# Solved: Repeating mfefirek.sys BSOD



## frankwhopon (Feb 5, 2013)

Hello, I have experienced many different BSODs of late. I am running a fairly new (7 months) Windows 7 machine. Upon running the minidump files through WinDbg I always get the same result as follows:



> *******************************************************************************
> * *
> * Bugcheck Analysis *
> * *
> ...


 I can't run the McAfee removal tool because I never installed McAfee and don't have an account. I am not sure what to try next, I have done some searching online but have come up empty. I have included my minidumps.

Many thanks.


----------



## Lance1 (Aug 4, 2003)

Hello frankwhopon And Welcome To TSG!

What is the exact make and model of your system? McAfee is one of the contributing factors to bloatware in most OEM systems. Take a look at *PC Decrapifier* It is designed to remove bloatware from OEM systems, and is *Free* for personal use.


----------



## rainforest123 (Dec 29, 2004)

Hello & Welcome to Tech Guy Forum.

If you would run this forum's system info utility & post the results, we could do a better job of helping you.
Also, please provide the brand, model & model # of your computer. 
http://library.techguy.org/wiki/TSG_Valuable_links

As it now stands, please read 
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560244(v=vs.85).aspx

An account is not needed here.
http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

On your computer, go to the folder containing mfefirek.sys
Right click mfefirek.sys
Left click "properties"
Left click the "version" tab
Send us a screen shot.

RF123


----------



## rainforest123 (Dec 29, 2004)

Using your favorite search engine, Frank, if you search using this string, 
0xD1 drivER_IRQL_NOT_LESS_OR_EQUAL "mfefirek.sys"

you will find more information.

RF123


----------



## rainforest123 (Dec 29, 2004)

Lance1:
No offense intended from me.

I was composing [ What can I say, I'm a slow typist [ and possibly thinker ] compared to you ] while you posted. 
:up:

RF123


----------



## frankwhopon (Feb 5, 2013)

Thanks for the quick reply.

Here is my system info:OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 5920 Mb
Graphics Card: Intel(R) HD Graphics 3000, -1860 Mb
Hard Drives: C: Total - 300061 MB, Free - 211924 MB; D: Total - 389739 MB, Free - 389623 MB;
Motherboard: ASUSTeK Computer Inc., K53SD
Antivirus: AVG Anti-Virus Free Edition 2013, Updated and Enabled
​The problem I have had with MCPR tool is that once you start it, but before it begins removal, it asks for your username and password since I never installed McAfee I don't have either.


----------



## rainforest123 (Dec 29, 2004)

frank;
Thanks. 

My error. Please provide a screen shot of the 'details" tab.

RF123


----------



## Lance1 (Aug 4, 2003)

rainforest123, Not an issue, all input is welcome. Most of the dump files point to McAfee. So I pointed to PC Decrapifier. I have used this app and it works. I like your posts. But with most OP's It's best to stay very simple, and then go from there. 

No disrespect...


----------



## frankwhopon (Feb 5, 2013)

No worries rainforest123, here she is.


----------



## rainforest123 (Dec 29, 2004)

frank :
I have not experienced the name & p/w issue with McAfee's removal tool, but I haven't run it in > 3 mon. As noted in my signature, "change is constant". 

I'll test it later. 

Please follow Lance1's learned advice.

RF123


----------



## rainforest123 (Dec 29, 2004)

Lance1:
2 :up: 


RF123


----------



## frankwhopon (Feb 5, 2013)

OK, thanks. 

Have run Decrapifier, but it did not identify McAfee and allow me to remove it, don't think it's even installed anymore; there are just some scattered files leftover. 

I have also downloaded and run Driver Detective, which identified a couple of drivers that were out of date. I updated those. 


I guess I will wait to see if I get another BSOD.


----------



## huggie54 (Feb 17, 2008)

please go here and read this.
http://www.google.co.uk/url?sa=t&rc...Y5LgfUMNXlx-4PlHFhirNAw&bvm=bv.41934586,d.d2k


----------



## huggie54 (Feb 17, 2008)

C:\Windows\System32\drivers\mfefirek.sys. have a look in there, delete if it exists


----------



## rainforest123 (Dec 29, 2004)

huggie:
Please see thescreen shot. 

She / He has provided evidence that is DOES exist.

Please, do NOT delete the file!!!!!!!!! 

RF123


----------



## huggie54 (Feb 17, 2008)

seen screen shot,read post 12,


----------



## rainforest123 (Dec 29, 2004)

frank:
I just downloaded McAfee's product removal tool

I was NOT asked for a name or p/w.

I used softpedia
http://www.softpedia.com/progDownload/McAfee-Consumer-Product-Removal-Tool-Download-65930.html

After running the McAfee removal tool, check for the presence of the file.

If it is still there:
control panel > view by to "large icons:
open "folder options"
"view tab"
check "display extensions of . . "
OK

Go to C:\Windows\System32\drivers\mfefirek.sys
RIGHT click mfefirek.sys
Left click "rename"
rename it to mfefirek.sys

Then, return to "folder options" and remove the check mark to the left of the entry for displaying / showing file extensions.

Test

RF123


----------



## frankwhopon (Feb 5, 2013)

Alrighty, I tried the MCPR tool a couple more times and it still needs a username/password from me when I run it. I included a screenshot to show you what I mean.

I renamed the file as you said, and have not received another BSOD as of now. Thank you for all your patience and help thus far.


----------



## frankwhopon (Feb 5, 2013)

OK, it I just had another BSOD. It looks the same as before. I have attracted the minidump.


----------



## huggie54 (Feb 17, 2008)

try here.http://www.google.co.uk/url?sa=t&rc...SDgZgE&usg=AFQjCNFBIxk_hyC5zAGwaCkNY4Jj7m5l0g


----------



## frankwhopon (Feb 5, 2013)

huggie54 said:


> try here.http://www.google.co.uk/url?sa=t&rc...SDgZgE&usg=AFQjCNFBIxk_hyC5zAGwaCkNY4Jj7m5l0g


 The problem is that McAfee is not installed, and I never had an account with McAfee. Following these steps would require me to login to my McAfee account, which I don't have.


----------



## rainforest123 (Dec 29, 2004)

Dear frank:
I have already addressed the McAfee issue. 

Rename the file using the steps I provided.

Computers are stupid. If I tell you that I'll meet you outside, wearing a hat, but then remove my hat, you will still recognize me. If I tell you that I will meet you at a tree but am near a bicycle, you will recognize me. Compurters look for a specific thing in a specific place. Renaming a file is better than removing a file because, if we need the file, all we have to do is name it back to the oriiginal name.

Please *trust ME* on this point, frank.

RF123


----------



## huggie54 (Feb 17, 2008)

@rainforest123 he has already renamd the file at # 18


----------



## frankwhopon (Feb 5, 2013)

I do trust you RF123, I followed your directions in post #17 for renaming the file. But you tell me to rename the file with the same name. I tried renaming the file to something else (I put a 1 at the end), but encountered an error that said I couldnt change my permissions. I attached the screenshot.


----------



## huggie54 (Feb 17, 2008)

well its definitely mcafee,are you with bt broadband


----------



## frankwhopon (Feb 5, 2013)

huggie54 said:


> are you with bt broadband


 No I don't have BT Broadband. I'm in the US.


----------



## Lance1 (Aug 4, 2003)

frankwhopon said:


> I do trust you RF123, I followed your directions in post #17 for renaming the file. But you tell me to rename the file with the same name. I tried renaming the file to something else (I put a 1 at the end), but encountered an error that said I couldnt change my permissions. I attached the screenshot.





> Go to C:\Windows\System32\drivers\mfefirek.sys
> RIGHT click mfefirek.sys
> Left click "rename"
> rename it to mfefirek.sys


Just change the file extension from *mfefirek.sys* To *mfefirek.sys.old 
*


----------



## rainforest123 (Dec 29, 2004)

*WHOA!*
Why did you go into "permissions". 
*Please do NOT do that! BIG troubles can occur. *



> Go to C:\Windows\System32\drivers\mfefirek.sys
> RIGHT click mfefirek.sys
> Left click "rename"
> rename it to mfefirek.sys


My mistake.
sheeping expression
mfefirek.YSY

OR 
You can use Lance1's suggestion. I'm not a fan of double file extensions, but it will work. 
:up:

RF123


----------



## rainforest123 (Dec 29, 2004)

huggie:



> rainforest123 he has already renamd the file at # 18


No she / he didn't. I had provided inaccurate advice. I accept responsibilities for my inaccuracies. 


RF123


----------



## Lance1 (Aug 4, 2003)

You could also use *mfefirek.old * NO double.


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> huggie:
> No she / he didn't.
> RF123


He 

The same problem is happening with renaming the file. I attached the screenshot of the error that comes up.


----------



## Lance1 (Aug 4, 2003)

Do you have ownership of this file? Right Click Properties \ Securities \ Advanced \ Owner. Are you in the list?


----------



## rainforest123 (Dec 29, 2004)

Lance1 said:


> You could also use *mfefirek.old * NO double.


That would work. I choose to rename the suffix without introducing new characters; makes it easier for me to remember the original extension. 

RF123


----------



## rainforest123 (Dec 29, 2004)

Interesting. 

Excellent question. 

Which leads me to, if frank's account does not have ownership, why is that?

frank, are you using an account in the group ' administrators", or a different group.
control panel > user accounts

RF123

RF123


----------



## frankwhopon (Feb 5, 2013)

Lance1 said:


> Do you have ownership of this file? Right Click Properties \ Securities \ Advanced \ Owner. Are you in the list?


 The current owner is the Administrators group.



> frank, are you using an account in the group ' administrators", or a different group.
> control panel > user accounts


I checked and my user account is an administrator account (it is in fact the only account).

I have tried to change the ownership to my user account and received the "Unable to set new owner on mfefirek.sys. Access is denied" Error.


----------



## Lance1 (Aug 4, 2003)

Try this *Add "Take Ownership"* To the right click context menu. It is a .reg file, and comes with a install and uninstall .reg file. Right click mfefirek.sys and then try and Take Ownership.


----------



## frankwhopon (Feb 5, 2013)

Lance1 said:


> Try this *Add Take Ownership* To the right click context menu. It is a .reg file, and comes with a install and uninstall .reg file. Right click mfefirek.sys and then try and Take Ownership.


 Well, I installed it and choose the option on the right-click menu; as far as I can tell it worked. However I still can't rename the file. The owner is still set the administrator group. I included a screenshot of what it all looks like, if that can help. My User account name is "Nathan".


----------



## rainforest123 (Dec 29, 2004)

Enable the account, Administrator, which has more / higher privileges than a garden variety member of the administrators group
http://support.microsoft.com/kb/555910
references Vista, but applies to W7, too

Log in as Administrator

Then, try to rename the file

RF123


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> Enable the account, Administrator, which has more / higher privileges than a garden variety member of the administrators group
> http://support.microsoft.com/kb/555910
> references Vista, but applies to W7, too
> 
> ...


 Unless there is a special way to log in as administrator than it didn't work. I still can't change any of the permissions/owners and I can't rename the file.


----------



## rainforest123 (Dec 29, 2004)

> Unless there is a special way to log in as administrator than it didn't work. I still can't change any of the permissions/owners and I can't rename the file.


Having more information would help us help you; help me anyway help you. Lance1 might be more psychic. 

MY Method
enable the Administrator account using the steps in the article I provided [ or search for steps that work for you [ some of us learn from different types of explanations ] [ search on your own using something like: "windows 7" tutorial administrator enable "command prompt" ]
Putting 2 or more words within "", such as "windows 7", above tells most seach engines to treat that group as an exact phrase ]

shut down
reboot
at the log in screen, in addition to YOUR user name, Administrator will hopefully be present

BUT, the bigger question, in my mind [ not much room for big questions in a small mind  ] is:
Why have you had so many BSODs & how does it relate to being unable [ probably more accurately being allowed / permitted ] to preform a simple task such as renaming a NON Windows file.

RF123


----------



## frankwhopon (Feb 5, 2013)

Haha, my bad on that one. I when I did it the first time I didn't type the command in correctly. I retried it and the admin account was there. I was then able to successfully change the file name. I guess we will see if that fixes the problem, thanks again for everybody's help on this one.



> Why have you had so many BSODs & how does it relate to being unable [ probably more accurately being allowed / permitted ] to preform a simple task such as renaming a NON Windows file.


 The suggestion was put forth the change the file name as an alternative to deleting the file. I have so many BSOD because I haven't gotten around to fixing the problem until now (school started back so I need a _reliable _machine once again).


----------



## Lance1 (Aug 4, 2003)

Well now that you are in the Admin account, add "your" account to the owner of the C:\ drive. This should give you authority over all that resides on the C:\ drive


----------



## rainforest123 (Dec 29, 2004)

SOME progress

Woo Hoo! 

Congratulations!


----------



## frankwhopon (Feb 5, 2013)

Alright, I got another BSOD. It occurred yesterday. Same as before as far as I can tell, I included the minidump. I will try to remember what I was doing at the time of the crash next time it occurs.


----------



## rainforest123 (Dec 29, 2004)

OK. I of us will analyze it. 

Please recap:
Which diagnostics have you run since this thread started? 

RF123


----------



## rainforest123 (Dec 29, 2004)

Have you run your computer in safe mode to try to reproduce the error? If not, please do so.

*edit:
Run in safe mode for:
1. As long as you can tolerate the inconvenience.

2. As long as it takes for the error to appear.

end edit*

You might not have internet connectivity if you use wi fi. You might not be able to print.

RF123


----------



## rainforest123 (Dec 29, 2004)

frank:
Please provide the brand, model & model # of your computer.
I've looked through this thread, but did not see it. 

Please update your profile to include your computer's OS & hardware info. 

It makes it easier than searching through 4 pages for system info.
 

RF123


----------



## Lance1 (Aug 4, 2003)

It is the same file as prior. "mfefirek.sys" (McAfee Core Firewall Engine Driver) Here is something to try, and it has a success rate. *Guru3D - Driver Sweeper* I think that we are at the last strew here.


```
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\LG-PC7\Desktop\Newist minidump\020913-45973-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*your local folder for symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0304d000 PsLoadedModuleList = 0xfffff800`03291670
Debug session time: Sat Feb  9 16:10:28.137 2013 (UTC - 8:00)
System Uptime: 2 days 2:59:40.058
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
.....................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {d, 2, 0, fffff88008044d70}

Unable to load image \SystemRoot\system32\drivers\mfefirek.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfefirek.sys
*** ERROR: Module load completed but symbols could not be loaded for mfefirek.sys
Probably caused by : mfefirek.sys ( mfefirek+1ad70 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000000000d, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88008044d70, address which referenced memory

Debugging Details:
------------------

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032fb100
 000000000000000d

CURRENT_IRQL:  2

FAULTING_IP: 
mfefirek+1ad70
fffff880`08044d70 8a400d          mov     al,byte ptr [rax+0Dh]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88005bcf6b0 -- (.trap 0xfffff88005bcf6b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80126b6010
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88008044d70 rsp=fffff88005bcf848 rbp=fffffa800a1d68f0
 r8=fffff88005bcf870  r9=0000000000000004 r10=0000000000000002
r11=fffff880080846b0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
mfefirek+0x1ad70:
fffff880`08044d70 8a400d          mov     al,byte ptr [rax+0Dh] ds:2800:00000000`0000000d=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800030cb569 to fffff800030cbfc0

STACK_TEXT:  
fffff880`05bcf568 fffff800`030cb569 : 00000000`0000000a 00000000`0000000d 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`05bcf570 fffff800`030ca1e0 : 00000000`00000010 fffffa80`131b6358 00000000`00008006 00000000`00000001 : nt!KiBugCheckDispatch+0x69
fffff880`05bcf6b0 fffff880`08044d70 : fffff880`08053b2c fffffa80`0be66630 00000000`00000000 fffffa80`0a27f240 : nt!KiPageFault+0x260
fffff880`05bcf848 fffff880`08053b2c : fffffa80`0be66630 00000000`00000000 fffffa80`0a27f240 fffff800`030e208f : mfefirek+0x1ad70
fffff880`05bcf850 fffffa80`0be66630 : 00000000`00000000 fffffa80`0a27f240 fffff800`030e208f 00000000`00000000 : mfefirek+0x29b2c
fffff880`05bcf858 00000000`00000000 : fffffa80`0a27f240 fffff800`030e208f 00000000`00000000 fffffa80`0a1d69c0 : 0xfffffa80`0be66630

STACK_COMMAND:  kb

FOLLOWUP_IP: 
mfefirek+1ad70
fffff880`08044d70 8a400d          mov     al,byte ptr [rax+0Dh]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  mfefirek+1ad70

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mfefirek

IMAGE_NAME:  mfefirek.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4fc63ee2

FAILURE_BUCKET_ID:  X64_0xD1_mfefirek+1ad70

BUCKET_ID:  X64_0xD1_mfefirek+1ad70

Followup: MachineOwner
```


----------



## rainforest123 (Dec 29, 2004)

L1:
Malware; specifically a rootkit?

RF123


----------



## rainforest123 (Dec 29, 2004)

I am not a wiz at using W7' search feature.
Folder options > "view" tab
Set W7 to display hidden, system & protected files; even when asked if you are sure.
Unhide / Display extensions for known file types.

Use advanced search for C: to look for: *mfefirek*

The "*" is a wild card. 

L1: 
Feel free to provide W7 search tips. PLEASE! 

RF123


----------



## Lance1 (Aug 4, 2003)

rainforest123 said:


> L1:
> Malware; specifically a rootkit?
> 
> RF123


Are you speaking of Driver Sweeper or the site it's linked to? I changed the link to *TechSpot* A reputable site.


----------



## Lance1 (Aug 4, 2003)

rainforest123 said:


> I am not a wiz at using W7' search feature.
> Folder options > "view" tab
> Set W7 to display hidden, system & protected files; even when asked if you are sure.
> Unhide / Display extensions for known file types.
> ...


This says more than I can. *Advanced tips for searching in Windows*


----------



## rainforest123 (Dec 29, 2004)

frank :
Please go to C:\Windows\System32\drivers .
Is mfefirek.sys present? 
*edit #2
Is the former mfefirek with renamed extension also present?

end edit #2*

Be sure that you have folder options set to display / unhide file extensions. 
:up:

L1:



> Are you speaking of Driver Sweeper or the site it's linked to? I changed the link to TechSpot A reputable site.


*OOPS*
My error. I like guru3D. I am fond of driver sweeper.

I was referring to the BSOD with a mention of the mfefirek file, even though it has been renamed.

*edit
Thanks for the link, L1.

end edit*



RF123


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> OK. I of us will analyze it.
> 
> Please recap:
> Which diagnostics have you run since this thread started?
> ...


 OK, thanks.

So far I have run several of the minidumps through WinDbg and saw that, to my untrained eyes, they all looked to have the same problem (mfefirek.sys). I have attempted to run the MCPR tool but was unable because it requests a username/password or uninstall code before it starts the removal. I have run driver detective and updated one driver that was out of date. I have also successfully renamed the mfefirek.sys file to mfefirek.ysy; however, the BSODs persist.
Thats the summary of what I have done so far.


----------



## Mark1956 (May 7, 2011)

Looks like you might need some more ideas.

I downloaded and ran the MCPR tool from here McAfee Removal Tool and although I don't have any Mcfee products installed the software ran without asking for username or password, I also did not see the screen you posted earlier with something about family protection. Try the tool in the above link and see if that helps.

As BSOD's are still naming the mfefirek.sys file even though you renamed it there must be another copy of it as it won't name a file that does not exist.

Please run this to do a search for it and please go Here and follow the instructions to run DDS, then *Copy and Paste* both the logs into your next reply, you need not follow the instructions to run GMER or HJT.

The chances are that the McAfee file or other remnants are causing a conflict with other security software.

Please download *SystemLook* from one of the links below and save it to your Desktop.


*Link 1: SystemLook (64-bit)*
Link 2: SystemLook (64-bit)


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*mfefirek*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## rainforest123 (Dec 29, 2004)

Mark :
Thanks for jumping in. 4 page threads can be confusing for me. 



> I don't have any Mcfee products installed the software ran without asking for username or password


Same for me.

#17 of this thread


> I just downloaded McAfee's product removal tool
> 
> I was NOT asked for a name or p/w.
> 
> ...





> there must be another copy of it as it won't name a file that does not exist.


#50 of this thread


> I am not a wiz at using W7' search feature.
> Folder options > "view" tab
> Set W7 to display hidden, system & protected files; even when asked if you are sure.
> Unhide / Display extensions for known file types.
> ...


*edit



•Double-click SystemLook.exe to run it.
•Vista/Windows 7 users right-click and select Run As Administrator.
•Copy and paste everything in the codebox below into the main textfield:

Code:
:filefind
*mfefirek*

•Click the Look button to start the scan.
•When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
•Please copy and paste the contents of that log in your next reply.

Click to expand...

Cool, Mark.

end edit*

Great minds, including that of Lance1, think alike. 

RF123


----------



## frankwhopon (Feb 5, 2013)

OK, here are the results from the DDS



> DDS (Ver_2012-11-20.01) - NTFS_AMD64
> Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_03
> Run by Nathan at 16:19:14 on 2013-02-11
> Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5920.3524 [GMT -5:00]
> ...


Here is the attach log:


> .
> UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
> IF REQUESTED, ZIP IT UP & ATTACH IT
> .
> ...


And here is the SystemLook:


> SystemLook 30.07.11 by jpshortstuff
> Log created at 16:02 on 11/02/2013 by Nathan
> Administrator - Elevation successful
> 
> ...


----------



## Mark1956 (May 7, 2011)

First problem I see is two anti virus programs, decide which one you want to remove and let me know.

I'll be back when you reply, had a mates birthday party down at the local Spanish bar tonight so a bit beyond the point of studying a log file.

Your logs show a few BSOD's please follow this to post the minidumps.

First locate your minidump files, open *Windows Explorer* and click on the *C:* drive in the left pane, in the right pane look down the list of folders and double click on *Windows* to view its contents._ *NOTE:* If your operating system is installed under a different drive letter then look there._ Scroll down the contents of the *Windows* folder and look for a folder called *minidump* and double click on it. You should now see the *minidump* files which will have a *.dmp* extension.

Zip up at least 6 of the most recent files into *one* zip folder (if there are less then just zip up what you have).

*NOTE:* To zip up the files in Windows (all versions). Right click the file, click on* Send To*, and then click
*Compressed (zipped) Folder*. That will create a zip folder containing a copy of the file, you should see it appear.

If there is more than one *.dmp* file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on *Send To*, and then click *Compressed (zipped) Folder*.




Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and click on it so it becomes highlighted and click on *Open.*
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the top of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*

=========================================================================

Rainforest123, you should consider a Malware course, you will be amazed what it can teach you, not only would you learn how to track down and kill Malware you will also learn about some very useful tools that also help to figure out many other PC problems . Don't respond in this thread as it will clutter it up  PM me.


----------



## frankwhopon (Feb 5, 2013)

Here they are.

I am using AVG Free.


----------



## rainforest123 (Dec 29, 2004)

f :
Mark wants the minidumps, not a screenshot of c:\windows\minidump


For the information of all involved, frank has already posted the minidumps. See posts #1 , #19, #44 of this thread.

frank, for the convenience of M [ thread 4 pages long can be problematic for finding important items ] please put all your minidump files into a folder & attach it for Mark.
:up:

RF123


----------



## rainforest123 (Dec 29, 2004)

Lance1:
WE have already been down that road!

I gently refer you to pages 1 - 4 of this post.
*edit
change post to thread.

end edit*

*I STILL want to know if the file is ANYWHERE on the computer. I asked frank to check. Mark1956 asked frank to check. Remote Access has no interest to me, so I am unwilling to check for him.*


frank has stated that he has run the Mcafee Removal tool & reported that it requests a user name & password. I have *NOT* been able to duplicate such a request.

RF123


----------



## Lance1 (Aug 4, 2003)

Your right. I hate long threads, I get lost. I'll delete that post.


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> f :
> frank, for the convenience of M [ thread 4 pages long can be problematic for finding important items ] please put all your minidump files into a folder & attach it for Mark.
> :up:


I did attach the zip with 7 of the most recent minidumps.


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> Lance1:
> *I STILL want to know if the file is ANYWHERE on the computer. I asked frank to check. Mark1956 asked frank to check. Remote Access has no interest to me, so I am unwilling to check for him.*


Sorry about that RF123, I got so many replies there at one time that I wasn't sure who to respond too. There are two other versions of mfefirek.sys. One of them is in C:\ProgramData\Internet Content Filter\app-support\mferedist\x64, the other is in C:\ProgramData\Internet Content Filter\app-support\mferedist\x86.
Should I rename those files as well?


----------



## rainforest123 (Dec 29, 2004)

frank:
Yes. 
After you :



> Please download SystemLook from one of the links below and save it to your Desktop.
> •Link 1: SystemLook (64-bit)
> Link 2: SystemLook (64-bit)
> 
> ...


Rename them to mfefirek to mferedist_bad

*edit
rename mferedist to tsiderefm

end edit*

Please refer to earlier posts of this thread for renaming help & what we need [ screen shots ] from you if you encounter problems.

FYI mferedist *IS NOT THE SAME* as mferedist.sys


RF23


----------



## rainforest123 (Dec 29, 2004)

If a BSOD appears, provide us with the minidump.

I understand that there are 3 people trying to help you.

By renaming to the reverse spelling, it will tell us a lot. 
In the registry, the file is mferedist or mferedist.sys

*DO NOT* edit the registry unless *expressly & specifically* instructed to do so by Lance1 or Mark1956 or by me.

RF123


----------



## rainforest123 (Dec 29, 2004)

frank:


> I did attach the zip with 7 of the most recent minidumps.


Very 

*I apologize, frank.*

RF123


----------



## Mark1956 (May 7, 2011)

I would like to suggest you try running the McAfee removal tool from the link I posted (post 55) and see if that works for you, if it still won't run then it would be best to delete all the McAfee file as there is no point in keeping them.

Delete this folder:

C:\ProgramData\Internet Content Filter\app-support\*mferedist* <_---this folder_

Then delete this file C:\Windows\System32\drivers\*mfefirek.ysy *_<----this file_

Then run this to clean out your temporary files:

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

That should remove all the files that we know about.

As you are only using AVG Anti Virus you should uninstall Trend Micro, even with it disabled it can still cause conflicts. Follow these instructions: Trend Micro Titanium uninstall

When done let the system run for a day or so and report back with any further problems. Fingers crossed, the problem was all being caused by having two Anti Virus programs on the system plus the remnants of McAfee.

It won't be causing the problem, but I also see you have multiple outdated versions of Java installed which pose a security threat, please uninstall all these items:

Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 7 Update 5 (64-bit)

Then follow this to install the latest version:

*How to install the latest version.*


Open the browser that you normally use and click on this link: Java Download
Click on the big red button *Free Java Download*
On the next page click on the big red button *Agree and Start Free Download*
Select *Run* whenever the option appears. If no *Run* option appears click on *Save* and then when the download completes click on *Run*. If a *User Account Control* warning appears click on *Continue*.
When the *Welcome to Java* window appears click on* Install*.
It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
If any error messages appear click on OK and then click on the *Agree and start free download* button again.
Please wait for the *Java Setup* window to appear. Uncheck the box to install the *Ask Toolbar* and then click on *Next*.
*NOTE: *The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
You will then see the *Java Setup Progress* window and another will appear for *JavaFX* (on some systems the JavaFX will not appear or be installed). Finally the *Java Setup Complete* window will appear, click on *Close*.
If a Java page then appears with a button to *Verify Java Version* click on it and it will verify the installation.
The Installation is now complete, please reboot the system.
*NOTE:* The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

When you have done all the above post a fresh log from DDS (please Copy & Paste directly into your post without the quote box), I can then check for any remnants of McAfee or Trend Micro and post instructions to remove them, then you should be good to go.


----------



## frankwhopon (Feb 5, 2013)

rainforest123 said:


> frank:
> *I apologize, frank.*
> RF123


No worries. 

I was unable to delete the folder C:\ProgramData\Internet Content Filter\app-support\mferedist. I included the screenshots for everyone's viewing pleasure.
I deleted the .ysy file fine.
The uninstallation of trend micro went fine as well, I also uninstalled all of the Java types that I could find. The only one I could not find was the Java Auto Updater.

*Here is the DDS:*
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Administrator at 8:28:19 on 2013-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5920.3517 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Nathan\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Opera x64\Opera.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C}\3516C6F6E6F57657563747 : DHCPNameServer = 4.4.4.4 8.8.8.8
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C}\3554350205279667164756 : DHCPNameServer = 10.1.1.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-12 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-12 335784]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-5 39768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-3-31 379520]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-12-12 78208]
R2 AlotService;ALOT Update Service;C:\Users\Nathan\AppData\LocalLow\alotservice\alotservice.exe [2012-5-24 255880]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-19 107520]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2012-11-12 2765528]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-3 2315888]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-12 177144]
R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-3 2315888]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-31 2656280]
R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-2-10 965296]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-12-6 143144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-6 108656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-12 300392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-12 218320]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-14 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-14 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-12 13:28:06	--------	d-----w-	C:\Users\Administrator\AppData\Local\Opera
2013-02-12 13:18:32	525792	----a-w-	C:\Windows\DIFxAPI.dll
2013-02-12 13:18:31	232272	----a-w-	C:\Windows\TmNSCIns.dll
2013-02-12 12:55:51	--------	d-----w-	C:\Users\Administrator\AppData\Local\Google
2013-02-07 21:22:40	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\ASUS WebStorage
2013-02-07 21:22:08	--------	d-----w-	C:\Users\Administrator\AppData\Local\AVG Secure Search
2013-02-07 21:22:07	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\AVG2013
2013-02-07 21:22:05	--------	d-----w-	C:\Users\Administrator\AppData\Local\Avg2013
2013-02-07 21:19:05	--------	d-----w-	C:\Users\Administrator\AppData\Local\Power2Go
2013-02-05 21:04:20	--------	d-----w-	C:\ProgramData\UAB
2013-02-05 21:04:11	--------	d-----w-	C:\ProgramData\PC Drivers HeadQuarters
2013-02-05 21:03:21	--------	d-----w-	C:\Program Files (x86)\PC Drivers HeadQuarters
2013-02-05 21:02:47	--------	d-----w-	C:\ProgramData\APN
2013-01-23 02:27:11	--------	d-----w-	C:\symbolcache
2013-01-23 02:21:55	--------	d-----w-	C:\ProgramData\dbg
2013-01-22 22:50:00	--------	d-----w-	C:\Program Files (x86)\Windows Kits
2013-01-22 22:25:50	--------	d-----w-	C:\ProgramData\Package Cache
2013-01-19 17:48:54	719872	----a-w-	C:\Windows\SysWow64\devil.dll
2013-01-19 17:48:54	70656	----a-w-	C:\Windows\SysWow64\yv12vfw.dll
2013-01-19 17:48:54	70656	----a-w-	C:\Windows\SysWow64\i420vfw.dll
2013-01-19 17:48:54	369152	----a-w-	C:\Windows\SysWow64\avisynth.dll
2013-01-19 17:48:54	32256	----a-w-	C:\Windows\SysWow64\AVSredirect.dll
2013-01-19 17:48:47	--------	d-----w-	C:\Program Files (x86)\AviSynth 2.5
2013-01-19 17:43:22	--------	d-----w-	C:\Program Files (x86)\eRightSoft
2013-01-19 17:43:15	--------	d-----w-	C:\Program Files (x86)\DefaultTab
.
==================== Find3M ====================
.
2013-02-11 01:26:21	39768	----a-w-	C:\Windows\System32\drivers\avgtpx64.sys
2013-02-09 23:34:08	74096	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:34:08	697712	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-06 16:39:02	45056	----a-w-	C:\Windows\SysWow64\acovcnt.exe
2012-12-16 17:11:22	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16	441856	----a-w-	C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31	2746368	----a-w-	C:\Windows\System32\gameux.dll
2012-12-07 12:26:17	308736	----a-w-	C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43	2576384	----a-w-	C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04	30720	----a-w-	C:\Windows\System32\usk.rs
2012-12-07 11:20:03	43520	----a-w-	C:\Windows\System32\csrr.rs
2012-12-07 11:20:03	23552	----a-w-	C:\Windows\System32\oflc.rs
2012-12-07 11:20:01	45568	----a-w-	C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01	44544	----a-w-	C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01	20480	----a-w-	C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00	20480	----a-w-	C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59	20480	----a-w-	C:\Windows\System32\pegi.rs
2012-12-07 11:19:58	46592	----a-w-	C:\Windows\System32\fpb.rs
2012-12-07 11:19:57	40960	----a-w-	C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57	21504	----a-w-	C:\Windows\System32\grb.rs
2012-12-07 11:19:57	15360	----a-w-	C:\Windows\System32\djctq.rs
2012-12-07 11:19:56	55296	----a-w-	C:\Windows\System32\cero.rs
2012-12-07 11:19:55	51712	----a-w-	C:\Windows\System32\esrb.rs
2012-11-30 05:45:35	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-11-30 05:45:35	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07	424448	----a-w-	C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-11-30 02:44:06	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 22:05:00	2409136	----a-w-	C:\Windows\SysWow64\seinst.dll
2012-11-28 22:05:00	2341168	----a-w-	C:\Windows\sediag.exe
2012-11-23 03:26:31	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-23 03:13:57	68608	----a-w-	C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23	800768	----a-w-	C:\Windows\System32\usp10.dll
2012-11-22 04:45:03	626688	----a-w-	C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09	220160	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-11-16 04:33:24	111968	----a-w-	C:\Windows\System32\drivers\avgmfx64.sys
2006-05-03 16:06:54	163328	--sha-r-	C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16	31232	--sha-r-	C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52	216064	--sha-r-	C:\Windows\SysWOW64\nbDX.dll
2010-01-07 05:00:00	107520	--sha-r-	C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 8:28:43.60 ===============

*And here is the attach log:*
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/7/2012 8:29:08 AM
System Uptime: 2/12/2013 8:20:01 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SD
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 205.757 GiB free.
D: is FIXED (NTFS) - 381 GiB total, 380.492 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 1/26/2013 9:07:17 PM - Scheduled Checkpoint
RP77: 2/4/2013 6:07:37 PM - Scheduled Checkpoint
RP78: 2/5/2013 8:09:04 AM - PC Decrapifier Restore Point
RP79: 2/5/2013 4:03:11 PM - Installed Driver Detective.
RP80: 2/12/2013 8:14:01 AM - Removed Java 7 Update 7
RP81: 2/12/2013 8:14:37 AM - Removed Java(TM) 6 Update 3
RP82: 2/12/2013 8:15:13 AM - Removed Java(TM) 7 Update 5 (64-bit)
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Alcor Micro USB Card Reader
ALOT Appbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Sonic Focus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_K3 Series_ENG
AsusVibe2.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Audacity 2.0.2
AVG 2013
AVG Security Toolbar
Bonjour
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DefaultTab
Driver Detective
DVDStyler v2.3.5
e-Sword
ETDWare PS/2-X64 8.0.5.5_WHQL
Fast Boot
FormatFactory 3.00
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.0
Google Chrome
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Update Helper
ImgBurn
Inkscape 0.48.2
InstantOn for NB
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor 2.0
iTunes
Jahshaka
Junk Mail filter update
Kits Configuration Installer
Lightworks
LMMS 0.4.13
Logos 4 Prerequisites
Logos Bible Software 4
MediaPlayerLite 0.3
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASA World Wind 1.4
Nuance PDF Reader
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenLibraries
Opera 12.01
Pivot Stickfigure Animator version 2.2.6
QuickTime
Realtek High Definition Audio Driver
Safe Eyes
Sculptris Alpha 6
SDK Debuggers
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
swMSM
Terragen 2 Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Waterfox
Waterfox 13.0 (x64 en-US)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit EULA
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 7:11:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff88008044d70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-45973-01.
2/7/2013 4:21:57 PM, Error: Service Control Manager [7034] - The McAfee Internet Content Filter Core Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2013 4:11:36 PM, Error: hasplms [3] - ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
2/6/2013 6:21:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LAPTOP1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E84CE390-77F7-453F-AC90-333A316DBA1C}. The master browser is stopping or an election is being forced.
2/6/2013 3:32:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff880080edd70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020613-39327-01.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO_ AVGIDSDriver Avgldx64 Avgtdia DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vwififlt Wanarpv6 WfpLwf
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 1:23:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff8800803bd70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020613-48531-01.
2/5/2013 9:56:42 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2/12/2013 8:22:55 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/12/2013 8:22:55 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
2/12/2013 8:21:06 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
2/12/2013 8:20:44 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

Ok, there still remains the issue of removing the old McAfee files, but I just want to check if you tried the Uninstall tool from the link I posted. I did ask about this in my last post, but you haven't made any comment about it, please try it and let me know what happens. 

If it has, or does, fail again the tool I will use won't have a problem with permissions.

You took out the old Java software, but don't appear to have followed through with installing the latest version, any reason for that?


----------



## frankwhopon (Feb 5, 2013)

Mark1956 said:


> Ok, there still remains the issue of removing the old McAfee files, but I just want to check if you tried the Uninstall tool from the link I posted. I did ask about this in my last post, but you haven't made any comment about it, please try it and let me know what happens.
> 
> If it has, or does, fail again the tool I will use won't have a problem with permissions.
> 
> You took out the old Java software, but don't appear to have followed through with installing the latest version, any reason for that?


 I have tried the MCPR tool several more times (including from majorgeeks.com) and I always get the same screen asking for a username/ password combo or an uninstall code (screenshot in post #18).

There was no particular reason I hadn't installed the new Java, I just hadn't gotten around to it. I just now installed it successfully.


----------



## Mark1956 (May 7, 2011)

Try the download from this page: http://surftopctech.com/Programs/McAfee-Consumer-Product-Removal-Tool-5.0.285.0/

Just click on MCPR.exe and it will download. This may not uninstall everything but it should remove a lot of files that we may never find. I've read reports on the McAfee forum from people with an identical problem which does not appear to have been corrected, the replies suggest using the older version so this should work.


----------



## huggie54 (Feb 17, 2008)

enter safe mode and look in "Common files" folder for mcafee and delete,then run revo uninstaller to find any traces


----------



## frankwhopon (Feb 5, 2013)

Yep, using the older version allowed me to run the program without the username/password. I went ahead and ran it. After I ran it I checked to see if the C:\ProgramData\Internet Content Filter\app-support\mferedist folder was still there, it was. But for whatever reason I was then able to delete it, which I did.
I ran the DDS again after running the MCPR tool and deleting the folder.
Here they are:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Nathan at 19:05:14 on 2013-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5920.3345 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Nathan\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Waterfox\waterfox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files\Waterfox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
uRun: [Spotify Web Helper] "C:\Users\Nathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
uRun: [Spotify] "C:\Users\Nathan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - 
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C}\3516C6F6E6F57657563747 : DHCPNameServer = 4.4.4.4 8.8.8.8
TCP: Interfaces\{E84CE390-77F7-453F-AC90-333A316DBA1C}\3554350205279667164756 : DHCPNameServer = 10.1.1.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zednrxfk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_149.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - ExtSQL: 2013-01-19 12:44; [email protected]; C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\zednrxfk.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-5 39768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-3-31 379520]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-12-12 78208]
R2 AlotService;ALOT Update Service;C:\Users\Nathan\AppData\LocalLow\alotservice\alotservice.exe [2012-5-24 255880]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Nathan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-19 107520]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-3 2315888]
R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-3 2315888]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-31 2656280]
R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [2013-2-10 965296]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-22 130024]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-22 395752]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-12-6 143144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-6 108656]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]
S2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2012-11-12 2765528]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-14 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-14 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-12 21:05:36 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-02-12 20:05:26 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-05 21:04:20 -------- d-----w- C:\ProgramData\UAB
2013-02-05 21:04:17 -------- d-----w- C:\Users\Nathan\AppData\Local\PC_Drivers_Headquarters
2013-02-05 21:04:11 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2013-02-05 21:03:21 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2013-02-05 21:02:47 -------- d-----w- C:\ProgramData\APN
2013-01-23 02:27:11 -------- d-----w- C:\symbolcache
2013-01-23 02:21:55 -------- d-----w- C:\ProgramData\dbg
2013-01-22 22:50:00 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-01-22 22:25:50 -------- d-----w- C:\ProgramData\Package Cache
2013-01-19 17:48:54 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2013-01-19 17:48:54 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2013-01-19 17:48:54 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2013-01-19 17:48:54 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2013-01-19 17:48:54 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2013-01-19 17:48:47 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2013-01-19 17:43:22 -------- d-----w- C:\Program Files (x86)\eRightSoft
2013-01-19 17:43:15 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-01-19 17:43:11 -------- d-----w- C:\Users\Nathan\AppData\Roaming\DefaultTab
2013-01-19 17:42:53 -------- d-----w- C:\Users\Nathan\AppData\Local\SwvUpdater
.
==================== Find3M ====================
.
2013-02-12 20:05:15 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-12 20:05:15 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-11 01:26:21 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-02-09 23:34:08 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:34:08 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-06 16:39:02 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 22:05:00 2409136 ----a-w- C:\Windows\SysWow64\seinst.dll
2012-11-28 22:05:00 2341168 ----a-w- C:\Windows\sediag.exe
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 05:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 19:05:32.80 ===============
And the other:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 6/7/2012 8:29:08 AM
System Uptime: 2/12/2013 6:03:48 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SD
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 204.826 GiB free.
D: is FIXED (NTFS) - 381 GiB total, 380.492 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 1/26/2013 9:07:17 PM - Scheduled Checkpoint
RP77: 2/4/2013 6:07:37 PM - Scheduled Checkpoint
RP78: 2/5/2013 8:09:04 AM - PC Decrapifier Restore Point
RP79: 2/5/2013 4:03:11 PM - Installed Driver Detective.
RP80: 2/12/2013 8:14:01 AM - Removed Java 7 Update 7
RP81: 2/12/2013 8:14:37 AM - Removed Java(TM) 6 Update 3
RP82: 2/12/2013 8:15:13 AM - Removed Java(TM) 7 Update 5 (64-bit)
RP83: 2/12/2013 3:04:58 PM - Installed Java 7 Update 13 (64-bit)
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Alcor Micro USB Card Reader
ALOT Appbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Sonic Focus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_K3 Series_ENG
AsusVibe2.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Audacity 2.0.2
AVG 2013
AVG Security Toolbar
Bonjour
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DefaultTab
Driver Detective
DVDStyler v2.3.5
e-Sword
ETDWare PS/2-X64 8.0.5.5_WHQL
Fast Boot
FormatFactory 3.00
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.0
Google Chrome
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Update Helper
ImgBurn
Inkscape 0.48.2
InstantOn for NB
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor 2.0
iTunes
Jahshaka
Java 7 Update 13 (64-bit)
Junk Mail filter update
Kits Configuration Installer
Lightworks
LMMS 0.4.13
Logos 4 Prerequisites
Logos Bible Software 4
MediaPlayerLite 0.3
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASA World Wind 1.4
Nuance PDF Reader
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenLibraries
Opera 12.01
Pivot Stickfigure Animator version 2.2.6
QuickTime
Realtek High Definition Audio Driver
Safe Eyes
Sculptris Alpha 6
SDK Debuggers
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Spotify
SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
swMSM
Terragen 2 Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Waterfox
Waterfox 13.0 (x64 en-US)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit EULA
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 7:11:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff88008044d70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020913-45973-01.
2/7/2013 4:21:57 PM, Error: Service Control Manager [7034] - The McAfee Internet Content Filter Core Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2013 4:11:36 PM, Error: hasplms [3] - ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
2/6/2013 6:21:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer LAPTOP1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E84CE390-77F7-453F-AC90-333A316DBA1C}. The master browser is stopping or an election is being forced.
2/6/2013 3:32:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff880080edd70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020613-39327-01.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO_ AVGIDSDriver Avgldx64 Avgtdia DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vwififlt Wanarpv6 WfpLwf
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 3:32:39 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
2/6/2013 1:23:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000d, 0x0000000000000002, 0x0000000000000000, 0xfffff8800803bd70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020613-48531-01.
2/5/2013 9:56:42 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2/12/2013 4:16:16 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/12/2013 4:16:16 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
2/12/2013 4:14:33 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
2/12/2013 4:14:03 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================


----------



## Mark1956 (May 7, 2011)

That's a step in the right direction, just for future reference I wonder if you would take the time to now try and run the more up to date version of MCPR that you used before to see if it will remove the other remnants, that would be useful for me to know when faced with a similar situation.

If it still wants a password I shall put together instructions to run a tool that will remove the other McAfee entries in the logs.


----------



## frankwhopon (Feb 5, 2013)

I ran the new version and it still asked me for a password/username, so I still couldn't run it all the way to the end.

That would be of great use I imagine, many thanks.


----------



## Mark1956 (May 7, 2011)

Ok, thanks for that.

This will remove the remaining entries:

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Services
mfeicfcore
mfeicfupdate
:Files
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe 
:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.
 -- Note: The logs are saved here: C:\_OTM\MovedFiles

When done see how the system runs for a few days and let us know if there are any remaining issues.


----------



## frankwhopon (Feb 5, 2013)

Alrighty, it all went through fine. Here is the log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service mfeicfcore stopped successfully!
Service mfeicfcore deleted successfully!
Service mfeicfupdate stopped successfully!
Service mfeicfupdate deleted successfully!
========== FILES ==========
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe moved successfully.
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Nathan
->Flash cache emptied: 43273 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 10827893 bytes
->Temporary Internet Files folder emptied: 139397 bytes
->Google Chrome cache emptied: 8352358 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nathan
->Temp folder emptied: 583265019 bytes
->Temporary Internet Files folder emptied: 346318905 bytes
->Java cache emptied: 14329304 bytes
->FireFox cache emptied: 252703936 bytes
->Google Chrome cache emptied: 394460284 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1882386 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 627942163 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33977 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 4998656442 bytes

Total Files Cleaned = 6,904.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 02132013_125225

Files moved on Reboot...
C:\Users\Nathan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I'll let you know if I get another BSOD.


----------



## rainforest123 (Dec 29, 2004)

frank ;
:up:

Keep us posted. 

Yes, if another BSOD appears, attach it, please when you notify us of the BSOD occurance. 

RF123


----------



## Mark1956 (May 7, 2011)

How's it going?


----------



## frankwhopon (Feb 5, 2013)

All is well so far, no more problems have surfaced yet.


----------



## Mark1956 (May 7, 2011)

Good to here, just post back if anything does.


----------



## frankwhopon (Feb 5, 2013)

Still nothing, I reckon that if another BSOD were to appear it would have done so by now. Many thanks for everyone's work on getting this thing fixed.


----------



## Mark1956 (May 7, 2011)

Great news. You're welcome and thanks for the update.


----------



## rainforest123 (Dec 29, 2004)

frank : 
Thanks for the update. 

Congratulations. I am glad that I was part of the group to assist you.

unsubscribed

RF123


----------

