 
The file will now be displayed in the *submit box.*
Scroll down a bit and click *"send file"*, wait for the results
If you get a message saying *File has already been analyzed:* click *Reanalyze file now*
Once scanned, copy and paste the link to the results page in your next reply.

*NEXT*

Update your MBAM definitions, then run a fill scan

post the new log


----------



## JonesIndustries (Aug 18, 2012)

https://www.virustotal.com/file/3ae...aceafe2d3c9653e2fdcf2543/analysis/1347131937/

Full scan going now.


----------



## CatByte (Feb 24, 2009)

:up:


----------



## JonesIndustries (Aug 18, 2012)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JOHN :: JOHN-PC [administrator]

Protection: Enabled

9/8/2012 12:21:54 PM
mbam-log-2012-09-08 (12-21-54).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442772
Time elapsed: 1 hour(s), 29 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## CatByte (Feb 24, 2009)

how is the system running now?


----------



## JonesIndustries (Aug 18, 2012)

Everything is running good. That little window from malwarebytes keeps popping up with svchost warning though. I figured a "format c:" is my future.


----------



## JonesIndustries (Aug 18, 2012)

This is the warning I'm referring to. I keep missing it to show the latest one.


----------



## CatByte (Feb 24, 2009)

let's make sure there is nothing in your browser history that is causing the issue

please run TFC

then let's reset your router and flush the DNS

Download *TFC* to your *desktop*

Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean

*
NEXT*

Reset your Router:


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. 
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). 
If you don't know the router's default password, you can look it up. HERE
You also need to reconfigure any security settings you had in place prior to the reset. 
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

*NEXT*

Please do the following:

Click the *Microsoft Start logo* in the bottom left corner of the screen
Click *All Programs*
Click *Accessories*
RIGHT-click on *Command Prompt*
Select *Run As Administrator*
In the command window type the following and then hit enter: 
*
ipconfig /flushdns​*
You will see the following confirmation:



> Windows IP Configuration
> Successfully flushed the DNS Resolver Cache.


----------



## JonesIndustries (Aug 18, 2012)

Got it.


----------



## JonesIndustries (Aug 18, 2012)

TFC check.
I just switched providers about 3 days ago from Cox to U-Verse but I reset the router.
Flushed DNS


----------



## CatByte (Feb 24, 2009)

ok,

use the machine normally, let me know if you get another alert


----------



## JonesIndustries (Aug 18, 2012)

Copy that.


----------



## JonesIndustries (Aug 18, 2012)

It's still going. This just pops up every 30-45min no matter whats happening. I haven't been doing anything. It's just sitting idle.


----------



## CatByte (Feb 24, 2009)

TDSSKiller is usually the tool for the usual svchost exe trojan we see, but it isn't finding anything.

Let's get a dump of the MBR outside of windows

what was the drive letter of your USB in FRST?


----------



## JonesIndustries (Aug 18, 2012)

It was f: but I used a SD card.


----------



## CatByte (Feb 24, 2009)

that's ok, I just need a letter so i can assign where to send the mbr dump in the command

please do the follo

Please download the following: MBRFix 1.3.0.0 to your desktop

Save and extract its contents to the desktop. There are three files in the MBRFix folder. From these, only copy the *MBRFix64.exe* to the USB drive. (SDCard)

Next,copy/paste the following to notepad and save it as fixlist.txt, save as "all files" and save it to your flash drive. (SD Card)


```
Start
cmd: f:\MbrFix64 /drive 0 savembr f:\MBRDUMP.txt 
CMD: copy /y f:\mbrfix64.exe x:\windows\system32
CMD: MbrFix64 /drive 0 savembr f:\MBRBak.bin
CMD: bcdedit /enum all
end
```
Boot to *System Recovery Options* and select *"Command Prompt"*.
Run *FRST64*, press *Fix* and wait.

The tool makes *Fixlog.txt* and *MBRBak.bin* and *MBRDUMP.txt* on the flash drive. 
Please post the Fixlog.txt, MBRDUMP.txt also zip *MBRBak.bin* and attach it to your reply.


----------



## JonesIndustries (Aug 18, 2012)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-09 07:54:53 Run:2
Running from F:\

==============================================

========= f:\MbrFix64 /drive 0 savembr f:\MBRDUMP.txt =========

========= End of CMD: =========

========= copy /y f:\mbrfix64.exe x:\windows\system32 =========

1 file(s) copied.

========= End of CMD: =========

========= MbrFix64 /drive 0 savembr f:\MBRBak.bin =========

========= End of CMD: =========

========= bcdedit /enum all =========

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {2a45b452-7d41-11e0-b40d-b7e27d07cea1}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {2a45b452-7d41-11e0-b40d-b7e27d07cea1}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\2a45b454-7d41-11e0-b40d-b7e27d07cea1\Winre.wim,{2a45b455-7d41-11e0-b40d-b7e27d07cea1}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\2a45b454-7d41-11e0-b40d-b7e27d07cea1\Winre.wim,{2a45b455-7d41-11e0-b40d-b7e27d07cea1}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {2a45b452-7d41-11e0-b40d-b7e27d07cea1}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier  {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {2a45b455-7d41-11e0-b40d-b7e27d07cea1}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\2a45b454-7d41-11e0-b40d-b7e27d07cea1\boot.sdi

========= End of CMD: =========

==== End of Fixlog ====

3ÀÐ¼ |ÀØ¾ |¿ ¹ üó¤PhËû¹ ½¾~ |ÅâñÍV UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`~ t&fh fÿvh h |h h ´BV ôÍÄë¸» |V vNnÍfasþNu~  ²ëU2äV Í]ë>þ}Uªunÿv è uú°Ñædè °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh  fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{~ò  ! ß   ßþÿÿ ( PJ Uª


----------



## CatByte (Feb 24, 2009)

that doesn't help at all as everything looks as it should

please try the following:

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named)

Click the *"cog"* in the upper right area of the window

Select down to and including your main drive, once done select the "Automatic scan" tab and press *Start Scan*

Allow AVP to *delete* all infections found

Once it has finished select *report* tab (last tab)

Select *Detected threads report* from the left and press *Save* button

Save it to your desktop and post the content in your next reply.


----------



## JonesIndustries (Aug 18, 2012)

Sorry for the delay. The AVPTool takes 5 hours and my girlfriend accidentally unplugged it mid scan. I just restarted it and it'll be another 5 hours.


----------



## CatByte (Feb 24, 2009)

oops...hate when that happens


I just hope after all this that it finds the problem


----------



## JonesIndustries (Aug 18, 2012)

Me too, and by the way, I wanted to thank you again for all the help. I felt like saying it on every post but I thought that'd be to time consuming. Anyway, sincerely, thank you. You are a life saver. I've been on the brink of completely destroying this thing out of sheer frustration. Now I can see the light at the end of the tunnel.


----------



## CatByte (Feb 24, 2009)

any results?


----------



## JonesIndustries (Aug 18, 2012)

I've been at work all day. Should be home in about an hour to see what happened.


----------



## JonesIndustries (Aug 18, 2012)

Wow, after all that... no threats detected. I'm stumped... but that's been the case since the beginning.


----------



## CatByte (Feb 24, 2009)

I can only think perhaps utorrent has something to do with it. Please uninstall utorrent completely (and any other peer to peer or torrent programs)

run the temp file cleaner to get rid of any browser history

Download *TFC* to your *desktop*

Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean

the sites trying to be accessed are located in Korea

do you have anything legitimate on your machine at all that might account for the traffic, remote access of any type?

take a look at your installed programs and let me know if there is anything there that you do not recognize


----------



## JonesIndustries (Aug 18, 2012)

No remote access. No reason to contact Korea. I don't see anything that seems strange in my programs, and utorrent is outa here.


----------



## CatByte (Feb 24, 2009)

this is very puzzling, let's keep trying, something should ferret this out, another thought, have you contacted your ISP and explained the problem? They might have an idea.

Do you have a secure password on your router? I know we reset the router, but it might be worth doing it this way:


Consult this link to find out what is the default username and password of your router and note down them: Router Passwords
Then rest your router to it's factory default settings:
*Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router*. 
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)
*NEXT*
This is the difficult part.
First get to the routers server > type* http:\\192.168.1.1* in the address bar and click Enter. You get the log in window.
Fill in the password you found previously and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. 
In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP should have originally given to you.
You can also call your ISP if you don't have your initial password.
*Don't forget to change the routers default password and set a strong password.* 
Note down the password and keep it somewhere for future reference.

*NEXT*
 Please make sure of the following settings:
Go to start => Control panel => Double-click *Network and Sharing Center*.
In the left window select *Manage network Connection*.
In the right window right-click *Local Area connection* and select *Properties *.
*Internet Protocol Version 6 (IP6v)* should be checked. Double-click on it: Make sure of the following settings:
The option *Obtain an IP address automatically* should be checked.
The option *Obtain DNS server address automatically* should be checked.

Click *OK*.
*Internet Protocol Version 4 (IP4v)* should be checked. Double-click on it.
The option *Obtain an IP address automatically* should be checked.
The option *Obtain DNS server address automatically* should be checked.

Click *OK* twice.
If you should change any setting reboot the computer.


*NEXT*

let's try getting a look with list parts

please run the following:


*Download* *ListParts64* to a USB flash drive.
Plug the USB drive into the infected machine.

*Boot your computer into Recovery Environment*


Restart the computer and press *F8* repeatedly until the *Advanced Options Menu* appears.
Select *Repair your computer*.
Select Language and click *Next*
Enter password (if necessary) and click *OK*, you should now see the screen below ...











Select the *Command Prompt* option.
A command window will open.
Type *notepad* then hit *Enter*.
Notepad will open.
Click *File > Open* then select *Computer*.
Note down the drive letter for your *USB Drive*.
Close Notepad.


Back in the command window ....
Type *e:/listparts64.exe* and hit *Enter* (where *e:* is replaced by the drive letter for your USB drive)
*ListParts* will start to run.
Press the *Scan* button.
When finished scanning it will make a log *Result.txt* on the flash drive.


Close the command window.
Boot back into normal mode and post me the *Result.txt* log please.

*
NEXT*

Please download a fresh copy of rogue killer (delete the copy you have)


Download RogueKiller and save it to your desktop. 
*Quit* all other programs
Start *RogueKiller.exe*
Wait until the *Prescan* has finished ... 
Click on *Scan*








Wait for the end of the scan
A report will be created on your desktop. 
Click on the *Delete* button








Next click on the *ShortcutsFix * 








another report will be created on your desktop.

Please post: *All RKreport.txt* text files located on your desktop.


----------



## JonesIndustries (Aug 18, 2012)

The only item I didn't do was the the first one. I couldn't log in to router.
The address just timed out.

ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 11-09-2012 at 17:07:40
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 7988.52 MB
Available physical RAM: 7368.67 MB
Total Pagefile: 7986.67 MB
Available Pagefile: 7342.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:596.07 GB) (Free:49.25 GB) NTFS
4 Drive f: (EOS_DIGITAL) (Removable) (Total:3.68 GB) (Free:3.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B 
Disk 1 Online 3776 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 596 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 596 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3772 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F EOS_DIGITAL FAT32 Removable 3772 MB Healthy

======================================================================================================

****** End Of Log ******

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Scan -- Date : 09/11/2012 17:13:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\66488797 (system32\DRIVERS\66488797.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\66488797 (system32\DRIVERS\66488797.sys) -> FOUND
[STARTUP][SUSP PATH] _uninst_66488797.lnk @JOHN : C:\Users\JOHN\AppData\Local\Temp\_uninst_66488797.bat -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS ATA Device +++++
--- User ---
[MBR] 916d29861c5bf5308cbc222eab99f17b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
--- User ---
[MBR] da472127b68ae06e77945944f5898195
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3772 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Remove -- Date : 09/11/2012 17:14:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\66488797 (system32\DRIVERS\66488797.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\66488797 (system32\DRIVERS\66488797.sys) -> DELETED
[STARTUP][SUSP PATH] _uninst_66488797.lnk @JOHN : C:\Users\JOHN\AppData\Local\Temp\_uninst_66488797.bat -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS ATA Device +++++
--- User ---
[MBR] 916d29861c5bf5308cbc222eab99f17b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
--- User ---
[MBR] da472127b68ae06e77945944f5898195
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3772 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------



## CatByte (Feb 24, 2009)

rogue killer found a couple of items that it didn't find the first time, so you are being re-infected somehow

what is the make and model of your router, I'd like to see if you can reset that and get a more secure password there


----------



## JonesIndustries (Aug 18, 2012)

Forgot this one. Getting router info now.

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOHN [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/11/2012 17:18:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2157 / Fail 0
My documents: Success 2 / Fail 2
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 3756 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 62 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


----------



## JonesIndustries (Aug 18, 2012)

Hopefully this isn't a bad thing to put up in public. Does this help?


----------



## CatByte (Feb 24, 2009)

yes,
please remove that attachment


----------



## CatByte (Feb 24, 2009)

the IP address given is 192.168.1.254 and yes, that is timing out

I suggest going to the manufacturers web site and seeing if there is a support forum, and maybe an alternate address listed

in the mean time

try connecting directly, bypassing the router entirely

update MBAM and run it and see if you get any further notifications from MBAM,

that way we can either confirm or eliminate a problem with the router


----------



## CatByte (Feb 24, 2009)

does this site time out for you as well?

192.168.1.1

(it asks me for the password)


----------



## JonesIndustries (Aug 18, 2012)

Yes, it times out.


----------



## CatByte (Feb 24, 2009)

ok,

try the direct connection


----------



## JonesIndustries (Aug 18, 2012)

I wasn't able to get anyone at AT&T. I'll try them tomorrow after work. Until then here's the latest report.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JOHN :: JOHN-PC [administrator]

9/11/2012 6:38:29 PM
mbam-log-2012-09-11 (18-38-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 447091
Time elapsed: 1 hour(s), 32 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## CatByte (Feb 24, 2009)

did you bypass the router and connect directly or what kind of set up do you have there?


----------



## JonesIndustries (Aug 18, 2012)

I'm wireless. I couldn't find a cable around here so I'll pick one up tomorrow.


----------



## CatByte (Feb 24, 2009)

:up:


----------



## JonesIndustries (Aug 18, 2012)

I'm wired.


----------



## JonesIndustries (Aug 18, 2012)

I can get on the router too.


----------



## CatByte (Feb 24, 2009)

ok, stay disconnected from the router (or did you mean you can now access the router set up page...if so follow the steps to reset the password)


let me know if malwarebytes pops up with the connection attempt while you are connected directly

also, do you have file sharing enabled, do you share printer ports?


----------



## JonesIndustries (Aug 18, 2012)

I'm connected to the router with a cable. I can access the set-up page. I do have a wireless printer. The malware hasn't popped up anything but I think it's cause the 30 trial ran out.


----------



## CatByte (Feb 24, 2009)

> The malware hasn't popped up anything but I think it's cause the 30 trial ran out


well, that's unfortunate.



> I'm connected to the router with a cable


 what sort of set up do you have for your connection? Do you have a modem? Are you able to connect directly to the internet without going through the router, just so we can either blame or eliminate the router.

you can check outbound traffic with a number of different programs (although MBAM is excellent to have)

wireshark is one of them
http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/

were you able to set a strong password on the router?


----------



## JonesIndustries (Aug 18, 2012)

The modem/router is all in one unit. It's a 2wire machine that I just got from at&t for their U-verse connection. It has a very strong password. This unit is only about a week old. Before that I had a cable modem and wireless router. I've had this bug for over a month so I think it rules out the router but you're the brains of this operation so I differ to you. If you think it'll help, I'll pull the trigger and buy the malwarebytes program. Or if you prefer another one, whatever you think will help.


----------



## CatByte (Feb 24, 2009)

well it's probably not the router then if you've just changed it.

the wireshark program is free

I can't see what's causing the detection from MBAM, none of the tools are identifying anything.

I'd like to see if wireshark detects the same outgoing traffic

I am going to post in the staff forum to see if any of my colleagues sees something that I may have over looked here (fortunately there are some excellent experts here that I can ask for assistance from)


----------



## JonesIndustries (Aug 18, 2012)

wireshark is ready. Not sure how to use it.


----------



## CatByte (Feb 24, 2009)

follow the tutorial I linked you to for *filtering packets*
http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/

you can enter in those rogue IP addresses MBAM alerted to and see if there is any traffic to them

If you do find it, then there is the ability to further investigate it, although i suspect you will only find the generic svchost that MBAM alerts to,


----------



## CatByte (Feb 24, 2009)

here's a link to an interesting analysis that was done with it

http://predragtasevski.com/malware/malware-wireshark-capture/


----------



## JonesIndustries (Aug 18, 2012)

Watching that scroll by makes me feel like I'm looking at the Matrix. I think this might be beyond my skill level. I entered 1 of the IP address' from the malware warnings and nothing has come up yet.


----------



## CatByte (Feb 24, 2009)

I believe my esteemed colleagues have located the offending file (I hang with the right crowd )

Please run the following:


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
http://forums.techguy.org/virus-other-malware-removal/1066988-svchost-exe-virus-7.html#post8467631

Collect::
c:\windows\SysWow64\Mcx2Svc.dll
C:\Windows\SysWOW64\Mcx2Svc.ocx

NetSvc::
Mcx2Svc

Driver::
Mcx2Svc
ClearJavaCache::
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*










Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
*ComboFix may request an update; please allow it.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

Please let me know how the computer is running now


----------



## JonesIndustries (Aug 18, 2012)

Combofix ran. Now I can't get online with wireless or wired. Am I missing something little? Tried to diagnose and repair but nothing's working.


----------



## JonesIndustries (Aug 18, 2012)

I didnt want to to a system restore for fear of screwing up what Combofix may have repaired.


----------



## CatByte (Feb 24, 2009)

we need to restore to before we ran ComboFix,

then we will use a different tool to remove that bad entry

(this is a nasty infection, this was hiding as a Microsoft file and is tied in to windows services)

at least it appears as though the bad entry has finally been identified

please do the following:

we need to run the FRST tool in the recovery environment

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*


```
start
RestoreErunt: cf
end
```
*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system*

Now please enter *System Recovery Options* then select *Command Prompt*

Run *FRST* (or FRST64 if you have the 64bit version) and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Let me know if that restores the connection successfully, then we will use another script with FRST to remove the bad entry


----------



## JonesIndustries (Aug 18, 2012)

Stil unable to get online

Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (64) version: 08-09-12
Ran by SYSTEM at 09-13-12 18:36:29 Run:3
Running from F:\
-&#8211;------------------------------------
----End of Fixlog-------------


----------



## CatByte (Feb 24, 2009)

that didn't appear to execute the script

it doesn't appear as though the script was saved to the fixlist.txt

please try it again

please make sure you copy all of the script and save it to the USB

then make sure you execute the "FIX" button once in the recovery environment

thanks

If that still doesn't work

do a regular system restore to the restore point just before ComboFix was run

then run a regular scan with FRST and post the fresh log and we'll go from there


----------



## JonesIndustries (Aug 18, 2012)

Tried it a couple more times. When I hit fix, it only takes a couple seconds and says the log is ready and it's the same as the one I typed out. This is what I put in the fixlist.txt

start
RestorErunt: cf
end

Saved as txt & all files

Should I do system restore from safe mode or ???


----------



## CatByte (Feb 24, 2009)

yes, do a system restore,

it shouldn't need to be done in safe mode


----------



## JonesIndustries (Aug 18, 2012)

Back in business.


----------



## CatByte (Feb 24, 2009)

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*


```
start
2 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [1837568 2012-08-15] ()
NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ()
2012-08-15 01:13 - 2012-08-15 01:13 - 01837568 ____A C:\Windows\SysWOW64\Mcx2Svc.dll
2012-08-15 01:13 - 2012-08-15 01:13 - 00000438 ____A C:\Windows\SysWOW64\Mcx2Svc.ocx
end
```
*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system*

Now please enter *System Recovery Options* then select *Command Prompt*

Run *FRST* (or FRST64 if you have the 64bit version) and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Please let me know how the computer is running now


----------



## JonesIndustries (Aug 18, 2012)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-14 07:43:08 Run:6
Running from F:\

==============================================

Mcx2Svc service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Mcx2Svc Deleted successfully.
C:\Windows\SysWOW64\Mcx2Svc.dll moved successfully.
C:\Windows\SysWOW64\Mcx2Svc.ocx moved successfully.

==== End of Fixlog ====


----------



## CatByte (Feb 24, 2009)

that's good

how is the computer running now?


----------



## JonesIndustries (Aug 18, 2012)

Everything seems to be fine. I don't have the malwarebytes so I'm no longer getting those pesky warnings.


----------



## CatByte (Feb 24, 2009)

you should download the free version, it doesn't have the realtime protection, but it's an excellent scanner

http://www.malwarebytes.org/products/malwarebytes_free/

we just have some housekeeping to do now

please do the following:

You can delete all the *tools and logs* from your desktop except ComboFix and OTL as there are special cleanup routines for them

*
NEXT*

*Follow these steps to uninstall Combofix *


Make sure your security programs are totally disabled.
Press the *WinKey +R* to open a run box
Now copy/paste *Combofix /uninstall* into the *runbox* and click *OK.* Note the *space* between the *..X* and the */U*, it needs to be there.










*NEXT*

Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.

*NEXT*

Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article *
Strong passwords: How to create and use them* Then consider a *password keeper,* to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*Download* *TFC* *to your desktop*
Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE

*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*PC Safety and Security--What Do I Need?.*
Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.


----------



## JonesIndustries (Aug 18, 2012)

Thank you so much. So stoked this forum is out there. I'd have been completely screwed. You rock


----------



## CatByte (Feb 24, 2009)

you are welcome

stay safe

~CB


----------

