Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found/removed ZeroAccess with MBAR; what is left ?


  • This topic is locked This topic is locked
29 replies to this topic

#1 LTLeaf

LTLeaf

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 23 July 2013 - 12:19 AM

Hello, I was requested to post a new topic in this forum. My earlier thread is here: http://www.bleepingcomputer.com/forums/t/501452/need-advice-ive-removed-0access-from-my-system-but-now-what/ 

Boopme has been helping me, and thinks there is still something left on my system, so that I still need help in finding/removing whatever is left. Thanks in advance :-)

 

In review: I had my system infected 3-4 weeks ago (through a Java exploit), couldn't find what it was for a while, but it had disabled MSE, BFE service, Windows firewall and some other stuff. I got MSE working again and scanned with it, it removed a Java exploit and a trojan dropper. Then I kept scanning with various scanners, not finding anything else, till I used MBAR which found 15 Backdoor 0Access and removed them. 

When boopme had me run TDSSKiller with the TDLFS file system option, it found this thing: Device\Harddisk0\DR0 ( TDSS File System ), which we then removed. 

Windows Updates are still not working for me (80073712), and neither is sfc /scannow or checkSUR, just fyi. But that probably doesn't matter, if I have to format and reinstall at some point anyway, right?

 

Here is DDS log from tonight:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.25.2
Run by Leaf at 21:56:38 on 2013-07-22
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2940.1780 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\ehome\ehRec.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\28.0.1500.71\npchrome_frame.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Spybot-S&D Cleaning] c:\program files\spybot - search & destroy 2\SDCLEANER.EXE  /autoclean
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] c:\program files\spybot - search & destroy 2\SDTray.exe
mRun: [Adobe ARM] c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
mRun: [SunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 67.142.163.10 67.142.163.11
TCP: Interfaces\{23F9BC22-9B90-4A6B-A01C-3FDA91C2D34C} : DHCPNameServer = 67.142.163.10 67.142.163.11
TCP: Interfaces\{23F9BC22-9B90-4A6B-A01C-3FDA91C2D34C}\2796368656274713 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\05F6C6977596649623 : DHCPNameServer = 192.168.0.1 205.171.3.65
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\24A455D274163747F6E6 : DHCPNameServer = 158.158.100.232 158.158.100.233
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\2796368656274713 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\35D696C656 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\C696E6B6379737 : DHCPNameServer = 67.142.163.10 67.142.163.11
TCP: Interfaces\{36340816-0D01-461B-A476-07A0CF3A4CFF}\D6162796C697E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B54198D6-4B04-4C36-AF83-54D53B971646} : DHCPNameServer = 67.142.163.10 67.142.163.11
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\28.0.1500.71\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leaf\appdata\roaming\mozilla\firefox\profiles\mdvfwd6v.default\
FF - prefs.js: browser.startup.homepage - hxxps://home.bju.edu/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-06-04 03:11; fmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-06-04 03:11; ytfmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\ytfmdownloader@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl32937e4c;MpKsl32937e4c;c:\programdata\microsoft\microsoft antimalware\definition updates\{8cfb127b-f9a5-44df-ba92-5717483ebdf9}\MpKsl32937e4c.sys [2013-7-22 29904]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2013-3-15 63864]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-1 168384]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-4-18 659992]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-5-30 242240]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2012-11-3 1092160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-7 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-6-14 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-7 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-6 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-6 8456]
S3 FFIVKN;FFIVKN;c:\users\leaf\appdata\local\temp\ffivkn.exe --> c:\users\leaf\appdata\local\temp\FFIVKN.exe [?]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-12-7 49664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-11-15 20080]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-6-14 16168]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-12 11520]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-9-14 14416]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2013-1-8 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2013-1-8 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2013-1-8 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2013-1-8 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2013-1-8 25704]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-1-19 29416]
S4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2013-3-15 393080]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2013-3-15 384888]
S4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-6-4 9216]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S4 LWGENESC;LWGENESC;c:\users\leaf\appdata\local\temp\lwgenesc.exe --> c:\users\leaf\appdata\local\temp\LWGENESC.exe [?]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-7 418376]
S4 NLBS;NLBS;c:\users\leaf\appdata\local\temp\nlbs.exe --> c:\users\leaf\appdata\local\temp\NLBS.exe [?]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-1 1103392]
.
=============== Created Last 30 ================
.
2013-07-23 04:54:26 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cfb127b-f9a5-44df-ba92-5717483ebdf9}\MpKsl32937e4c.sys
2013-07-22 19:49:08 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2013-07-22 19:01:43 -------- d-----w- c:\program files\Defraggler
2013-07-21 22:39:46 -------- d-----w- c:\program files\EMET
2013-07-21 22:20:01 -------- d-----w- c:\program files\Speccy
2013-07-21 20:51:23 -------- d-----w- c:\users\leaf\appdata\roaming\SumatraPDF
2013-07-21 20:51:15 -------- d-----w- c:\program files\SumatraPDF
2013-07-21 19:21:17 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cfb127b-f9a5-44df-ba92-5717483ebdf9}\mpengine.dll
2013-07-21 18:19:03 -------- d-----w- C:\Downloads
2013-07-21 03:14:51 -------- d-----w- c:\programdata\Licenses
2013-07-21 03:14:41 -------- d-----w- c:\program files\SpywareBlaster
2013-07-21 01:52:50 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-19 05:11:10 -------- d-----w- c:\windows\ERUNT
2013-07-19 01:06:54 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-18 19:46:17 -------- d-----w- c:\users\leaf\appdata\local\WindowsUpdate
2013-07-18 19:32:37 -------- d-----w- c:\users\leaf\appdata\local\Secunia PSI
2013-07-18 19:32:09 -------- d-----w- c:\program files\Secunia
2013-07-18 02:53:50 -------- d-----w- c:\program files\Trojan Remover
2013-07-18 00:08:02 -------- d-----w- c:\users\leaf\appdata\roaming\SUPERAntiSpyware.com
2013-07-17 23:30:04 -------- d-----w- c:\program files\Tweaking.com
2013-07-17 17:16:13 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ac88fc73-a398-4fa6-8d26-57800d4657c1}\gapaengine.dll
2013-07-17 09:50:59 -------- d-----w- c:\program files\CheckPoint
2013-07-17 09:49:20 -------- d-----w- c:\programdata\CheckPoint
2013-07-14 22:41:44 4126720 ----a-w- c:\program files\GUT8A67.tmp
2013-07-14 22:41:44 -------- d-----w- c:\program files\GUM8A66.tmp
2013-07-14 20:58:46 -------- d-----w- c:\users\leaf\appdata\local\Diagnostics
2013-07-14 08:21:34 6139760 ----a-w- C:\Windowsupdateagent30-x86.exe
2013-07-14 06:25:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-13 17:17:51 -------- d-----w- c:\program files\VS Revo Group
2013-07-13 16:47:47 -------- d-----w- c:\program files\BillP Studios
2013-07-12 23:14:04 -------- d-----w- c:\windows\system32\EventProviders
2013-07-12 07:32:50 -------- d-----w- c:\windows\SoftwareDistribution.old
2013-07-12 07:17:19 -------- d-----w- c:\windows\CheckSur
2013-07-12 06:51:10 -------- d-----w- c:\windows\system32\catroot2
2013-07-11 00:45:24 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-07-08 23:30:48 -------- d---a-w- c:\windows\system32\catroot2.old
2013-07-06 02:03:32 -------- d-----w- c:\program files\WOT
2013-07-04 17:04:27 -------- d-----w- c:\program files\ESET
2013-07-04 02:44:29 -------- d-----w- C:\RegBackup
2013-07-04 01:31:14 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-04 01:31:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 00:21:04 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-02 16:53:27 212 ----a-w- c:\windows\ildasmfnt.bin
2013-07-01 20:04:53 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-01 20:04:39 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-01 19:04:03 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-26 01:27:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-24 17:12:36 -------- d-----w- c:\users\leaf\appdata\roaming\Microsoft Corporation
.
==================== Find3M  ====================
.
2013-07-04 01:30:47 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 23:34:14 455704 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-06-11 05:14:03 1409 ----a-w- c:\windows\QTFont.for
2013-05-30 16:18:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-28 04:45:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-28 04:45:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-02 09:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:58:18.90 ===============


Edited by LTLeaf, 23 July 2013 - 12:21 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 23 July 2013 - 12:47 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 23 July 2013 - 02:39 AM

Thanks for your help! Here is the log.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-23 00:38:30
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2160BH_G1 rev.0040020C 149.05GB
Running: tk0864db.exe; Driver: C:\Users\Leaf\AppData\Local\Temp\uwldapow.sys

---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwAlpcConnectPort [0xCD365432]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwAlpcCreatePort [0xCD365CFA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwConnectPort [0xCD364E88]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateFile [0xCD35E710]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateKey [0xCD380340]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreatePort [0xCD365992]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateProcess [0xCD37A134]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateProcessEx [0xCD37A55C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateSection [0xCD384B6A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateUserProcess [0xCD37A9D0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwCreateWaitablePort [0xCD365AF0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwDeleteFile [0xCD35F44C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwDeleteKey [0xCD381E34]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwDeleteValueKey [0xCD3816E6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwDuplicateObject [0xCD378F14]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwLoadDriver [0xCD35901E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwLoadKey [0xCD3828C6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwLoadKey2 [0xCD382B04]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwLoadKeyEx [0xCD382FB6]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwMapViewOfSection [0xCD384F28]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwOpenFile [0xCD35EFFE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwOpenProcess [0xCD37C648]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwOpenThread [0xCD37C236]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwProtectVirtualMemory [0xCD391506]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwRenameKey [0xCD38399E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwReplaceKey [0xCD383280]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwRequestWaitReplyPort [0xCD364A2C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwRestoreKey [0xCD384404]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSecureConnectPort [0xCD365154]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSetInformationFile [0xCD35F858]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSetInformationObject [0xCD3913CA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSetSecurityObject [0xCD383F28]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSetSystemInformation [0xCD3586E8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSetValueKey [0xCD380E06]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwSystemDebugControl [0xCD37B25A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwTerminateProcess [0xCD37AF8A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys  ZwUnloadDriver [0xCD359470]

INT 0x51        ?                                          C393A2D8
INT 0x61        ?                                          C3E24058
INT 0x62        ?                                          C393A558
INT 0x71        ?                                          C3E242D8
INT 0x72        ?                                          C393ACD8
INT 0x82        ?                                          C3E247D8
INT 0x92        ?                                          C393A058
INT 0xA2        ?                                          C24B1A58
INT 0xB0        ?                                          C3C25CD8
INT 0xB1        ?                                          C24B1CD8
INT 0xB2        ?                                          C24B1058

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                   fltmgr.sys

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 23 July 2013 - 03:11 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 23 July 2013 - 09:27 AM

OK, here is the Combofix log. 

 

ComboFix 13-07-22.01 - Leaf 07/23/2013   7:10.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2940.2135 [GMT -7:00]
Running from: c:\users\Leaf\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Leaf\AppData\Roaming\WTouch
c:\users\Leaf\AppData\Roaming\WTouch\WTouch.xml
c:\windows\system32\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-23 to 2013-07-23  )))))))))))))))))))))))))))))))
.
.
2013-07-23 14:19 . 2013-07-23 14:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-23 14:19 . 2013-07-23 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 07:11 . 2013-07-23 07:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{981B871E-C612-4EBD-8F5E-C220AD9095F1}\MpKsl01f09527.sys
2013-07-23 05:04 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{981B871E-C612-4EBD-8F5E-C220AD9095F1}\mpengine.dll
2013-07-22 19:49 . 2013-07-22 19:49 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2013-07-22 19:01 . 2013-07-22 19:02 -------- d-----w- c:\program files\Defraggler
2013-07-21 22:39 . 2013-07-22 23:34 -------- d-----w- c:\program files\EMET
2013-07-21 22:20 . 2013-07-21 22:20 -------- d-----w- c:\program files\Speccy
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\users\Leaf\AppData\Roaming\SumatraPDF
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\program files\SumatraPDF
2013-07-21 19:21 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-21 18:19 . 2013-07-21 18:19 -------- d-----w- C:\Downloads
2013-07-21 17:27 . 2013-07-21 17:27 -------- d-----w- c:\users\Browser
2013-07-21 03:14 . 2013-07-21 03:14 -------- d-----w- c:\programdata\Licenses
2013-07-21 03:14 . 2013-07-21 03:17 -------- d-----w- c:\program files\SpywareBlaster
2013-07-19 05:11 . 2013-07-19 05:11 -------- d-----w- c:\windows\ERUNT
2013-07-19 01:06 . 2013-07-19 01:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-18 19:46 . 2013-07-18 19:46 -------- d-----w- c:\users\Leaf\AppData\Local\WindowsUpdate
2013-07-18 19:32 . 2013-07-18 19:32 -------- d-----w- c:\users\Leaf\AppData\Local\Secunia PSI
2013-07-18 19:32 . 2013-07-18 19:32 -------- d-----w- c:\program files\Secunia
2013-07-18 02:53 . 2013-07-18 19:56 -------- d-----w- c:\program files\Trojan Remover
2013-07-18 00:08 . 2013-07-18 00:08 -------- d-----w- c:\users\Leaf\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 23:30 . 2013-07-17 23:30 -------- d-----w- c:\program files\Tweaking.com
2013-07-17 17:16 . 2013-07-17 17:15 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC88FC73-A398-4FA6-8D26-57800D4657C1}\gapaengine.dll
2013-07-17 09:50 . 2013-07-17 09:56 -------- d-----w- c:\program files\CheckPoint
2013-07-17 09:49 . 2013-07-17 09:49 -------- d-----w- c:\programdata\CheckPoint
2013-07-14 22:41 . 2013-07-15 07:30 4126720 ----a-w- c:\program files\GUT8A67.tmp
2013-07-14 22:41 . 2013-07-15 07:30 -------- d-----w- c:\program files\GUM8A66.tmp
2013-07-14 20:58 . 2013-07-14 20:58 -------- d-----w- c:\users\Leaf\AppData\Local\Diagnostics
2013-07-14 08:21 . 2013-07-14 08:23 6139760 ----a-w- C:\Windowsupdateagent30-x86.exe
2013-07-14 06:25 . 2013-07-19 02:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-13 17:17 . 2013-07-13 17:17 -------- d-----w- c:\program files\VS Revo Group
2013-07-13 16:47 . 2013-07-13 16:47 -------- d-----w- c:\program files\BillP Studios
2013-07-12 23:14 . 2013-07-12 23:14 -------- d-----w- c:\windows\system32\EventProviders
2013-07-12 07:17 . 2013-07-12 07:17 -------- d-----w- c:\windows\CheckSur
2013-07-12 06:51 . 2013-07-20 19:19 -------- d-----w- c:\windows\system32\catroot2
2013-07-11 00:45 . 2013-06-19 12:02 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-06 02:03 . 2013-07-06 02:03 -------- d-----w- c:\program files\WOT
2013-07-04 17:04 . 2013-07-04 17:04 -------- d-----w- c:\program files\ESET
2013-07-04 02:48 . 2013-07-20 08:34 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-04 02:44 . 2013-07-04 02:44 -------- d-----w- C:\RegBackup
2013-07-04 01:32 . 2013-07-04 01:32 -------- d-----w- c:\program files\Common Files\Java
2013-07-04 01:31 . 2013-07-04 01:30 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-04 01:31 . 2013-07-04 01:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 00:21 . 2013-07-03 00:21 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-02 16:53 . 2013-07-02 17:59 212 ----a-w- c:\windows\ildasmfnt.bin
2013-07-01 20:04 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-01 20:04 . 2013-07-01 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-26 01:27 . 2013-06-26 01:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-24 17:12 . 2013-06-24 17:12 -------- d-----w- c:\users\Leaf\AppData\Roaming\Microsoft Corporation
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 01:30 . 2010-10-23 08:07 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 23:34 . 2013-06-13 23:34 455704 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-06-11 05:14 . 2013-06-11 05:14 1409 ----a-w- c:\windows\QTFont.for
2013-05-30 16:18 . 2013-05-30 16:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-28 04:45 . 2009-12-09 14:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-28 04:45 . 2009-12-09 14:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-02 09:06 . 2009-11-27 17:34 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\SPYBOT - SEARCH & DESTROY 2\SDCLEANER.EXE" [2012-11-13 3713032]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1866864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SDTray"="c:\program files\SPYBOT - SEARCH & DESTROY 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\COMMON FILES\Java\JAVA UPDATE\jusched.exe" [2013-03-12 253816]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk /k:H *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 20:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 02:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 21:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 21:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 18:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2009-06-26 22:56 450560 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker]
2011-12-16 21:21 1687968 ----a-r- c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
R1 MpKsl52f76c8b;MpKsl52f76c8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{981B871E-C612-4EBD-8F5E-C220AD9095F1}\MpKsl52f76c8b.sys [2013-07-23 29904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-21 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-21 8456]
R3 FFIVKN;FFIVKN;c:\users\Leaf\AppData\Local\Temp\FFIVKN.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w7.sys [2011-03-29 1092160]
R3 MFE_RR;MFE_RR;c:\users\Leaf\AppData\Local\Temp\mfe_rr.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-13 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys [x]
R3 XDva365;XDva365;c:\windows\system32\XDva365.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-03-16 384888]
R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-05-15 9216]
R4 LWGENESC;LWGENESC;c:\users\Leaf\AppData\Local\Temp\LWGENESC.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R4 NLBS;NLBS;c:\users\Leaf\AppData\Local\Temp\NLBS.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 4497704]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 102400]
R4 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 113448]
S1 MpKsl01f09527;MpKsl01f09527;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{981B871E-C612-4EBD-8F5E-C220AD9095F1}\MpKsl01f09527.sys [2013-07-23 29904]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-03-16 63864]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-04-18 1227800]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-04-18 659992]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-06-18 54160]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-30 242240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-04-18 16024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL01F09527
*Deregistered* - uwldapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 23:24 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 67.142.163.10 67.142.163.11
FF - ProfilePath - c:\users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\
FF - prefs.js: browser.startup.homepage - hxxps://home.bju.edu/
FF - ExtSQL: 2013-06-04 03:11; fmdownloader@gmail.com; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-06-04 03:11; ytfmdownloader@gmail.com; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
.
.
.
Completion time: 2013-07-23  07:21:22
ComboFix-quarantined-files.txt  2013-07-23 14:21
.
Pre-Run: 59,287,433,216 bytes free
Post-Run: 59,237,371,904 bytes free
.
- - End Of File - - BB339B3697C1D1D29714C9D847C8FA90
A36C5E4F47E84449FF07ED3517B43A31



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 23 July 2013 - 11:40 PM

IObit software products are installed on your system!

The company behind this product was found to be stealing our database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.
 

 

 

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 24 July 2013 - 12:48 AM

Here is the log from Combofix. I'll run the MBAM scan next, and check out the Iobit thing afterwards.

Thanks for all your help so far :)

 

ComboFix 13-07-22.01 - Leaf 07/23/2013  22:08:24.2.1 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2940.2106 [GMT -7:00]
Running from: c:\users\Leaf\Desktop\ComboFix.exe
Command switches used :: c:\users\Leaf\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
FILE ::
"c:\users\Leaf\AppData\Local\Temp\FFIVKN.exe"
"c:\users\Leaf\AppData\Local\Temp\LWGENESC.exe"
"c:\users\Leaf\AppData\Local\Temp\mfe_rr.sys"
"c:\users\Leaf\AppData\Local\Temp\NLBS.exe"
"c:\windows\system32\XDva344.sys"
"c:\windows\system32\XDva365.sys"
"c:\windows\system32\XDva375.sys"
"c:\windows\system32\XDva385.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA344
-------\Legacy_XDVA365
-------\Legacy_XDVA375
-------\Legacy_XDVA385
-------\Service_FFIVKN
-------\Service_LWGENESC
-------\Service_MFE_RR
-------\Service_NLBS
-------\Service_XDva344
-------\Service_XDva365
-------\Service_XDva375
-------\Service_XDva385
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 05:17 . 2013-07-24 05:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-24 05:17 . 2013-07-24 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-23 18:52 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2382E156-0646-4C36-909C-14BF06D3F31C}\mpengine.dll
2013-07-22 19:49 . 2013-07-22 19:49 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2013-07-22 19:01 . 2013-07-22 19:02 -------- d-----w- c:\program files\Defraggler
2013-07-21 22:39 . 2013-07-22 23:34 -------- d-----w- c:\program files\EMET
2013-07-21 22:20 . 2013-07-21 22:20 -------- d-----w- c:\program files\Speccy
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\users\Leaf\AppData\Roaming\SumatraPDF
2013-07-21 20:51 . 2013-07-21 20:51 -------- d-----w- c:\program files\SumatraPDF
2013-07-21 19:21 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-21 18:19 . 2013-07-21 18:19 -------- d-----w- C:\Downloads
2013-07-21 17:27 . 2013-07-21 17:27 -------- d-----w- c:\users\Browser
2013-07-21 03:14 . 2013-07-21 03:14 -------- d-----w- c:\programdata\Licenses
2013-07-21 03:14 . 2013-07-21 03:17 -------- d-----w- c:\program files\SpywareBlaster
2013-07-19 05:11 . 2013-07-19 05:11 -------- d-----w- c:\windows\ERUNT
2013-07-19 01:06 . 2013-07-19 01:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-18 19:46 . 2013-07-18 19:46 -------- d-----w- c:\users\Leaf\AppData\Local\WindowsUpdate
2013-07-18 19:32 . 2013-07-18 19:32 -------- d-----w- c:\users\Leaf\AppData\Local\Secunia PSI
2013-07-18 19:32 . 2013-07-18 19:32 -------- d-----w- c:\program files\Secunia
2013-07-18 02:53 . 2013-07-18 19:56 -------- d-----w- c:\program files\Trojan Remover
2013-07-18 00:08 . 2013-07-18 00:08 -------- d-----w- c:\users\Leaf\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 23:30 . 2013-07-17 23:30 -------- d-----w- c:\program files\Tweaking.com
2013-07-17 17:16 . 2013-07-17 17:15 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC88FC73-A398-4FA6-8D26-57800D4657C1}\gapaengine.dll
2013-07-17 09:50 . 2013-07-17 09:56 -------- d-----w- c:\program files\CheckPoint
2013-07-17 09:49 . 2013-07-17 09:49 -------- d-----w- c:\programdata\CheckPoint
2013-07-14 22:41 . 2013-07-15 07:30 4126720 ----a-w- c:\program files\GUT8A67.tmp
2013-07-14 22:41 . 2013-07-15 07:30 -------- d-----w- c:\program files\GUM8A66.tmp
2013-07-14 20:58 . 2013-07-14 20:58 -------- d-----w- c:\users\Leaf\AppData\Local\Diagnostics
2013-07-14 08:21 . 2013-07-14 08:23 6139760 ----a-w- C:\Windowsupdateagent30-x86.exe
2013-07-14 06:25 . 2013-07-19 02:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-13 17:17 . 2013-07-13 17:17 -------- d-----w- c:\program files\VS Revo Group
2013-07-13 16:47 . 2013-07-13 16:47 -------- d-----w- c:\program files\BillP Studios
2013-07-12 23:14 . 2013-07-12 23:14 -------- d-----w- c:\windows\system32\EventProviders
2013-07-12 07:17 . 2013-07-12 07:17 -------- d-----w- c:\windows\CheckSur
2013-07-12 06:51 . 2013-07-20 19:19 -------- d-----w- c:\windows\system32\catroot2
2013-07-11 00:45 . 2013-06-19 12:02 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-06 02:03 . 2013-07-06 02:03 -------- d-----w- c:\program files\WOT
2013-07-04 17:04 . 2013-07-04 17:04 -------- d-----w- c:\program files\ESET
2013-07-04 02:48 . 2013-07-20 08:34 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-04 02:44 . 2013-07-04 02:44 -------- d-----w- C:\RegBackup
2013-07-04 01:32 . 2013-07-04 01:32 -------- d-----w- c:\program files\Common Files\Java
2013-07-04 01:31 . 2013-07-04 01:30 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-04 01:31 . 2013-07-04 01:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-03 00:21 . 2013-07-03 00:21 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-02 16:53 . 2013-07-02 17:59 212 ----a-w- c:\windows\ildasmfnt.bin
2013-07-01 20:04 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-01 20:04 . 2013-07-01 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-26 01:27 . 2013-06-26 01:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-06-24 17:12 . 2013-06-24 17:12 -------- d-----w- c:\users\Leaf\AppData\Roaming\Microsoft Corporation
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 01:30 . 2010-10-23 08:07 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 23:34 . 2013-06-13 23:34 455704 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-06-11 05:14 . 2013-06-11 05:14 1409 ----a-w- c:\windows\QTFont.for
2013-05-30 16:18 . 2013-05-30 16:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-28 04:45 . 2009-12-09 14:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-28 04:45 . 2009-12-09 14:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-02 09:06 . 2009-11-27 17:34 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\SPYBOT - SEARCH & DESTROY 2\SDCLEANER.EXE" [2012-11-13 3713032]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1866864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SDTray"="c:\program files\SPYBOT - SEARCH & DESTROY 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\COMMON FILES\Java\JAVA UPDATE\jusched.exe" [2013-03-12 253816]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"combofix"="c:\combofix\CF17010.3XE" [2013-07-24 301568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF17010.3XE" [2013-07-24 301568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk /k:H *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 20:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 02:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 21:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 21:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 18:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2009-06-26 22:56 450560 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Unlocker]
2011-12-16 21:21 1687968 ----a-r- c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
R1 MpKsl52f76c8b;MpKsl52f76c8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{981B871E-C612-4EBD-8F5E-C220AD9095F1}\MpKsl52f76c8b.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-21 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-21 8456]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w7.sys [2011-03-29 1092160]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-04-18 16024]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-13 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-03-16 384888]
R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-05-15 9216]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 4497704]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 102400]
R4 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 113448]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-03-16 63864]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-04-18 1227800]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-04-18 659992]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-06-18 54160]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-30 242240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 23:24 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 67.142.163.10 67.142.163.11
FF - ProfilePath - c:\users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\
FF - prefs.js: browser.startup.homepage - hxxps://home.bju.edu/
FF - ExtSQL: 2013-06-04 03:11; fmdownloader@gmail.com; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-06-04 03:11; ytfmdownloader@gmail.com; c:\program files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'EXPLORER.EXE'(4148)
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\eHome\EhTray.exe
.
**************************************************************************
.
Completion time: 2013-07-23  22:42:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-24 05:42
ComboFix2.txt  2013-07-23 14:21
.
Pre-Run: 59,175,043,072 bytes free
Post-Run: 58,981,748,736 bytes free
.
- - End Of File - - 7BAC876047520CDCA51EDE74D503EC47
A36C5E4F47E84449FF07ED3517B43A31



#8 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 24 July 2013 - 02:14 AM

Malwarebytes scan finished, here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Leaf :: LTLEAF [administrator]

7/23/2013 10:53:21 PM
mbam-log-2013-07-23 (22-53-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 428584
Time elapsed: 1 hour(s), 11 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

I checked out those links about IOBit. I only have one of their programs, the GameBooster, which I use occasionally before starting a resource-heavy game, since I'm on an oldish laptop. I know it only helps a little, but it's been useful to me. So I'd rather keep it. I don't know of another program that does the same thing.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 24 July 2013 - 02:32 AM

OK!

Looks good:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 24 July 2013 - 11:36 AM

Have done the scan as instructed... ESET found no threats. 

 

I've already run AdwCleaner... a couple times, before this thread.

 

Windows Updates still not working... I have tried to run sfc /scannow many times, but always I get, "Windows Resource Protection could not perform the requested operation." I have tried the Microsoft Fixits and Windows Update troubleshooter (many times), but no luck. Even tried checkSUR, nothing. 

 

I think I wrote more details about what's done already in my earlier thread, linked in the first post.

 

 

Anyways, I was wondering if it's going to take a clean reinstall to fix Windows Updates, do you think? Whatever's broken also won't let me do an upgrade/repair install, I already tried that several times. I don't see any more signs of malware myself, so unless you do, I wouldn't mind not running a bunch more scans.... :-P

I really hope that we can get everything working right, especially the Windows Updates. It's been a while since I could normally use my computer for study... well, only since the beginning of the month, but still. I want to study :-P - And I don't much like being online if I can't update Windows....

 

By the way, do you know, what was it we deleted with Combofix? I was just curious. That file LWGENESC.exe was something that caught my eye a while ago, but I couldn't figure out what it was, so I didn't touch it. 

 

Ok, see you tonight I guess... Thanks for all your help, Marius! :)


Edited by LTLeaf, 25 July 2013 - 10:18 AM.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 25 July 2013 - 02:35 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 25 July 2013 - 04:46 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by Leaf (administrator) on 25-07-2013 02:36:15
Running from C:\Users\Leaf\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SDTray] - C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\PROGRAM FILES\COMMON FILES\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\PROGRAM FILES\COMMON FILES\Java\JAVA UPDATE\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM\...\Run: [combofix] - C:\ComboFix\CF17010.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM\...\Runonce: [combofix] - C:\ComboFix\CF17010.3XE /c C:\ComboFixCombobatch.bat [x]
HKLM\...\runonceex: [flags] - 8 [x]
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 2\SDCLEANER.EXE [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [1866864 2010-11-06] (PeerBlock, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk /k:H *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 67.142.163.10 67.142.163.11 67.142.163.10 67.142.163.11

FireFox:
========
FF ProfilePath: C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default
FF Homepage: https://home.bju.edu/
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0-pre1-20130604-0018 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: DoNotTrackMe - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\donottrackplus@abine.com
FF Extension: SimpleBlock - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\SimpleBlock@aksoftware.ne1.net
FF Extension: Ad blocker - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
FF Extension: profanityfilter - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{ab73d178-8283-4eb8-8b14-caa6d3d2e18d}
FF Extension: Greasemonkey - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF Extension: fdm_ffext - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firebug - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: personas - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\personas@christopher.beard.xpi
FF Extension: snaplinks - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\Leaf\AppData\Roaming\Mozilla\Firefox\Profiles\mdvfwd6v.default\Extensions\{B347DFB4-AC21-11DD-9016-B77D55D89593}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] C:\Program Files\DAP\DAPFireFox

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.0.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (WOT) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0
CHR Extension: (YouTube) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Freemake Video Downloader) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0
CHR Extension: (Google Search) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Refresh Monkey) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd\1.2_0
CHR Extension: (tinyFilter) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli\0.4_0
CHR Extension: (Gmail) - C:\Users\Leaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S4 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
S4 Apache2.2; C:\xampp\apache\bin\httpd.exe [29416 2009-12-20] (Apache Software Foundation)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393080 2013-03-15] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2013-03-15] (BlueStack Systems, Inc.)
S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.)
S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S4 MySQL; C:\xampp\mysql\bin\my.ini [5638 2010-01-19] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2009-06-26] (WDC)
S4 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [246688 2011-12-16] (Western Digital)
S4 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63864 2013-03-15] (BlueStack Systems)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-30] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-01-20] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-01-20] ()
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w7.sys [1092160 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455704 2013-06-13] (Check Point Software Technologies LTD)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
S3 catchme; \??\C:\Users\Leaf\AppData\Local\Temp\catchme.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
U3 mbr; \??\C:\Users\Leaf\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-25 02:36 - 2013-07-25 02:36 - 00000000 ____D C:\FRST
2013-07-25 02:30 - 2013-07-25 02:35 - 01220306 _____ (Farbar) C:\Users\Leaf\Desktop\FRST.exe
2013-07-25 02:28 - 2013-07-25 02:29 - 00633126 _____ (Farbar) C:\Users\Leaf\Downloads\FRST.exe
2013-07-24 16:31 - 2013-05-30 10:15 - 00000000 ____D C:\Users\Leaf\Desktop\CSS3_MM_TUTORIALS
2013-07-24 14:26 - 2013-07-24 14:26 - 04274706 _____ C:\Users\Leaf\Downloads\CSS3_MM_TUTORIALS.zip
2013-07-24 00:38 - 2013-07-24 00:38 - 02347384 _____ (ESET) C:\Users\Leaf\Downloads\esetsmartinstaller_enu (1).exe
2013-07-23 22:42 - 2013-07-23 22:42 - 00018356 _____ C:\ComboFix.txt
2013-07-23 22:18 - 2013-07-23 22:18 - 00001444 _____ C:\Windows\PFRO.log
2013-07-23 11:51 - 2013-07-24 21:40 - 00000000 _____ C:\Users\Leaf\Desktop\styles.css
2013-07-23 11:51 - 2013-07-24 21:38 - 00000829 _____ C:\Users\Leaf\Desktop\web.html
2013-07-23 07:08 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 07:08 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 07:08 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 07:08 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 07:08 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 07:08 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 07:08 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 07:08 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 07:07 - 2013-07-23 22:42 - 00000000 ____D C:\Qoobox
2013-07-23 07:03 - 2013-07-23 07:03 - 00138996 _____ C:\Users\Leaf\Downloads\hosts.zip
2013-07-23 06:56 - 2013-07-23 06:57 - 05091940 ____R (Swearware) C:\Users\Leaf\Desktop\ComboFix.exe
2013-07-23 00:38 - 2013-07-23 00:39 - 00004644 _____ C:\Users\Leaf\Desktop\ark.txt
2013-07-22 23:16 - 2013-07-22 23:16 - 00377856 _____ C:\Users\Leaf\Desktop\tk0864db.exe
2013-07-22 21:58 - 2013-07-22 22:22 - 00019641 _____ C:\Users\Leaf\Desktop\dds.txt
2013-07-22 21:58 - 2013-07-22 21:58 - 00013563 _____ C:\Users\Leaf\Desktop\attach.txt
2013-07-22 21:52 - 2013-07-23 22:18 - 00000168 _____ C:\Windows\setupact.log
2013-07-22 21:52 - 2013-07-22 21:52 - 00128144 _____ C:\Users\Leaf\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 21:52 - 2013-07-22 21:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-22 21:51 - 2013-07-22 21:52 - 00537440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 15:16 - 2013-07-22 15:00 - 00262144 _____ C:\Windows\system32\config\components.old
2013-07-22 13:06 - 2013-07-22 13:07 - 00688992 ____R (Swearware) C:\Users\Leaf\Desktop\dds.com
2013-07-22 12:49 - 2013-07-22 12:49 - 00025992 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pgdfgsvc.exe
2013-07-22 12:47 - 2013-07-22 12:48 - 00000000 ____D C:\Users\Leaf\Downloads\PageDefrag
2013-07-22 12:01 - 2013-07-22 12:02 - 00000000 ____D C:\Program Files\Defraggler
2013-07-21 15:46 - 2013-07-21 15:47 - 00655360 _____ C:\Users\Leaf\Downloads\MicrosoftFixit50471.msi
2013-07-21 15:39 - 2013-07-22 16:34 - 00000000 ____D C:\Program Files\EMET
2013-07-21 15:20 - 2013-07-21 15:20 - 00000000 ____D C:\Program Files\Speccy
2013-07-21 13:51 - 2013-07-21 13:51 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\SumatraPDF
2013-07-21 13:51 - 2013-07-21 13:51 - 00000000 ____D C:\Program Files\SumatraPDF
2013-07-21 10:27 - 2013-07-21 10:27 - 00128144 _____ C:\Users\Browser\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 10:27 - 2013-07-21 10:27 - 00002227 _____ C:\Users\Browser\Desktop\Google Chrome.lnk
2013-07-21 10:27 - 2013-07-21 10:27 - 00000020 ___SH C:\Users\Browser\ntuser.ini
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ___RD C:\Users\Browser\Desktop
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ____D C:\Users\Browser\AppData\Local\VirtualStore
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ____D C:\Users\Browser
2013-07-21 10:27 - 2013-01-07 04:25 - 00000000 ____D C:\Users\Browser\Documents\Visual Studio 2010
2013-07-21 10:27 - 2010-01-10 10:15 - 00000000 ____D C:\Users\Browser\AppData\Local\Microsoft Help
2013-07-21 10:27 - 2009-12-13 14:44 - 00000000 ____D C:\Users\Browser\AppData\Roaming\Macromedia
2013-07-21 10:15 - 2013-07-21 10:15 - 00000000 ____D C:\Users\Leaf\Downloads\SumatraPDF-2.3.2
2013-07-21 10:10 - 2013-07-21 10:10 - 02690304 _____ (Foxit Software) C:\Users\Leaf\Downloads\FoxitReader23_setup.exe
2013-07-20 20:14 - 2013-07-20 20:17 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-20 20:14 - 2013-07-20 20:14 - 00000000 ____D C:\ProgramData\Licenses
2013-07-19 18:12 - 2013-07-19 18:12 - 00002143 _____ C:\Users\Leaf\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-07-19 18:10 - 2013-07-19 18:11 - 05373340 _____ C:\Users\Leaf\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-07-19 13:19 - 2013-07-19 13:20 - 02347384 _____ (ESET) C:\Users\Leaf\Downloads\esetsmartinstaller_enu.exe
2013-07-18 22:15 - 2013-07-18 22:15 - 00000811 _____ C:\Users\Leaf\Desktop\JRT.txt
2013-07-18 22:11 - 2013-07-18 22:11 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 20:19 - 2013-07-18 20:19 - 00347424 _____ (Microsoft Corporation) C:\Users\Leaf\Downloads\MicrosoftFixit.wu.LB.147297571093178584.5.1.Run.exe
2013-07-18 18:06 - 2013-07-18 18:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-18 13:39 - 2013-07-18 13:40 - 02347384 _____ (ESET) C:\Users\Leaf\Desktop\esetsmartinstaller_enu.exe
2013-07-18 13:36 - 2013-07-18 13:36 - 00001032 _____ C:\Users\Leaf\Desktop\AdwCleaner[S2].txt
2013-07-18 13:23 - 2013-07-23 00:10 - 00001736 _____ C:\Users\Leaf\Desktop\Rkill.txt
2013-07-18 13:05 - 2013-07-18 13:20 - 00032804 _____ C:\Users\Leaf\Desktop\Result.txt
2013-07-18 12:46 - 2013-07-18 12:46 - 00000000 ____D C:\Users\Leaf\AppData\Local\WindowsUpdate
2013-07-18 12:42 - 2013-07-18 12:43 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Leaf\Desktop\tdsskiller.exe
2013-07-18 12:42 - 2013-07-18 12:42 - 00662345 _____ C:\Users\Leaf\Desktop\AdwCleaner.exe
2013-07-18 12:32 - 2013-07-18 12:32 - 00000000 ____D C:\Users\Leaf\AppData\Local\Secunia PSI
2013-07-18 12:32 - 2013-07-18 12:32 - 00000000 ____D C:\Program Files\Secunia
2013-07-18 12:02 - 2013-07-18 12:02 - 01842816 _____ (Bleeping Computer, LLC) C:\Users\Leaf\Desktop\rkill.com
2013-07-18 12:01 - 2013-07-18 12:01 - 00760937 _____ (Farbar) C:\Users\Leaf\Desktop\MiniToolBox.exe
2013-07-17 19:53 - 2013-07-18 12:56 - 00000000 ____D C:\Program Files\Trojan Remover
2013-07-17 17:08 - 2013-07-17 17:08 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 16:30 - 2013-07-17 16:30 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-07-17 16:30 - 2013-07-17 16:30 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-17 02:57 - 2013-07-17 02:59 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-17 02:50 - 2013-07-17 02:56 - 00000000 ____D C:\Program Files\CheckPoint
2013-07-17 02:49 - 2013-07-17 02:49 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-14 15:41 - 2013-07-15 00:30 - 04126720 _____ C:\Program Files\GUT8A67.tmp
2013-07-14 15:41 - 2013-07-15 00:30 - 00000000 ____D C:\Program Files\GUM8A66.tmp
2013-07-14 01:21 - 2013-07-14 01:23 - 06139760 _____ (Microsoft Corporation) C:\Windowsupdateagent30-x86.exe
2013-07-13 23:25 - 2013-07-18 19:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-13 10:17 - 2013-07-13 10:17 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-13 09:47 - 2013-07-13 09:47 - 00000000 ____D C:\Program Files\BillP Studios
2013-07-12 16:14 - 2013-07-12 16:14 - 00000000 ____D C:\Windows\system32\EventProviders
2013-07-12 00:32 - 2013-07-13 00:49 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2013-07-12 00:17 - 2013-07-12 00:17 - 00000000 ____D C:\Windows\CheckSur
2013-07-08 20:20 - 2013-07-08 20:20 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-07-08 16:30 - 2013-07-08 16:30 - 00000000 ____D C:\Windows\system32\catroot2.old
2013-07-08 14:39 - 2013-07-18 21:13 - 00000002 _____ C:\$UpgDrv$
2013-07-05 19:03 - 2013-07-05 19:03 - 00000000 ____D C:\Program Files\WOT
2013-07-04 10:04 - 2013-07-04 10:04 - 00000000 ____D C:\Program Files\ESET
2013-07-03 19:48 - 2013-07-20 01:34 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-03 19:45 - 2013-07-03 19:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LTLEAF-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2013-07-03 19:44 - 2013-07-03 19:44 - 00000000 ____D C:\RegBackup
2013-07-03 18:32 - 2013-07-03 18:32 - 00000000 ____D C:\ProgramData\Sun
2013-07-03 18:32 - 2013-07-03 18:32 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-03 18:31 - 2013-07-03 18:30 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-03 18:31 - 2013-07-03 18:30 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-03 18:31 - 2013-07-03 18:30 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-03 18:31 - 2013-07-03 18:30 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-03 18:31 - 2013-07-03 18:30 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-03 15:09 - 2013-07-24 22:19 - 01149903 _____ C:\Windows\WindowsUpdate.log
2013-07-03 00:02 - 2013-07-13 00:32 - 00093868 _____ C:\JavaRa.log
2013-07-02 17:45 - 2013-07-18 21:27 - 00001908 _____ C:\Windows\diagwrn.xml
2013-07-02 17:45 - 2013-07-18 21:27 - 00001908 _____ C:\Windows\diagerr.xml
2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-02 09:53 - 2013-07-02 10:59 - 00000212 _____ C:\Windows\ildasmfnt.bin
2013-07-01 13:04 - 2013-07-01 13:05 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 13:04 - 2009-01-25 12:14 - 00015224 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-06-25 18:27 - 2013-06-25 18:27 - 00000000 __SHD C:\Windows\system32\%APPDATA%

==================== One Month Modified Files and Folders =======

2013-07-25 02:37 - 2010-10-18 00:44 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\Free Download Manager
2013-07-25 02:36 - 2013-07-25 02:36 - 00000000 ____D C:\FRST
2013-07-25 02:35 - 2013-07-25 02:30 - 01220306 _____ (Farbar) C:\Users\Leaf\Desktop\FRST.exe
2013-07-25 02:35 - 2009-11-27 02:37 - 00000000 ___RD C:\Users\Leaf\Desktop
2013-07-25 02:29 - 2013-07-25 02:28 - 00633126 _____ (Farbar) C:\Users\Leaf\Downloads\FRST.exe
2013-07-25 02:05 - 2013-07-03 15:09 - 01149903 _____ C:\Windows\WindowsUpdate.log
2013-07-24 21:40 - 2013-07-23 11:51 - 00000000 _____ C:\Users\Leaf\Desktop\styles.css
2013-07-24 21:38 - 2013-07-23 11:51 - 00000829 _____ C:\Users\Leaf\Desktop\web.html
2013-07-24 14:26 - 2013-07-24 14:26 - 04274706 _____ C:\Users\Leaf\Downloads\CSS3_MM_TUTORIALS.zip
2013-07-24 14:22 - 2009-11-27 01:38 - 00783104 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 00:38 - 2013-07-24 00:38 - 02347384 _____ (ESET) C:\Users\Leaf\Downloads\esetsmartinstaller_enu (1).exe
2013-07-23 22:42 - 2013-07-23 22:42 - 00018356 _____ C:\ComboFix.txt
2013-07-23 22:42 - 2013-07-23 07:07 - 00000000 ____D C:\Qoobox
2013-07-23 22:39 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2013-07-23 22:23 - 2009-07-13 21:34 - 00013632 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 22:23 - 2009-07-13 21:34 - 00013632 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 22:18 - 2013-07-23 22:18 - 00001444 _____ C:\Windows\PFRO.log
2013-07-23 22:18 - 2013-07-22 21:52 - 00000168 _____ C:\Windows\setupact.log
2013-07-23 22:18 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 22:18 - 2009-07-13 19:03 - 59506688 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-23 22:18 - 2009-07-13 19:03 - 17039360 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-23 22:18 - 2009-07-13 19:03 - 01572864 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-23 22:18 - 2009-07-13 19:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-23 22:18 - 2009-07-13 19:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-23 22:17 - 2012-12-07 14:41 - 00000000 ____D C:\Windows\erdnt
2013-07-23 21:58 - 2012-11-28 18:57 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\Notepad++
2013-07-23 11:00 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-23 07:03 - 2013-07-23 07:03 - 00138996 _____ C:\Users\Leaf\Downloads\hosts.zip
2013-07-23 06:57 - 2013-07-23 06:56 - 05091940 ____R (Swearware) C:\Users\Leaf\Desktop\ComboFix.exe
2013-07-23 00:39 - 2013-07-23 00:38 - 00004644 _____ C:\Users\Leaf\Desktop\ark.txt
2013-07-23 00:10 - 2013-07-18 13:23 - 00001736 _____ C:\Users\Leaf\Desktop\Rkill.txt
2013-07-22 23:16 - 2013-07-22 23:16 - 00377856 _____ C:\Users\Leaf\Desktop\tk0864db.exe
2013-07-22 22:22 - 2013-07-22 21:58 - 00019641 _____ C:\Users\Leaf\Desktop\dds.txt
2013-07-22 21:58 - 2013-07-22 21:58 - 00013563 _____ C:\Users\Leaf\Desktop\attach.txt
2013-07-22 21:52 - 2013-07-22 21:52 - 00128144 _____ C:\Users\Leaf\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 21:52 - 2013-07-22 21:52 - 00000000 _____ C:\Windows\setuperr.log
2013-07-22 21:52 - 2013-07-22 21:51 - 00537440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 17:28 - 2009-07-13 19:37 - 00000000 ___RD C:\Users\Public\Desktop
2013-07-22 17:27 - 2009-11-27 02:36 - 00000000 ____D C:\Users\Leaf
2013-07-22 17:25 - 2010-05-30 13:07 - 00000000 ____D C:\Program Files\GIMP-2.0
2013-07-22 16:34 - 2013-07-21 15:39 - 00000000 ____D C:\Program Files\EMET
2013-07-22 15:00 - 2013-07-22 15:16 - 00262144 _____ C:\Windows\system32\config\components.old
2013-07-22 13:07 - 2013-07-22 13:06 - 00688992 ____R (Swearware) C:\Users\Leaf\Desktop\dds.com
2013-07-22 12:49 - 2013-07-22 12:49 - 00025992 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pgdfgsvc.exe
2013-07-22 12:48 - 2013-07-22 12:47 - 00000000 ____D C:\Users\Leaf\Downloads\PageDefrag
2013-07-22 12:02 - 2013-07-22 12:01 - 00000000 ____D C:\Program Files\Defraggler
2013-07-21 15:47 - 2013-07-21 15:46 - 00655360 _____ C:\Users\Leaf\Downloads\MicrosoftFixit50471.msi
2013-07-21 15:20 - 2013-07-21 15:20 - 00000000 ____D C:\Program Files\Speccy
2013-07-21 13:51 - 2013-07-21 13:51 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\SumatraPDF
2013-07-21 13:51 - 2013-07-21 13:51 - 00000000 ____D C:\Program Files\SumatraPDF
2013-07-21 10:27 - 2013-07-21 10:27 - 00128144 _____ C:\Users\Browser\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-21 10:27 - 2013-07-21 10:27 - 00002227 _____ C:\Users\Browser\Desktop\Google Chrome.lnk
2013-07-21 10:27 - 2013-07-21 10:27 - 00000020 ___SH C:\Users\Browser\ntuser.ini
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ___RD C:\Users\Browser\Desktop
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ____D C:\Users\Browser\AppData\Local\VirtualStore
2013-07-21 10:27 - 2013-07-21 10:27 - 00000000 ____D C:\Users\Browser
2013-07-21 10:15 - 2013-07-21 10:15 - 00000000 ____D C:\Users\Leaf\Downloads\SumatraPDF-2.3.2
2013-07-21 10:10 - 2013-07-21 10:10 - 02690304 _____ (Foxit Software) C:\Users\Leaf\Downloads\FoxitReader23_setup.exe
2013-07-20 20:17 - 2013-07-20 20:14 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-20 20:14 - 2013-07-20 20:14 - 00000000 ____D C:\ProgramData\Licenses
2013-07-20 12:46 - 2012-11-15 02:16 - 00000000 ____D C:\Program Files\PeerBlock
2013-07-20 01:34 - 2013-07-03 19:48 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-19 18:12 - 2013-07-19 18:12 - 00002143 _____ C:\Users\Leaf\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-07-19 18:11 - 2013-07-19 18:10 - 05373340 _____ C:\Users\Leaf\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-07-19 15:04 - 2013-05-30 09:35 - 00000000 ____D C:\Users\Leaf\Documents\EA Games
2013-07-19 14:31 - 2012-07-21 18:31 - 00000000 ____D C:\Users\Leaf\Documents\Electronic Arts
2013-07-19 13:58 - 2012-03-07 18:16 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\vlc
2013-07-19 13:20 - 2013-07-19 13:19 - 02347384 _____ (ESET) C:\Users\Leaf\Downloads\esetsmartinstaller_enu.exe
2013-07-18 22:15 - 2013-07-18 22:15 - 00000811 _____ C:\Users\Leaf\Desktop\JRT.txt
2013-07-18 22:11 - 2013-07-18 22:11 - 00000000 ____D C:\Windows\ERUNT
2013-07-18 22:08 - 2009-11-27 02:37 - 00000000 ____D C:\Users\Leaf\AppData\Local\VirtualStore
2013-07-18 21:27 - 2013-07-02 17:45 - 00001908 _____ C:\Windows\diagwrn.xml
2013-07-18 21:27 - 2013-07-02 17:45 - 00001908 _____ C:\Windows\diagerr.xml
2013-07-18 21:13 - 2013-07-08 14:39 - 00000002 _____ C:\$UpgDrv$
2013-07-18 20:40 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-18 20:19 - 2013-07-18 20:19 - 00347424 _____ (Microsoft Corporation) C:\Users\Leaf\Downloads\MicrosoftFixit.wu.LB.147297571093178584.5.1.Run.exe
2013-07-18 19:32 - 2013-07-13 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-18 18:06 - 2013-07-18 18:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-18 13:40 - 2013-07-18 13:39 - 02347384 _____ (ESET) C:\Users\Leaf\Desktop\esetsmartinstaller_enu.exe
2013-07-18 13:36 - 2013-07-18 13:36 - 00001032 _____ C:\Users\Leaf\Desktop\AdwCleaner[S2].txt
2013-07-18 13:20 - 2013-07-18 13:05 - 00032804 _____ C:\Users\Leaf\Desktop\Result.txt
2013-07-18 12:56 - 2013-07-17 19:53 - 00000000 ____D C:\Program Files\Trojan Remover
2013-07-18 12:49 - 2010-06-18 11:06 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-18 12:46 - 2013-07-18 12:46 - 00000000 ____D C:\Users\Leaf\AppData\Local\WindowsUpdate
2013-07-18 12:43 - 2013-07-18 12:42 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Leaf\Desktop\tdsskiller.exe
2013-07-18 12:42 - 2013-07-18 12:42 - 00662345 _____ C:\Users\Leaf\Desktop\AdwCleaner.exe
2013-07-18 12:32 - 2013-07-18 12:32 - 00000000 ____D C:\Users\Leaf\AppData\Local\Secunia PSI
2013-07-18 12:32 - 2013-07-18 12:32 - 00000000 ____D C:\Program Files\Secunia
2013-07-18 12:02 - 2013-07-18 12:02 - 01842816 _____ (Bleeping Computer, LLC) C:\Users\Leaf\Desktop\rkill.com
2013-07-18 12:01 - 2013-07-18 12:01 - 00760937 _____ (Farbar) C:\Users\Leaf\Desktop\MiniToolBox.exe
2013-07-17 17:08 - 2013-07-17 17:08 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\SUPERAntiSpyware.com
2013-07-17 17:05 - 2013-01-01 23:14 - 00000000 ____D C:\bbLean
2013-07-17 16:30 - 2013-07-17 16:30 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-07-17 16:30 - 2013-07-17 16:30 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-17 02:59 - 2013-07-17 02:57 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-17 02:57 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-17 02:56 - 2013-07-17 02:50 - 00000000 ____D C:\Program Files\CheckPoint
2013-07-17 02:49 - 2013-07-17 02:49 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-15 23:05 - 2012-11-15 01:27 - 00000000 ____D C:\Program Files\Free Download Manager
2013-07-15 21:10 - 2010-01-14 15:25 - 00007589 _____ C:\Users\Leaf\AppData\Local\Resmon.ResmonCfg
2013-07-15 00:30 - 2013-07-14 15:41 - 04126720 _____ C:\Program Files\GUT8A67.tmp
2013-07-15 00:30 - 2013-07-14 15:41 - 00000000 ____D C:\Program Files\GUM8A66.tmp
2013-07-14 15:41 - 2009-12-27 01:30 - 00000000 ____D C:\Users\Leaf\AppData\Local\Google
2013-07-14 01:23 - 2013-07-14 01:21 - 06139760 _____ (Microsoft Corporation) C:\Windowsupdateagent30-x86.exe
2013-07-13 10:58 - 2012-12-07 14:55 - 00000741 _____ C:\Windows\system32\Drivers\etc\hosts_bak_135
2013-07-13 10:50 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Help
2013-07-13 10:17 - 2013-07-13 10:17 - 00000000 ____D C:\Program Files\VS Revo Group
2013-07-13 09:47 - 2013-07-13 09:47 - 00000000 ____D C:\Program Files\BillP Studios
2013-07-13 00:49 - 2013-07-12 00:32 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2013-07-13 00:32 - 2013-07-03 00:02 - 00093868 _____ C:\JavaRa.log
2013-07-13 00:32 - 2010-01-09 17:27 - 00000000 ____D C:\Program Files\Java
2013-07-12 16:14 - 2013-07-12 16:14 - 00000000 ____D C:\Windows\system32\EventProviders
2013-07-12 00:17 - 2013-07-12 00:17 - 00000000 ____D C:\Windows\CheckSur
2013-07-09 16:06 - 2009-12-13 14:39 - 00000000 ____D C:\Users\Leaf\AppData\Local\Adobe
2013-07-09 16:04 - 2009-12-13 14:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-09 16:04 - 2009-12-13 14:44 - 00000000 ____D C:\ProgramData\Adobe
2013-07-09 16:03 - 2009-12-13 14:44 - 00000000 ____D C:\Program Files\Adobe
2013-07-08 20:20 - 2013-07-08 20:20 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-07-08 16:30 - 2013-07-08 16:30 - 00000000 ____D C:\Windows\system32\catroot2.old
2013-07-08 14:18 - 2012-04-24 23:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 14:11 - 2012-11-28 18:57 - 00000000 ____D C:\Program Files\Notepad++
2013-07-05 19:03 - 2013-07-05 19:03 - 00000000 ____D C:\Program Files\WOT
2013-07-05 10:33 - 2009-12-21 14:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 10:04 - 2013-07-04 10:04 - 00000000 ____D C:\Program Files\ESET
2013-07-03 23:05 - 2013-04-05 15:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-03 19:49 - 2012-12-07 14:55 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_319
2013-07-03 19:45 - 2013-07-03 19:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LTLEAF-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2013-07-03 19:44 - 2013-07-03 19:44 - 00000000 ____D C:\RegBackup
2013-07-03 18:32 - 2013-07-03 18:32 - 00000000 ____D C:\ProgramData\Sun
2013-07-03 18:32 - 2013-07-03 18:32 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-03 18:30 - 2013-07-03 18:31 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-03 18:30 - 2013-07-03 18:31 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-03 18:30 - 2013-07-03 18:31 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-03 18:30 - 2013-07-03 18:31 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-03 18:30 - 2013-07-03 18:31 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-03 18:30 - 2010-10-23 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-03 10:39 - 2013-05-30 09:18 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\DAEMON Tools Lite
2013-07-03 10:38 - 2010-02-03 21:47 - 00000000 ____D C:\Windows\Minidump
2013-07-02 17:22 - 2011-12-08 20:17 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-02 10:59 - 2013-07-02 09:53 - 00000212 _____ C:\Windows\ildasmfnt.bin
2013-07-02 09:14 - 2012-11-05 13:00 - 00000000 ____D C:\Users\Leaf\Documents\Visual Studio 2010
2013-07-01 13:05 - 2013-07-01 13:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 12:22 - 2012-12-27 15:58 - 00000000 ____D C:\Users\Leaf\AppData\Roaming\uTorrent
2013-07-01 09:11 - 2011-05-12 22:39 - 00000361 _____ C:\rkill.log
2013-07-01 01:48 - 2009-12-21 13:43 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-06-25 18:27 - 2013-06-25 18:27 - 00000000 __SHD C:\Windows\system32\%APPDATA%

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-01-06 22:12] - [2012-09-06 09:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

LastRegBack: 2013-07-23 09:31

==================== End Of Log ============================



#13 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 25 July 2013 - 05:01 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013
Run by Leaf at 2013-07-25 02:37:51
Running from C:\Users\Leaf\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 6.1.2)
ActiveState Komodo Edit 5.2.4 (Version: 5.2.4)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon Unbox Video (Version: 2.2.0.153)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.10 (Unicode)
Auslogics Disk Defrag (Version: 3.5)
Avidemux 2.5 (32-bit) (Version: 2.5.6.7716)
AviSynth 2.5
AVStoDVD 2.6.0 (Version: 2.6.0)
Bamboo
Batch Update (Version: 3.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BlueStacks App Player (Version: 0.7.10.869)
BlueStacks Notification Center (Version: 0.7.10.869)
Bonjour (Version: 3.0.0.10)
CamStudio Lossless Codec
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CCleaner (Version: 3.22)
Celtx (2.9) (Version: 2.9 (en-US))
Color Efex Pro 3.0 Wacom Edition 3 (Version: 3.0.0.1)
Common System Files (Version: 3.0)
Corel Painter Essentials 4 (Version: 4.2)
CPUID CPU-Z 1.62.0
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0333)
Defraggler (Version: 2.15)
DVD Shrink 3.2
DVDStyler v2.1
EMET (Version: 3.0.0)
EOS USB WIA Driver (Version: 6.0.1.5)
ESET Online Scanner v3
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2)
Free Download Manager 3.9.2
Freemake Video Downloader (Version: 3.5.1)
Game Booster 3 (Version: 3.4)
GnuWin32: File-5.03 (Version: 5.03)
Google Advertising Cookie Opt-out (Version: 1.0.1.0)
Google Chrome (Version: 28.0.1500.71)
Google Chrome Frame (Version: 28.0.1500.71)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Graphical Query Editor (Version: 3.0)
Haali Media Splitter
IETester v0.4.10 (remove only) (Version: 0.4.10)
ImgBurn (Version: 2.5.6.0)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
LAME v3.98.3 for Audacity
Libronix Digital Library System
Libronix Digital Library System (Version: 3.0)
Libronix DLS Application (Version: 3.0)
Libronix DLS Shortcuts (Version: 3.0)
LibronixUpdate (Version: 3.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Age of Empires II
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 6.2.2)
NVIDIA Photoshop Plug-ins (Version: 1.00.000)
OEB Resource Driver (Version: 3.0)
Opera 11.50 (Version: 11.50.1074)
Paint.NET v3.5.5 (Version: 3.55.0)
PDF Resource Driver (Version: 3.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Photo Gallery (Version: 16.4.3505.0912)
Picasa 3 (Version: 3.9)
QuickTime (Version: 7.0.4)
RE: Alistair++ 1 (Version: 1)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Revo Uninstaller 1.95 (Version: 1.95)
Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009)
Speccy (Version: 1.22)
Spybot - Search & Destroy (Version: 2.0.12)
SpywareBlaster 5.0 (Version: 5.0.0)
Subtitle Edit 3.2.3 (Version: 3.2.3)
SumatraPDF (Version: 2.3.2)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
The Proxomitron Ver. Naoko-4.5
Tweak UI
Tweaking.com - Windows Repair (All in One) (Version: 1.9.15)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 2.1.0-pre1-20130604-0018 (Version: 2.1.0-pre1-20130604-0018)
WD Drive Manager (x86) (Version: 2.115)
WD Security (Version: 1.0.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WOT for Internet Explorer (Version: 12.8.2.0)
Zip Motion Block Video codec (Remove Only)
ZoneAlarm Firewall (Version: 11.0.768.000)
ZoneAlarm Free Firewall (Version: 11.0.768.000)
ZoneAlarm Security (Version: 11.0.768.000)

==================== Restore Points  =========================

23-07-2013 05:03:56 Windows Update

==================== Hosts content: ==========================

2012-12-07 14:55 - 2013-07-17 16:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {167AA572-6BB9-4F52-B0CC-A1FC2320399B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {1D27591C-8BE8-47F6-B59A-5CC53B80947A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-13] (Microsoft Corporation)
Task: {2D60DE05-29E5-46C2-8DD5-523A5459F9A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {34199D50-59EA-4B4D-95F3-B8F64973E1FB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {396F371B-60F4-4A6E-B64E-29EB8625EFE6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {3E516FCE-1BD1-4A74-AA69-DAED344B117B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {4EFF3FCB-A567-4A36-B371-F61661AD9142} - System32\Tasks\User_Feed_Synchronization-{8FA07289-1C06-46FE-B315-EAFF481DBBF0} => C:\Windows\system32\msfeedssync.exe [2012-08-23] (Microsoft Corporation)
Task: {50F87431-00A5-456E-83FF-4A37266419FA} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {5989C98B-C45A-40E2-90D6-AEB5DF9E742A} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-13] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Name: MpKsl52f76c8b
Description: MpKsl52f76c8b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl52f76c8b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2013 00:34:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/24/2013 02:12:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/23/2013 09:32:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/22/2013 09:50:18 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{482993E2-2058-470E-ABF7-1B3125739594}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (07/22/2013 04:34:36 PM) (Source: MsiInstaller) (User: LTLEAF)
Description: Product: EMET -- Error 1406. Could not write value EMET Notifier to key \Software\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (07/22/2013 04:34:35 PM) (Source: MsiInstaller) (User: LTLEAF)
Description: Product: EMET -- Error 1406. Could not write value EMET Notifier to key \Software\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (07/22/2013 04:34:34 PM) (Source: MsiInstaller) (User: LTLEAF)
Description: Product: EMET -- Error 1406. Could not write value EMET Notifier to key \Software\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (07/22/2013 04:34:34 PM) (Source: MsiInstaller) (User: LTLEAF)
Description: Product: EMET -- Error 1406. Could not write value EMET Notifier to key \Software\Microsoft\Windows\CurrentVersion\Run.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (07/22/2013 02:54:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2013 07:00:02 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (07/23/2013 10:28:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.155.565.0

Update Source: %NT AUTHORITY59

Update Stage: 4.2.0223.00

Source Path: 4.2.0223.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/23/2013 10:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (07/23/2013 10:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (07/23/2013 10:18:50 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (07/23/2013 10:18:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:17:14 PM on ‎7/‎23/‎2013 was unexpected.

Error: (07/23/2013 10:17:32 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/23/2013 10:17:23 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/23/2013 10:13:23 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/23/2013 10:08:13 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/23/2013 08:16:20 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (11/29/2010 02:41:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 51783 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/28/2010 00:17:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 133779 seconds with 1620 seconds of active time.  This session ended with a crash.

Error: (11/26/2010 05:16:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 58541 seconds with 180 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-03-17 13:11:16.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:16.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:16.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:16.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:16.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:16.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:12.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:12.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:12.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 13:11:11.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\bbLean\plugins\bbLeanSkin\bbLeanSkinEng.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 2940 MB
Available physical RAM: 1369.38 MB
Total Pagefile: 7348.28 MB
Available Pagefile: 5089.49 MB
Total Virtual: 3071.88 MB
Available Virtual: 2907.22 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:148.95 GB) (Free:54.12 GB) NTFS
Drive e: (LEXAR MEDIA) (Removable) (Total:1.87 GB) (Free:0.01 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EC425135)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================


Edited by LTLeaf, 25 July 2013 - 09:29 AM.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 25 July 2013 - 06:09 AM

Hit Windows-R and paste the following line into the text fiel:

 

%windir%\windowsupdate.log

 

Post the content of the opening log in here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 LTLeaf

LTLeaf
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 25 July 2013 - 08:38 AM

2013-07-16 19:33:23:301  992 898 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-16 19:33:23:301  992 898 Agent   * Search Scope = {Machine}
2013-07-16 19:33:23:301  992 898 Setup Checking for agent SelfUpdate
2013-07-16 19:33:23:302 4572 194 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-16 19:33:23:303 4572 194 COMAPI   - Updates found = 0
2013-07-16 19:33:23:303 4572 194 COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x8024402C
2013-07-16 19:33:23:303 4572 194 COMAPI ---------
2013-07-16 19:33:23:303 4572 194 COMAPI --  END  --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-16 19:33:23:303 4572 194 COMAPI -------------
2013-07-16 19:33:23:304 4572 25c COMAPI WARNING: Operation failed due to earlier error, hr=8024402C
2013-07-16 19:33:23:304 4572 25c COMAPI FATAL: Unable to complete asynchronous search. (hr=8024402C)
2013-07-16 19:33:23:330  992 898 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-07-16 19:33:23:334  992 898 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-16 19:33:23:343  992 898 Misc  Microsoft signed: Yes
2013-07-16 19:33:25:608  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:25:608  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:25:608  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:25:608  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:25:608  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:25:608  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:27:869  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:27:870  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:27:870  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:27:870  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:27:870  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:27:870  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:30:130  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:30:130  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:30:130  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:30:130  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:30:130  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:30:130  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:32:392  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:32:392  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-16 19:33:32:392  992 898 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-16 19:33:32:401  992 898 Misc  Microsoft signed: Yes
2013-07-16 19:33:34:668  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:34:668  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:34:668  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:34:668  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:34:668  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:34:668  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:36:929  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:36:929  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:36:929  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:36:929  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:36:929  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:36:929  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:39:191  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:39:191  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:39:191  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:39:191  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:39:191  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:39:191  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:41:452  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:41:452  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:41:452  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:41:452  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:41:452  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:41:452  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:41:452  992 898 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-16 19:33:41:453  992 898 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-16 19:33:41:462  992 898 Misc  Microsoft signed: Yes
2013-07-16 19:33:43:725  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:43:725  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:43:725  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:43:725  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:43:725  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:43:725  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:45:994  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:45:994  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:45:994  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:45:994  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:45:994  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:45:994  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:48:258  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:48:258  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:48:258  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:48:259  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:48:259  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:48:259  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:50:520  992 898 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-16 19:33:50:520  992 898 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-16 19:33:50:520  992 898 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-16 19:33:50:520  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-16 19:33:50:520  992 898 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-16 19:33:50:520  992 898 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-16 19:33:50:520  992 898 Misc WARNING: DownloadFileInternal failed for http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-16 19:33:50:521  992 898 Setup WARNING: SelfUpdate check failed to download package information, error = 0x8024402C
2013-07-16 19:33:50:522  992 898 Setup FATAL: SelfUpdate check failed, err = 0x8024402C
2013-07-16 19:33:50:522  992 898 Agent   * WARNING: Skipping scan, self-update check returned 0x8024402C
2013-07-16 19:33:50:522  992 898 Agent   * WARNING: Exit code = 0x8024402C
2013-07-16 19:33:50:522  992 898 Agent *********
2013-07-16 19:33:50:522  992 898 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-16 19:33:50:522  992 898 Agent *************
2013-07-16 19:33:50:522  992 898 Agent WARNING: WU client failed Searching for update with error 0x8024402c
2013-07-16 19:33:50:522  992 898 Report CWERReporter finishing event handling. (00000000)
2013-07-16 19:33:50:523  992 b00 AU >>##  RESUMED  ## AU: Search for updates [CallId = {63F6AC5D-4A06-4CD4-AC20-078F9BD38A58}]
2013-07-16 19:33:50:523  992 b00 AU   # WARNING: Search callback failed, result = 0x8024402C
2013-07-16 19:33:50:523  992 b00 AU   # WARNING: Failed to find updates with error code 8024402C
2013-07-16 19:33:50:523  992 b00 AU #########
2013-07-16 19:33:50:523  992 b00 AU ##  END  ##  AU: Search for updates [CallId = {63F6AC5D-4A06-4CD4-AC20-078F9BD38A58}]
2013-07-16 19:33:50:523  992 b00 AU #############
2013-07-16 19:33:50:524  992 b00 AU Successfully wrote event for AU health state:0
2013-07-16 19:33:50:524  992 b00 AU AU setting next detection timeout to 2013-07-17 07:33:50
2013-07-16 19:33:50:524  992 b00 AU Setting AU scheduled install time to 2013-07-17 10:00:00
2013-07-16 19:33:50:525  992 b00 AU Successfully wrote event for AU health state:0
2013-07-16 19:33:50:540  992 b00 AU Successfully wrote event for AU health state:0
2013-07-16 19:33:55:525  992 898 Report CWERReporter finishing event handling. (00000000)
2013-07-16 19:34:08:901  992 898 Report CWERReporter finishing event handling. (00000000)
2013-07-16 19:34:15:532  992 898 Report CWERReporter finishing event handling. (00000000)
2013-07-16 19:34:20:531  992 898 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:26:06:714  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:35:47:552  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:36:22:928  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:36:34:550  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:37:15:088  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:37:21:531  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:40:17:928  992 834 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:56:13:049  992 ce4 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:56:18:556  992 ce4 Report CWERReporter finishing event handling. (00000000)
2013-07-16 21:56:37:801  992 ce4 Report CWERReporter finishing event handling. (00000000)
2013-07-16 23:09:24:303  992 12ec Report CWERReporter finishing event handling. (00000000)
2013-07-16 23:17:49:216  992 12ec Report CWERReporter finishing event handling. (00000000)
2013-07-16 23:20:49:006  992 be4 AU AU setting next sqm report timeout to 2013-07-18 06:20:49
2013-07-17 00:31:52:544  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:32:29:195  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:32:36:543  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:32:43:610  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:33:13:465  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:33:27:541  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:33:32:549  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:33:50:536  992 be4 AU #############
2013-07-17 00:33:50:536  992 be4 AU ## START ##  AU: Search for updates
2013-07-17 00:33:50:536  992 be4 AU #########
2013-07-17 00:33:50:567  992 be4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {75FB01A0-739C-49C7-9074-DFAF1E584B94}]
2013-07-17 00:33:50:567  992 15d8 Agent *************
2013-07-17 00:33:50:567  992 15d8 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 00:33:50:567  992 15d8 Agent *********
2013-07-17 00:33:50:567  992 15d8 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 00:33:50:567  992 15d8 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 00:33:50:567  992 15d8 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 00:33:50:567  992 15d8 Agent   * Search Scope = {Machine}
2013-07-17 00:33:50:692  992 15d8 Setup Checking for agent SelfUpdate
2013-07-17 00:33:50:739  992 15d8 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-07-17 00:33:50:754  992 15d8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 00:33:50:785  992 15d8 Misc  Microsoft signed: Yes
2013-07-17 00:33:54:888  992 15d8 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 00:33:54:903  992 15d8 Misc  Microsoft signed: Yes
2013-07-17 00:33:54:934  992 15d8 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-07-17 00:33:54:966  992 15d8 Misc  Microsoft signed: Yes
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v10/1/windowsupdate/selfupdate/wuident.cab>. error 0x8024402c
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 00:33:57:664  992 15d8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v10/1/windowsupdate/selfupdate/wuident.cab>. error 0x8024402c
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 00:34:00:064  992 15d8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v10/1/windowsupdate/selfupdate/wuident.cab>. error 0x8024402c
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 00:34:02:357  992 15d8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://update.microsoft.com/v10/1/windowsupdate/selfupdate/wuident.cab>. error 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Misc WARNING: DownloadFileInternal failed for http://update.microsoft.com/v10/1/windowsupdate/selfupdate/wuident.cab: error 0x8024402c
2013-07-17 00:34:04:650  992 15d8 Setup WARNING: SelfUpdate check failed to download package information, error = 0x8024402C
2013-07-17 00:34:04:650  992 15d8 Setup FATAL: SelfUpdate check failed, err = 0x8024402C
2013-07-17 00:34:04:650  992 15d8 Agent   * WARNING: Skipping scan, self-update check returned 0x8024402C
2013-07-17 00:34:04:697  992 15d8 Agent   * WARNING: Exit code = 0x8024402C
2013-07-17 00:34:04:697  992 15d8 Agent *********
2013-07-17 00:34:04:697  992 15d8 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 00:34:04:697  992 15d8 Agent *************
2013-07-17 00:34:04:697  992 15d8 Agent WARNING: WU client failed Searching for update with error 0x8024402c
2013-07-17 00:34:04:697  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 00:34:04:697  992 e5c AU >>##  RESUMED  ## AU: Search for updates [CallId = {75FB01A0-739C-49C7-9074-DFAF1E584B94}]
2013-07-17 00:34:04:697  992 e5c AU   # WARNING: Search callback failed, result = 0x8024402C
2013-07-17 00:34:04:697  992 e5c AU   # WARNING: Failed to find updates with error code 8024402C
2013-07-17 00:34:04:697  992 e5c AU #########
2013-07-17 00:34:04:697  992 e5c AU ##  END  ##  AU: Search for updates [CallId = {75FB01A0-739C-49C7-9074-DFAF1E584B94}]
2013-07-17 00:34:04:697  992 e5c AU #############
2013-07-17 00:34:04:697  992 e5c AU Successfully wrote event for AU health state:0
2013-07-17 00:34:04:713  992 e5c AU AU setting next detection timeout to 2013-07-17 12:34:04
2013-07-17 00:34:04:713  992 e5c AU Setting AU scheduled install time to 2013-07-17 10:00:00
2013-07-17 00:34:04:713  992 e5c AU Successfully wrote event for AU health state:0
2013-07-17 00:34:04:775  992 e5c AU Successfully wrote event for AU health state:0
2013-07-17 00:34:09:705  992 15d8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:04:21:037  992 e98 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:05:01:614  992 e98 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:05:07:776  992 e98 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:09:25:418  992 e98 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:30:39:050  992 1788 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:30:45:305  992 1788 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:30:54:959  992 1788 Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:49:00:559  992 e7c Report CWERReporter finishing event handling. (00000000)
2013-07-17 01:51:57:543  992 e7c Report CWERReporter finishing event handling. (00000000)
2013-07-17 02:18:09:233  992 16c0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 02:28:56:319  992 16c0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 02:37:49:570  992 16c0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 02:37:54:578  992 16c0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 02:56:07:942 3008 13cc Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 02:56:07:942 3008 13cc Misc   = Process: C:\Windows\system32\wusa.exe
2013-07-17 02:56:07:942 3008 13cc Misc   = Module: C:\Windows\system32\wuapi.dll
2013-07-17 02:56:07:880 3008 13cc COMAPI -----------  COMAPI: IUpdateServiceManager::AddScanPackageService  -----------
2013-07-17 02:56:07:942 3008 13cc COMAPI   - ServiceName = Windows Update Standalone Installer
2013-07-17 02:56:07:942 3008 13cc COMAPI   - ScanFileLocation = C:\baa4b2200db776f9c477c5\wsusscan.cab
2013-07-17 02:56:08:005  992 1158 Misc Validating signature for C:\Windows\SoftwareDistribution\ScanFile\f7c7f927-e5c2-402f-8c79-8633e8e7c043\Source.cab:
2013-07-17 02:56:08:020  992 1158 Misc  Microsoft signed: Yes
2013-07-17 02:56:08:379  992 1158 DtaStor Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-07-17 02:56:08:379 3008 13cc COMAPI   - Added scan package service, ServiceID = {F7C7F927-E5C2-402F-8C79-8633E8E7C043} Third party service
2013-07-17 02:56:08:379 3008 13cc COMAPI -------------
2013-07-17 02:56:08:379 3008 13cc COMAPI -- START --  COMAPI: Search [ClientId = wusa]
2013-07-17 02:56:08:379 3008 13cc COMAPI ---------
2013-07-17 02:56:08:457 3008 13cc COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = wusa]
2013-07-17 02:56:08:457  992 258 Agent *************
2013-07-17 02:56:08:457  992 258 Agent ** START **  Agent: Finding updates [CallerId = wusa]
2013-07-17 02:56:08:457  992 258 Agent *********
2013-07-17 02:56:08:457  992 258 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 02:56:08:457  992 258 Agent   * Criteria = "DeploymentAction='Installation'"
2013-07-17 02:56:08:457  992 258 Agent   * ServiceID = {F7C7F927-E5C2-402F-8C79-8633E8E7C043} Third party service
2013-07-17 02:56:08:457  992 258 Agent   * Search Scope = {Machine}
2013-07-17 02:56:08:816  992 258 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-07-17 02:56:08:832  992 258 PT   + Offline serviceId = {F7C7F927-E5C2-402F-8C79-8633E8E7C043}
2013-07-17 02:56:08:832  992 258 PT WARNING: Cached cookie has expired or new PID is available
2013-07-17 02:56:14:635  992 258 Agent WARNING: Failed to evaluate Installed rule, updateId = {53A5B243-7BBC-4F29-948F-CB172D82DB7E}.501, hr = 80073712
2013-07-17 02:56:15:602  992 258 Agent WARNING: Failed to evaluate Installable rule, updateId = {53A5B243-7BBC-4F29-948F-CB172D82DB7E}.501, hr = 80073712
2013-07-17 02:56:15:789  992 258 PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
2013-07-17 02:56:15:789  992 258 PT   + Offline serviceId = {F7C7F927-E5C2-402F-8C79-8633E8E7C043}
2013-07-17 02:56:15:976  992 258 Agent   * Found 0 updates and 60 categories in search; evaluated appl. rules of 124 out of 407 deployed entities
2013-07-17 02:56:16:008  992 258 Agent *********
2013-07-17 02:56:16:008  992 258 Agent **  END  **  Agent: Finding updates [CallerId = wusa]
2013-07-17 02:56:16:008  992 258 Agent *************
2013-07-17 02:56:16:008 3008 1798 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = wusa]
2013-07-17 02:56:16:008 3008 1798 COMAPI   - Updates found = 0
2013-07-17 02:56:16:008 3008 1798 COMAPI ---------
2013-07-17 02:56:16:008 3008 1798 COMAPI --  END  --  COMAPI: Search [ClientId = wusa]
2013-07-17 02:56:16:008 3008 1798 COMAPI -------------
2013-07-17 02:56:16:008 3008 13cc COMAPI -----------  COMAPI: IUpdateServiceManager::RemoveService  -----------
2013-07-17 02:56:16:008 3008 13cc COMAPI   - ServiceId = {f7c7f927-e5c2-402f-8c79-8633e8e7c043}
2013-07-17 02:56:16:117 3008 13cc COMAPI IUpdateService removing volatile scan package service, serviceID = {F7C7F927-E5C2-402F-8C79-8633E8E7C043}
2013-07-17 02:56:16:117  992 15b8 Agent WARNING: WU client fails CClientCallRecorder::RemoveService with error 0x80248014
2013-07-17 02:56:16:117 3008 13cc COMAPI WARNING: ISusInternal::RemoveService failed, hr=80248014
2013-07-17 03:00:10:008  992 be4 AU Forced install timer expired for scheduled install
2013-07-17 03:00:10:039  992 be4 AU UpdateDownloadProperties: 0 download(s) are still in progress.
2013-07-17 03:00:10:039  992 be4 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 03:00:10:039  992 be4 AU Successfully wrote event for AU health state:0
2013-07-17 03:00:15:047  992 258 Report CWERReporter finishing event handling. (00000000)
2013-07-17 03:02:02:544  992 258 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:00:28:546  992 be4 AU AU deferring detection until wake-up from hibernation
2013-07-17 10:00:31:042  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:00:37:641  992 be4 AU Triggering Online detection (non-interactive)
2013-07-17 10:00:45:540  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:00:51:047  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:02:07:188  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:02:18:545  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:03:06:721  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:03:13:866  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:06:44:559  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:06:56:540  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:08:02:045  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:10:37:733  992 be4 AU #############
2013-07-17 10:10:37:749  992 be4 AU ## START ##  AU: Search for updates
2013-07-17 10:10:37:749  992 be4 AU #########
2013-07-17 10:10:37:827  992 be4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {447C9927-6D7F-4DA4-ACA0-61FA010317D0}]
2013-07-17 10:10:37:827  992 1648 Agent *************
2013-07-17 10:10:37:827  992 1648 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:10:37:827  992 1648 Agent *********
2013-07-17 10:10:37:827  992 1648 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 10:10:37:827  992 1648 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 10:10:37:827  992 1648 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 10:10:37:827  992 1648 Agent   * Search Scope = {Machine}
2013-07-17 10:10:39:231  992 1648 Setup Checking for agent SelfUpdate
2013-07-17 10:10:39:324  992 1648 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-07-17 10:10:39:418  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 10:10:39:465  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:39:621 5792 610 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 10:10:39:621 5792 610 Misc   = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
2013-07-17 10:10:39:621 5792 610 Misc   = Module: C:\Windows\system32\wuapi.dll
2013-07-17 10:10:39:621 5792 610 COMAPI -------------
2013-07-17 10:10:39:621 5792 610 COMAPI -- START --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:10:39:621 5792 610 COMAPI ---------
2013-07-17 10:10:39:777 5792 610 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:10:43:333  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 10:10:43:333  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:43:380  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-07-17 10:10:43:411  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:47:343  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-07-17 10:10:47:358  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:47:389  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-07-17 10:10:47:421  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:48:497  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-07-17 10:10:48:513  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:48:591  992 1648 Setup Determining whether a new setup handler needs to be downloaded
2013-07-17 10:10:48:591  992 1648 Setup SelfUpdate handler is not found.  It will be downloaded
2013-07-17 10:10:48:591  992 1648 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256"
2013-07-17 10:10:52:959  992 1648 Setup WARNING: Cbs StartSession, error = 0x80073712
2013-07-17 10:10:52:974  992 1648 Setup FATAL: Applicability evaluation for setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256" failed, error = 0x80073712
2013-07-17 10:10:52:974  992 1648 Setup FATAL: SelfUpdate check failed, err = 0x80073712
2013-07-17 10:10:52:974  992 1648 Agent   * WARNING: Skipping scan, self-update check returned 0x80073712
2013-07-17 10:10:53:115  992 1648 Agent   * WARNING: Exit code = 0x80073712
2013-07-17 10:10:53:115  992 1648 Agent *********
2013-07-17 10:10:53:115  992 1648 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:10:53:115  992 1648 Agent *************
2013-07-17 10:10:53:115  992 1648 Agent WARNING: WU client failed Searching for update with error 0x80073712
2013-07-17 10:10:53:115  992 1648 Agent *************
2013-07-17 10:10:53:115  992 1648 Agent ** START **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:10:53:115  992 1648 Agent *********
2013-07-17 10:10:53:115  992 1648 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 10:10:53:115  992 1648 Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6b9e8b26-8f50-44b9-94c6-7846084383ec' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2013-07-17 10:10:53:115  992 1648 Agent   * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-07-17 10:10:53:115  992 1648 Agent   * Search Scope = {Machine}
2013-07-17 10:10:53:130  992 1534 AU >>##  RESUMED  ## AU: Search for updates [CallId = {447C9927-6D7F-4DA4-ACA0-61FA010317D0}]
2013-07-17 10:10:53:130  992 1534 AU   # WARNING: Search callback failed, result = 0x80073712
2013-07-17 10:10:53:130  992 1534 AU   # WARNING: Failed to find updates with error code 80073712
2013-07-17 10:10:53:130  992 1534 AU #########
2013-07-17 10:10:53:130  992 1534 AU ##  END  ##  AU: Search for updates [CallId = {447C9927-6D7F-4DA4-ACA0-61FA010317D0}]
2013-07-17 10:10:53:130  992 1534 AU #############
2013-07-17 10:10:53:130  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:10:53:130  992 1534 AU AU setting next detection timeout to 2013-07-17 22:10:53
2013-07-17 10:10:53:130  992 1534 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 10:10:53:130  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:10:53:161  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 10:10:53:161  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:10:53:177  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:54:300  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 10:10:54:316  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:54:363  992 1648 Agent Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2013-07-17 10:10:54:363  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-07-17 10:10:54:378  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:58:715  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-07-17 10:10:58:731  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:10:59:152  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:10:59:199  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:04:846  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:11:04:846  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:04:861  992 1648 PT +++++++++++  PT: Starting category scan  +++++++++++
2013-07-17 10:11:04:861  992 1648 PT   + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-07-17 10:11:10:633  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:11:10:680  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:11:523  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:11:11:538  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:11:554  992 1648 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-07-17 10:11:11:554  992 1648 PT   + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-07-17 10:11:31:194  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:11:31:210  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:32:052  992 1648 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-07-17 10:11:32:068  992 1648 Misc  Microsoft signed: Yes
2013-07-17 10:11:32:068  992 1648 PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
2013-07-17 10:11:32:068  992 1648 PT   + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-07-17 10:11:34:377  992 1648 DtaStor WARNING: Attempted to add URL http://download.windowsupdate.com/msdownload/update/common/2013/07/8603624_d48a98b3ccad18f879f6625b8f98bc513b27a53c.cab for file 1IqYs8ytGPh59mJbj5i8UTsnpTw= when file has not been previously added to the datastore
2013-07-17 10:11:34:377  992 1648 DtaStor WARNING: Attempted to add URL http://download.windowsupdate.com/msdownload/update/common/2013/07/8604077_20bc9fc298ef2fcc7378b5e8a85f24427e59518f.cab for file ILyfwpjvL8xzeLXoqF8kQn5ZUY8= when file has not been previously added to the datastore
2013-07-17 10:11:34:377  992 1648 DtaStor WARNING: Attempted to add URL http://download.windowsupdate.com/msdownload/update/common/2013/07/8604272_47f51997d1ac22452c949f1f8a934e5fb31f6007.cab for file R/UZl9GsIkUslJ8fipNOX7MfYAc= when file has not been previously added to the datastore
2013-07-17 10:11:34:455  992 be4 AU Triggering Offline detection (non-interactive)
2013-07-17 10:11:34:455  992 be4 AU #############
2013-07-17 10:11:34:455  992 be4 AU ## START ##  AU: Search for updates
2013-07-17 10:11:34:455  992 be4 AU #########
2013-07-17 10:11:34:470  992 1648 Agent Update {6ADDF055-54D2-4854-BA9A-CA63B7FD33E6}.201 is pruned out due to potential supersedence
2013-07-17 10:11:34:470  992 1648 Agent Update {B6B3C673-DABC-4C71-9B86-AA301591CC88}.201 is pruned out due to potential supersedence
2013-07-17 10:11:34:470  992 1648 Agent Update {6A8E91C6-C2F9-4442-A160-E5184BCFC9C0}.201 is pruned out due to potential supersedence
2013-07-17 10:11:34:470  992 1648 Agent Update {7405FC56-4FC1-47B4-85EE-55C95F3D76A0}.201 is pruned out due to potential supersedence
2013-07-17 10:11:34:470  992 1648 Agent Update {6AF3EF90-6135-4145-BE66-54212899D543}.201 is pruned out due to potential supersedence
2013-07-17 10:11:34:470  992 1648 Agent   * Added update {589E52AE-8B4A-4FE7-90CB-C05BD374BC5E}.201 to search result
2013-07-17 10:11:34:470  992 1648 Agent   * Found 1 updates and 4 categories in search; evaluated appl. rules of 126 out of 139 deployed entities
2013-07-17 10:11:34:517  992 1648 Agent *********
2013-07-17 10:11:34:517  992 1648 Agent **  END  **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:517  992 1648 Agent *************
2013-07-17 10:11:34:533  992 1648 Report REPORT EVENT: {726EAE34-6ECE-40DE-8155-679106BFBFF7} 2013-07-17 10:10:52:974-0700 1 148 101 {61CA813A-7585-442E-A66B-B0D15CE6BDC0} 1 80073712 SelfUpdate Failure Software Synchronization Windows Update Client failed to detect with error 0x80073712.
2013-07-17 10:11:34:533  992 be4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {2269BE03-6663-4EC3-9E9F-E0AE99847A24}]
2013-07-17 10:11:34:548 5792 c30 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:548 5792 c30 COMAPI   - Updates found = 1
2013-07-17 10:11:34:548 5792 c30 COMAPI ---------
2013-07-17 10:11:34:548 5792 c30 COMAPI --  END  --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:548 5792 c30 COMAPI -------------
2013-07-17 10:11:34:579  992 1648 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-07-17 10:11:34:579  992 1648 Report WER Report sent: 7.6.7600.256 0x80073712 61CA813A-7585-442E-A66B-B0D15CE6BDC0 Scan 101 Unmanaged
2013-07-17 10:11:34:579  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:11:34:579  992 1648 Agent *************
2013-07-17 10:11:34:579  992 1648 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:11:34:579  992 1648 Agent *********
2013-07-17 10:11:34:579  992 1648 Agent   * Online = No; Ignore download priority = No
2013-07-17 10:11:34:579  992 1648 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 10:11:34:579  992 1648 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 10:11:34:579  992 1648 Agent   * Search Scope = {Machine}
2013-07-17 10:11:34:626 5792 140c COMAPI -------------
2013-07-17 10:11:34:626 5792 140c COMAPI -- START --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:626 5792 140c COMAPI ---------
2013-07-17 10:11:34:626 5792 140c COMAPI   - Forced: No; Download priority: 2
2013-07-17 10:11:34:626 5792 140c COMAPI   - Updates in request: 1
2013-07-17 10:11:34:626 5792 140c COMAPI   - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-07-17 10:11:34:735 5792 140c COMAPI <<-- SUBMITTED -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:798  992 1648 Agent   * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2013-07-17 10:11:34:798  992 1648 Agent *********
2013-07-17 10:11:34:798  992 1648 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:11:34:798  992 1648 Agent *************
2013-07-17 10:11:34:798  992 1648 DnldMgr *************
2013-07-17 10:11:34:798  992 1648 DnldMgr ** START **  DnldMgr: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:34:798  992 1648 DnldMgr *********
2013-07-17 10:11:34:798  992 1648 DnldMgr   * Call ID = {833398BE-4BB3-45F9-B8D2-068806017D32}
2013-07-17 10:11:34:798  992 1648 DnldMgr   * Priority = 2, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2013-07-17 10:11:34:798  992 1648 DnldMgr   * Updates to download = 1
2013-07-17 10:11:34:798  992 1648 Agent   *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.155.179.0)
2013-07-17 10:11:34:798  992 1648 Agent   *   UpdateId = {589E52AE-8B4A-4FE7-90CB-C05BD374BC5E}.201
2013-07-17 10:11:34:798  992 1648 Agent   *     Bundles 5 updates:
2013-07-17 10:11:34:798  992 1648 Agent   *       {F8415897-4A77-4132-AC45-912AA016C207}.200
2013-07-17 10:11:34:798  992 1648 Agent   *       {FBA7BC73-63A3-48A7-B2AB-BC498BAA1173}.200
2013-07-17 10:11:34:798  992 1648 Agent   *       {F5E43882-1C8D-4461-B6DA-E417329A1FDF}.200
2013-07-17 10:11:34:798  992 1648 Agent   *       {CC896905-14AA-4516-9023-2897B9731DB1}.200
2013-07-17 10:11:34:798  992 1648 Agent   *       {ADA3B38F-F2F1-40BA-86E5-6EF12452BB42}.201
2013-07-17 10:11:34:829  992 1648 DnldMgr ***********  DnldMgr: New download job [UpdateId = {FBA7BC73-63A3-48A7-B2AB-BC498BAA1173}.200]  ***********
2013-07-17 10:11:35:110  992 1648 DnldMgr   * BITS job initialized, JobId = {DA19C60C-C325-4666-BAA4-4F1AFB9EECC7}
2013-07-17 10:11:35:359  992 1648 DnldMgr   * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2013/07/nis_engine_72360530ee120434359f4ca0fe168b3bcf89fff8.exe to C:\Windows\SoftwareDistribution\Download\d9b6c2f01b44d6008928ae52180fe870\72360530ee120434359f4ca0fe168b3bcf89fff8 (full file).
2013-07-17 10:11:35:937  992 1648 DnldMgr ***********  DnldMgr: New download job [UpdateId = {F5E43882-1C8D-4461-B6DA-E417329A1FDF}.200]  ***********
2013-07-17 10:11:36:358  992 1648 DnldMgr   * BITS job initialized, JobId = {32CCC425-A64E-4C1B-BDA3-511E81FB5D76}
2013-07-17 10:11:36:592  992 1648 DnldMgr   * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2013/07/nis_base_05a30a31dc8f6a026b13947b544ab98b1f404738.exe to C:\Windows\SoftwareDistribution\Download\5ebd09c54df3dac21d456e84c0a63c28\05a30a31dc8f6a026b13947b544ab98b1f404738 (full file).
2013-07-17 10:11:36:904  992 1648 DnldMgr ***********  DnldMgr: New download job [UpdateId = {CC896905-14AA-4516-9023-2897B9731DB1}.200]  ***********
2013-07-17 10:11:37:107  992 1648 DnldMgr   * BITS job initialized, JobId = {05A4F808-CCBA-4798-A73C-79D51F36BB79}
2013-07-17 10:11:37:185  992 1648 DnldMgr   * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2013/07/nis_delta_patch_a223b6b5fac10e51087bcee4a1642324033ce33c.exe to C:\Windows\SoftwareDistribution\Download\4b92630cacb973d488e27d39e7f34acf\a223b6b5fac10e51087bcee4a1642324033ce33c (full file).
2013-07-17 10:11:37:387  992 1648 DnldMgr ***********  DnldMgr: New download job [UpdateId = {ADA3B38F-F2F1-40BA-86E5-6EF12452BB42}.201]  ***********
2013-07-17 10:11:37:543  992 1648 DnldMgr   * BITS job initialized, JobId = {2AC1D9E1-E54A-4301-8345-7C831817E4FC}
2013-07-17 10:11:37:637  992 1648 DnldMgr   * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2013/07/am_delta_patch_1.155.7.0_734db8868a4ea98efcce8544d3a0b3cb7d732b0b.exe to C:\Windows\SoftwareDistribution\Download\155440cf54600d488edc99b217e674d5\734db8868a4ea98efcce8544d3a0b3cb7d732b0b (full file).
2013-07-17 10:11:37:934  992 1534 AU >>##  RESUMED  ## AU: Search for updates [CallId = {2269BE03-6663-4EC3-9E9F-E0AE99847A24}]
2013-07-17 10:11:37:934  992 1534 AU   # 0 updates detected
2013-07-17 10:11:37:934  992 1534 AU #########
2013-07-17 10:11:37:934  992 1534 AU ##  END  ##  AU: Search for updates [CallId = {2269BE03-6663-4EC3-9E9F-E0AE99847A24}]
2013-07-17 10:11:37:934  992 1534 AU #############
2013-07-17 10:11:37:934  992 1534 AU No featured updates notifications to show
2013-07-17 10:11:37:934  992 1534 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 10:11:37:934  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:11:37:934  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:11:38:074  992 1648 Agent *********
2013-07-17 10:11:38:074  992 1648 Agent **  END  **  Agent: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:11:38:074  992 1648 Agent *************
2013-07-17 10:11:39:525  992 1648 Report REPORT EVENT: {62F406D3-2506-4E00-88E5-08F35090D567} 2013-07-17 10:11:34:517-0700 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Security Essentials ( Success Software Synchronization Windows Update Client successfully detected 1 updates.
2013-07-17 10:11:39:525  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:14:05:167  992 a98 DnldMgr BITS job {DA19C60C-C325-4666-BAA4-4F1AFB9EECC7} completed successfully
2013-07-17 10:14:05:276  992 a98 Misc Validating signature for C:\Windows\SoftwareDistribution\Download\d9b6c2f01b44d6008928ae52180fe870\72360530ee120434359f4ca0fe168b3bcf89fff8:
2013-07-17 10:14:05:291  992 a98 Misc  Microsoft signed: Yes
2013-07-17 10:14:05:307  992 a98 DnldMgr   Download job bytes total = 724248, bytes transferred = 724248
2013-07-17 10:14:05:307  992 a98 DnldMgr ***********  DnldMgr: New download job [UpdateId = {FBA7BC73-63A3-48A7-B2AB-BC498BAA1173}.200]  ***********
2013-07-17 10:14:05:307  992 a98 DnldMgr   * All files for update were already downloaded and are valid.
2013-07-17 10:14:10:315  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:14:13:232  992 e28 DnldMgr BITS job {32CCC425-A64E-4C1B-BDA3-511E81FB5D76} completed successfully
2013-07-17 10:14:13:294  992 e28 Misc Validating signature for C:\Windows\SoftwareDistribution\Download\5ebd09c54df3dac21d456e84c0a63c28\05a30a31dc8f6a026b13947b544ab98b1f404738:
2013-07-17 10:14:13:310  992 e28 Misc  Microsoft signed: Yes
2013-07-17 10:14:13:325  992 e28 DnldMgr   Download job bytes total = 125208, bytes transferred = 125208
2013-07-17 10:14:13:325  992 e28 DnldMgr ***********  DnldMgr: New download job [UpdateId = {F5E43882-1C8D-4461-B6DA-E417329A1FDF}.200]  ***********
2013-07-17 10:14:13:325  992 e28 DnldMgr   * All files for update were already downloaded and are valid.
2013-07-17 10:14:16:430  992 a98 DnldMgr BITS job {05A4F808-CCBA-4798-A73C-79D51F36BB79} completed successfully
2013-07-17 10:14:16:539  992 a98 Misc Validating signature for C:\Windows\SoftwareDistribution\Download\4b92630cacb973d488e27d39e7f34acf\a223b6b5fac10e51087bcee4a1642324033ce33c:
2013-07-17 10:14:16:555  992 a98 Misc  Microsoft signed: Yes
2013-07-17 10:14:16:570  992 a98 DnldMgr   Download job bytes total = 28944, bytes transferred = 28944
2013-07-17 10:14:16:570  992 a98 DnldMgr ***********  DnldMgr: New download job [UpdateId = {CC896905-14AA-4516-9023-2897B9731DB1}.200]  ***********
2013-07-17 10:14:16:570  992 a98 DnldMgr   * All files for update were already downloaded and are valid.
2013-07-17 10:14:18:333  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:14:51:140  992 e28 DnldMgr BITS job {2AC1D9E1-E54A-4301-8345-7C831817E4FC} completed successfully
2013-07-17 10:14:51:202  992 e28 Misc Validating signature for C:\Windows\SoftwareDistribution\Download\155440cf54600d488edc99b217e674d5\734db8868a4ea98efcce8544d3a0b3cb7d732b0b:
2013-07-17 10:14:51:218  992 e28 Misc  Microsoft signed: Yes
2013-07-17 10:14:51:233  992 e28 DnldMgr   Download job bytes total = 903440, bytes transferred = 903440
2013-07-17 10:14:51:233  992 e28 DnldMgr ***********  DnldMgr: New download job [UpdateId = {ADA3B38F-F2F1-40BA-86E5-6EF12452BB42}.201]  ***********
2013-07-17 10:14:51:233  992 e28 DnldMgr   * All files for update were already downloaded and are valid.
2013-07-17 10:14:51:233 5792 c30 COMAPI >>--  RESUMED  -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:14:51:249 5792 c30 COMAPI   - Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2013-07-17 10:14:51:249 5792 c30 COMAPI ---------
2013-07-17 10:14:51:249 5792 c30 COMAPI --  END  --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:14:51:249 5792 c30 COMAPI -------------
2013-07-17 10:14:51:296 5792 6c8 COMAPI -------------
2013-07-17 10:14:51:296 5792 6c8 COMAPI -- START --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:14:51:296 5792 6c8 COMAPI ---------
2013-07-17 10:14:51:296 5792 6c8 COMAPI   - Allow source prompts: Yes; Forced: No; Force quiet: Yes
2013-07-17 10:14:51:296 5792 6c8 COMAPI   - Updates in request: 1
2013-07-17 10:14:51:296 5792 6c8 COMAPI   - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-07-17 10:14:51:311 5792 6c8 COMAPI   - Updates to install = 1
2013-07-17 10:14:51:311 5792 6c8 COMAPI <<-- SUBMITTED -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:14:51:311  992 156c Agent *************
2013-07-17 10:14:51:311  992 156c Agent ** START **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:14:51:311  992 156c Agent *********
2013-07-17 10:14:51:311  992 156c Agent   * Updates to install = 1
2013-07-17 10:14:51:311  992 156c Agent   *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.155.179.0)
2013-07-17 10:14:51:311  992 156c Agent   *   UpdateId = {589E52AE-8B4A-4FE7-90CB-C05BD374BC5E}.201
2013-07-17 10:14:51:311  992 156c Agent   *     Bundles 12 updates:
2013-07-17 10:14:51:311  992 156c Agent   *       {9331412D-E26D-4E46-9071-7C160692DCA1}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {75AAF85C-38DA-44A5-8CAA-12293A45884A}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {F12E90F0-EF6F-4F39-88CE-002ACE55F401}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {617609E6-E121-4428-BA0C-A827233144D5}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {CDD6FF94-EBB8-4713-B0FB-DF52215874CF}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {6B1FB85A-184A-4CF1-B6AA-D14C9C9A7605}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {FCC7C79E-4D29-4CD9-A3DF-9B1E0F389C0D}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {F8415897-4A77-4132-AC45-912AA016C207}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {FBA7BC73-63A3-48A7-B2AB-BC498BAA1173}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {F5E43882-1C8D-4461-B6DA-E417329A1FDF}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {CC896905-14AA-4516-9023-2897B9731DB1}.200
2013-07-17 10:14:51:311  992 156c Agent   *       {ADA3B38F-F2F1-40BA-86E5-6EF12452BB42}.201
2013-07-17 10:14:56:272  992 1648 Report REPORT EVENT: {2397C8FE-6C47-486D-8DDD-9DAD7037996F} 2013-07-17 10:14:51:233-0700 1 162 101 {589E52AE-8B4A-4FE7-90CB-C05BD374BC5E} 201 0 Microsoft Security Essentials ( Success Content Download Download succeeded.
2013-07-17 10:14:56:303  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:15:18:190  992 156c DnldMgr Preparing update for install, updateId = {FBA7BC73-63A3-48A7-B2AB-BC498BAA1173}.200.
2013-07-17 10:15:18:923 4436 1054 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 10:15:18:923 4436 1054 Misc   = Process: C:\Windows\system32\wuauclt.exe
2013-07-17 10:15:18:923 4436 1054 Misc   = Module: C:\Windows\system32\wuaueng.dll
2013-07-17 10:15:18:908 4436 1054 Handler :::::::::::::
2013-07-17 10:15:18:923 4436 1054 Handler :: START ::  Handler: Command Line Install
2013-07-17 10:15:18:923 4436 1054 Handler :::::::::
2013-07-17 10:15:18:923 4436 1054 Handler   : Updates to install = 1
2013-07-17 10:15:23:026 4436 1054 Handler   : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-07-17 10:15:23:057 4436 1054 Handler :::::::::
2013-07-17 10:15:23:057 4436 1054 Handler ::  END  ::  Handler: Command Line Install
2013-07-17 10:15:23:057 4436 1054 Handler :::::::::::::
2013-07-17 10:15:24:025  992 156c DnldMgr Preparing update for install, updateId = {F5E43882-1C8D-4461-B6DA-E417329A1FDF}.200.
2013-07-17 10:15:24:025  992 156c Misc FATAL: Failed to delete file \\?\C:\Windows\SoftwareDistribution\Download\Install\NIS_Engine.exe (hr = 80070020) after 0 retries
2013-07-17 10:15:24:742 4436 1054 Handler :::::::::::::
2013-07-17 10:15:24:742 4436 1054 Handler :: START ::  Handler: Command Line Install
2013-07-17 10:15:24:742 4436 1054 Handler :::::::::
2013-07-17 10:15:24:742 4436 1054 Handler   : Updates to install = 1
2013-07-17 10:15:29:859 4436 1054 Handler   : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-07-17 10:15:29:922 4436 1054 Handler :::::::::
2013-07-17 10:15:29:922 4436 1054 Handler ::  END  ::  Handler: Command Line Install
2013-07-17 10:15:29:922 4436 1054 Handler :::::::::::::
2013-07-17 10:15:34:399  992 156c DnldMgr Preparing update for install, updateId = {CC896905-14AA-4516-9023-2897B9731DB1}.200.
2013-07-17 10:15:34:446  992 156c Misc FATAL: Failed to delete file \\?\C:\Windows\SoftwareDistribution\Download\Install\NIS_Base.exe (hr = 80070020) after 0 retries
2013-07-17 10:15:34:446  992 156c Misc FATAL: Failed to delete file \\?\C:\Windows\SoftwareDistribution\Download\Install\NIS_Engine.exe (hr = 80070020) after 0 retries
2013-07-17 10:15:36:146 4436 1054 Handler :::::::::::::
2013-07-17 10:15:36:255 4436 1054 Handler :: START ::  Handler: Command Line Install
2013-07-17 10:15:36:255 4436 1054 Handler :::::::::
2013-07-17 10:15:36:255 4436 1054 Handler   : Updates to install = 1
2013-07-17 10:15:37:410 4436 1054 Handler   : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-07-17 10:15:37:456 4436 1054 Handler :::::::::
2013-07-17 10:15:37:456 4436 1054 Handler ::  END  ::  Handler: Command Line Install
2013-07-17 10:15:37:456 4436 1054 Handler :::::::::::::
2013-07-17 10:15:37:456  992 156c DnldMgr Preparing update for install, updateId = {ADA3B38F-F2F1-40BA-86E5-6EF12452BB42}.201.
2013-07-17 10:15:37:644 4436 1054 Handler :::::::::::::
2013-07-17 10:15:37:644 4436 1054 Handler :: START ::  Handler: Command Line Install
2013-07-17 10:15:37:644 4436 1054 Handler :::::::::
2013-07-17 10:15:37:644 4436 1054 Handler   : Updates to install = 1
2013-07-17 10:16:13:680 4436 1054 Handler   : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-07-17 10:16:13:726 4436 1054 Handler :::::::::
2013-07-17 10:16:13:726 4436 1054 Handler ::  END  ::  Handler: Command Line Install
2013-07-17 10:16:13:726 4436 1054 Handler :::::::::::::
2013-07-17 10:16:13:773  992 156c Agent *********
2013-07-17 10:16:13:773  992 156c Agent **  END  **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:16:13:773  992 156c Agent *************
2013-07-17 10:16:13:773  992 be4 AU Triggering Offline detection (non-interactive)
2013-07-17 10:16:13:773  992 be4 AU #############
2013-07-17 10:16:13:773  992 be4 AU ## START ##  AU: Search for updates
2013-07-17 10:16:13:773  992 be4 AU #########
2013-07-17 10:16:13:773 5792 560 COMAPI >>--  RESUMED  -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:16:13:773 5792 560 COMAPI   - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2013-07-17 10:16:13:773 5792 560 COMAPI   - Reboot required = No
2013-07-17 10:16:13:773 5792 560 COMAPI ---------
2013-07-17 10:16:13:773 5792 560 COMAPI --  END  --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-07-17 10:16:13:773 5792 560 COMAPI -------------
2013-07-17 10:16:14:054  992 be4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {B82CD017-ED33-46DE-831D-4E8F878979F7}]
2013-07-17 10:16:14:054  992 1648 Agent *************
2013-07-17 10:16:14:054  992 1648 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:16:14:054  992 1648 Agent *********
2013-07-17 10:16:14:054  992 1648 Agent   * Online = No; Ignore download priority = No
2013-07-17 10:16:14:054  992 1648 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 10:16:14:054  992 1648 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 10:16:14:054  992 1648 Agent   * Search Scope = {Machine}
2013-07-17 10:16:14:288  992 1648 Agent   * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2013-07-17 10:16:14:288  992 1648 Agent *********
2013-07-17 10:16:14:288  992 1648 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 10:16:14:288  992 1648 Agent *************
2013-07-17 10:16:14:288  992 1534 AU >>##  RESUMED  ## AU: Search for updates [CallId = {B82CD017-ED33-46DE-831D-4E8F878979F7}]
2013-07-17 10:16:14:288  992 1534 AU   # 0 updates detected
2013-07-17 10:16:14:288  992 1534 AU #########
2013-07-17 10:16:14:288  992 1534 AU ##  END  ##  AU: Search for updates [CallId = {B82CD017-ED33-46DE-831D-4E8F878979F7}]
2013-07-17 10:16:14:288  992 1534 AU #############
2013-07-17 10:16:14:288  992 1534 AU No featured updates notifications to show
2013-07-17 10:16:14:288  992 1534 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 10:16:14:288  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:16:14:288  992 1534 AU Successfully wrote event for AU health state:0
2013-07-17 10:16:18:765  992 1648 Report REPORT EVENT: {6CFEAB17-11BA-4DA2-809B-29D4BF2117F4} 2013-07-17 10:16:13:742-0700 1 183 101 {589E52AE-8B4A-4FE7-90CB-C05BD374BC5E} 201 0 Microsoft Security Essentials ( Success Content Install Installation Successful: Windows successfully installed the following update: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.155.179.0)
2013-07-17 10:16:18:765  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:20:30:362  992 1648 Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:57:26:800  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 10:57:38:989  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:00:17:549  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:00:30:505  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:01:17:627  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:01:47:961  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:02:00:051  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:02:18:942  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:06:30:076  992 157c Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:31:10:403  992 1034 Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:36:34:142 1020 dac Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 11:36:34:142 1020 dac Misc   = Process: C:\Windows\system32\svchost.exe
2013-07-17 11:36:34:142 1020 dac Misc   = Module: c:\windows\system32\wuaueng.dll
2013-07-17 11:36:34:142 1020 dac Service *************
2013-07-17 11:36:34:142 1020 dac Service ** START **  Service: Service startup
2013-07-17 11:36:34:142 1020 dac Service *********
2013-07-17 11:36:34:282 1020 dac Agent   * WU client version 7.6.7600.256
2013-07-17 11:36:34:282 1020 dac Agent   * Base directory: C:\Windows\SoftwareDistribution
2013-07-17 11:36:34:345 1020 dac Agent   * Access type: No proxy
2013-07-17 11:36:34:345 1020 dac Agent   * Network state: Connected
2013-07-17 11:37:21:254 1020 dac Report CWERReporter::Init succeeded
2013-07-17 11:37:21:254 1020 dac Agent ***********  Agent: Initializing Windows Update Agent  ***********
2013-07-17 11:37:21:254 1020 dac Agent ***********  Agent: Initializing global settings cache  ***********
2013-07-17 11:37:21:254 1020 dac Agent   * WSUS server: <NULL>
2013-07-17 11:37:21:254 1020 dac Agent   * WSUS status server: <NULL>
2013-07-17 11:37:21:254 1020 dac Agent   * Target group: (Unassigned Computers)
2013-07-17 11:37:21:254 1020 dac Agent   * Windows Update access disabled: No
2013-07-17 11:37:21:379 1020 dac DnldMgr Download manager restoring 0 downloads
2013-07-17 11:37:21:426 1020 dac AU ###########  AU: Initializing Automatic Updates  ###########
2013-07-17 11:37:21:426 1020 dac AU   # Approval type: Scheduled (User preference)
2013-07-17 11:37:21:426 1020 dac AU   # Scheduled install day/time: Every day at 3:00
2013-07-17 11:37:21:426 1020 dac AU   # Auto-install minor updates: Yes (User preference)
2013-07-17 11:37:21:426 1020 dac AU   # Will interact with non-admins (Non-admins are elevated (User preference))
2013-07-17 11:37:21:457 1020 dac AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 11:37:24:530 1020 dac Report ***********  Report: Initializing static reporting data  ***********
2013-07-17 11:37:24:530 1020 dac Report   * OS Version = 6.1.7600.0.0.66304
2013-07-17 11:37:24:530 1020 dac Report   * OS Product Type = 0x00000003
2013-07-17 11:37:24:577 1020 dac Report   * Computer Brand = TOSHIBA
2013-07-17 11:37:24:577 1020 dac Report   * Computer Model = Satellite L305
2013-07-17 11:37:24:608 1020 dac Report   * Bios Revision = 1.80
2013-07-17 11:37:24:608 1020 dac Report   * Bios Name = InsydeH2O Version 1.80
2013-07-17 11:37:24:608 1020 dac Report   * Bios Release Date = 2009-03-20T00:00:00
2013-07-17 11:37:24:608 1020 dac Report   * Locale ID = 1033
2013-07-17 11:37:24:717 1020 dac AU Successfully wrote event for AU health state:0
2013-07-17 11:37:24:733 1020 dac AU Initializing featured updates
2013-07-17 11:37:24:764 1020 dac AU Found 0 cached featured updates
2013-07-17 11:37:24:764 1020 dac AU Successfully wrote event for AU health state:0
2013-07-17 11:37:24:764 1020 dac AU Successfully wrote event for AU health state:0
2013-07-17 11:37:24:764 1020 dac AU AU finished delayed initialization
2013-07-17 11:37:29:928 1020 5c4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:44:19:468 1020 dac Shutdwn user declined update at shutdown
2013-07-17 11:44:19:468 1020 dac AU Successfully wrote event for AU health state:0
2013-07-17 11:44:19:468 1020 dac AU AU initiates service shutdown
2013-07-17 11:44:19:468 1020 dac AU ###########  AU: Uninitializing Automatic Updates  ###########
2013-07-17 11:44:19:499 1020 dac Report CWERReporter finishing event handling. (00000000)
2013-07-17 11:44:19:593 1020 dac Service *********
2013-07-17 11:44:19:593 1020 dac Service **  END  **  Service: Service exit [Exit code = 0x240001]
2013-07-17 11:44:19:593 1020 dac Service *************
2013-07-17 11:48:26:732 1024 9c4 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 11:48:27:964 1024 9c4 Misc   = Process: C:\Windows\system32\svchost.exe
2013-07-17 11:48:29:821 1024 9c4 Misc   = Module: c:\windows\system32\wuaueng.dll
2013-07-17 11:48:26:732 1024 9c4 Service *************
2013-07-17 11:48:31:318 1024 9c4 Service ** START **  Service: Service startup
2013-07-17 11:48:32:441 1024 9c4 Service *********
2013-07-17 11:48:47:339 1024 9c4 Agent   * WU client version 7.6.7600.256
2013-07-17 11:48:47:355 1024 9c4 Agent   * Base directory: C:\Windows\SoftwareDistribution
2013-07-17 11:48:47:371 1024 9c4 Agent   * Access type: No proxy
2013-07-17 11:48:47:417 1024 9c4 Agent   * Network state: Connected
2013-07-17 11:49:34:701 1024 9c4 Report CWERReporter::Init succeeded
2013-07-17 11:49:34:701 1024 9c4 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2013-07-17 11:49:34:701 1024 9c4 Agent ***********  Agent: Initializing global settings cache  ***********
2013-07-17 11:49:34:701 1024 9c4 Agent   * WSUS server: <NULL>
2013-07-17 11:49:34:701 1024 9c4 Agent   * WSUS status server: <NULL>
2013-07-17 11:49:34:701 1024 9c4 Agent   * Target group: (Unassigned Computers)
2013-07-17 11:49:34:701 1024 9c4 Agent   * Windows Update access disabled: No
2013-07-17 11:49:34:732 1024 9c4 DnldMgr Download manager restoring 0 downloads
2013-07-17 11:49:34:748 1024 9c4 AU ###########  AU: Initializing Automatic Updates  ###########
2013-07-17 11:49:34:748 1024 9c4 AU   # Approval type: Scheduled (User preference)
2013-07-17 11:49:34:748 1024 9c4 AU   # Scheduled install day/time: Every day at 3:00
2013-07-17 11:49:34:748 1024 9c4 AU   # Auto-install minor updates: Yes (User preference)
2013-07-17 11:49:34:748 1024 9c4 AU   # Will interact with non-admins (Non-admins are elevated (User preference))
2013-07-17 11:49:34:748 1024 9c4 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 12:08:24:980 1024 9c4 Report ***********  Report: Initializing static reporting data  ***********
2013-07-17 12:08:24:980 1024 9c4 Report   * OS Version = 6.1.7600.0.0.66304
2013-07-17 12:08:24:980 1024 9c4 Report   * OS Product Type = 0x00000003
2013-07-17 12:08:25:104 1024 9c4 Report   * Computer Brand = TOSHIBA
2013-07-17 12:08:25:104 1024 9c4 Report   * Computer Model = Satellite L305
2013-07-17 12:08:25:104 1024 9c4 Report   * Bios Revision = 1.80
2013-07-17 12:08:25:104 1024 9c4 Report   * Bios Name = InsydeH2O Version 1.80
2013-07-17 12:08:25:104 1024 9c4 Report   * Bios Release Date = 2009-03-20T00:00:00
2013-07-17 12:08:25:104 1024 9c4 Report   * Locale ID = 1033
2013-07-17 12:08:25:120 1024 9c4 AU Successfully wrote event for AU health state:0
2013-07-17 12:08:25:120 1024 9c4 AU Initializing featured updates
2013-07-17 12:08:25:120 1024 9c4 AU Found 0 cached featured updates
2013-07-17 12:08:25:120 1024 9c4 AU Successfully wrote event for AU health state:0
2013-07-17 12:08:26:274 1024 9c4 AU Successfully wrote event for AU health state:0
2013-07-17 12:08:26:274 1024 9c4 AU AU finished delayed initialization
2013-07-17 12:08:26:274 1024 9c4 AU #############
2013-07-17 12:08:26:274 1024 9c4 AU ## START ##  AU: Search for updates
2013-07-17 12:08:26:274 1024 9c4 AU #########
2013-07-17 12:08:26:399 1024 9c4 AU <<## SUBMITTED ## AU: Search for updates [CallId = {4E818ECD-696F-443F-BF9A-C20B8AF4AA01}]
2013-07-17 12:08:26:430 1024 298 Agent *************
2013-07-17 12:08:26:430 1024 298 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 12:08:26:430 1024 298 Agent *********
2013-07-17 12:08:26:430 1024 298 Agent   * Online = No; Ignore download priority = No
2013-07-17 12:08:26:430 1024 298 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 12:08:26:430 1024 298 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 12:08:26:430 1024 298 Agent   * Search Scope = {Machine}
2013-07-17 12:08:26:820 1024 298 Agent   * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2013-07-17 12:08:27:242 1024 298 Agent *********
2013-07-17 12:08:27:242 1024 298 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 12:08:27:242 1024 298 Agent *************
2013-07-17 12:08:27:273 1024 8c0 AU >>##  RESUMED  ## AU: Search for updates [CallId = {4E818ECD-696F-443F-BF9A-C20B8AF4AA01}]
2013-07-17 12:08:27:273 1024 8c0 AU   # 0 updates detected
2013-07-17 12:08:27:273 1024 8c0 AU #########
2013-07-17 12:08:27:273 1024 8c0 AU ##  END  ##  AU: Search for updates [CallId = {4E818ECD-696F-443F-BF9A-C20B8AF4AA01}]
2013-07-17 12:08:27:273 1024 8c0 AU #############
2013-07-17 12:08:27:273 1024 8c0 AU No featured updates notifications to show
2013-07-17 12:08:27:273 1024 8c0 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 12:08:27:273 1024 8c0 AU Successfully wrote event for AU health state:0
2013-07-17 12:08:27:273 1024 8c0 AU Successfully wrote event for AU health state:0
2013-07-17 12:08:30:190 1024 298 Report REPORT EVENT: {8BBDBCC8-5AF2-4562-8037-9F082D31C602} 2013-07-17 12:08:25:120-0700 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.
2013-07-17 12:08:30:221 1024 298 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:13:12:186 1024 1a0 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 12:13:12:201 1024 1a0 Misc   = Process: C:\Windows\system32\svchost.exe
2013-07-17 12:13:12:201 1024 1a0 Misc   = Module: c:\windows\system32\wuaueng.dll
2013-07-17 12:13:12:186 1024 1a0 Service *************
2013-07-17 12:13:12:201 1024 1a0 Service ** START **  Service: Service startup
2013-07-17 12:13:12:201 1024 1a0 Service *********
2013-07-17 12:13:12:389 1024 1a0 Agent   * WU client version 7.6.7600.256
2013-07-17 12:13:12:389 1024 1a0 Agent   * Base directory: C:\Windows\SoftwareDistribution
2013-07-17 12:13:12:404 1024 1a0 Agent   * Access type: No proxy
2013-07-17 12:13:12:404 1024 1a0 Agent   * Network state: Connected
2013-07-17 12:13:58:643 1024 1a0 Report CWERReporter::Init succeeded
2013-07-17 12:13:58:643 1024 1a0 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2013-07-17 12:13:58:643 1024 1a0 Agent ***********  Agent: Initializing global settings cache  ***********
2013-07-17 12:13:58:643 1024 1a0 Agent   * WSUS server: <NULL>
2013-07-17 12:13:58:643 1024 1a0 Agent   * WSUS status server: <NULL>
2013-07-17 12:13:58:643 1024 1a0 Agent   * Target group: (Unassigned Computers)
2013-07-17 12:13:58:643 1024 1a0 Agent   * Windows Update access disabled: No
2013-07-17 12:13:58:658 1024 1a0 DnldMgr Download manager restoring 0 downloads
2013-07-17 12:13:58:674 1024 1a0 AU ###########  AU: Initializing Automatic Updates  ###########
2013-07-17 12:13:58:674 1024 1a0 AU   # Approval type: Scheduled (User preference)
2013-07-17 12:13:58:674 1024 1a0 AU   # Scheduled install day/time: Every day at 3:00
2013-07-17 12:13:58:674 1024 1a0 AU   # Auto-install minor updates: Yes (User preference)
2013-07-17 12:13:58:674 1024 1a0 AU   # Will interact with non-admins (Non-admins are elevated (User preference))
2013-07-17 12:13:58:674 1024 1a0 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 12:13:59:781 1024 1a0 Report ***********  Report: Initializing static reporting data  ***********
2013-07-17 12:13:59:781 1024 1a0 Report   * OS Version = 6.1.7600.0.0.66304
2013-07-17 12:13:59:781 1024 1a0 Report   * OS Product Type = 0x00000003
2013-07-17 12:13:59:813 1024 1a0 Report   * Computer Brand = TOSHIBA
2013-07-17 12:13:59:813 1024 1a0 Report   * Computer Model = Satellite L305
2013-07-17 12:13:59:844 1024 1a0 Report   * Bios Revision = 1.80
2013-07-17 12:13:59:844 1024 1a0 Report   * Bios Name = InsydeH2O Version 1.80
2013-07-17 12:13:59:844 1024 1a0 Report   * Bios Release Date = 2009-03-20T00:00:00
2013-07-17 12:13:59:844 1024 1a0 Report   * Locale ID = 1033
2013-07-17 12:13:59:891 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 12:13:59:891 1024 1a0 AU Initializing featured updates
2013-07-17 12:13:59:891 1024 1a0 AU Found 0 cached featured updates
2013-07-17 12:13:59:891 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 12:13:59:891 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 12:13:59:891 1024 1a0 AU AU finished delayed initialization
2013-07-17 12:14:05:039 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:18:38:772 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:18:43:780 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:25:40:347 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:27:28:775 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:29:21:487 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:29:32:766 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:30:45:173 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:30:56:779 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:32:26:214 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:33:39:777 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:33:50:132 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:34:01:769 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:34:38:756 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 12:59:59:531 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:00:15:973 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:00:44:281 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:01:12:267 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:01:25:290 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:01:33:277 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:04:05:143 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:05:04:424 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 13:05:09:431 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:06:19:479 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 13:06:22:584 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:06:45:520 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:06:46:674 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 13:06:51:682 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:14:34:664 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 13:14:39:671 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:26:51:113 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:26:58:484 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:27:05:723 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:27:16:268 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:27:56:688 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:42:18:592 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:42:25:269 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:42:30:276 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:42:41:352 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 13:48:57:755 1024 8b8 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:32:01:129 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:32:06:073 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:32:17:773 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:33:20:266 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:33:25:763 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:33:37:275 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:34:43:279 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:37:57:589 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:38:05:779 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:38:26:793 1024 d10 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:55:06:171 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:57:22:369 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:57:25:255 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:57:30:263 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:57:55:363 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:58:02:052 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:58:04:169 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:58:09:179 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:58:15:876 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:58:35:387 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:58:36:765 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:58:40:125 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:58:40:125 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 14:58:55:061 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 14:59:00:093 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:01:00:562 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:01:18:338 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:02:19:888 1024 1a0 AU Successfully wrote event for AU health state:0
2013-07-17 15:02:24:924 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:05:10:697 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:05:28:330 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:10:53:014 1024 1a0 AU #############
2013-07-17 15:10:53:014 1024 1a0 AU ## START ##  AU: Search for updates
2013-07-17 15:10:53:076 1024 1a0 AU #########
2013-07-17 15:10:53:825 1024 1a0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {05DD5102-AF10-4C01-A486-D87B7EEC2993}]
2013-07-17 15:10:53:872 1024 2f4 Agent *************
2013-07-17 15:10:53:872 1024 2f4 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 15:10:53:872 1024 2f4 Agent *********
2013-07-17 15:10:53:872 1024 2f4 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 15:10:53:872 1024 2f4 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-07-17 15:10:53:872 1024 2f4 Agent   * ServiceID = {9482F4B4-E343-43B6-B170-9A65BC822C77} Windows Update
2013-07-17 15:10:53:872 1024 2f4 Agent   * Search Scope = {Machine}
2013-07-17 15:10:54:698 1024 2f4 Setup Checking for agent SelfUpdate
2013-07-17 15:10:54:745 1024 2f4 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-07-17 15:10:55:120 1024 2f4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 15:10:55:338 1024 2f4 Misc  Microsoft signed: Yes
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:10:58:536 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:01:297 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:04:043 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-17 15:11:06:882 1024 2f4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 15:11:06:898 1024 2f4 Misc  Microsoft signed: Yes
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:10:018 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:12:966 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:15:961 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-17 15:11:18:972 1024 2f4 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-07-17 15:11:18:988 1024 2f4 Misc  Microsoft signed: Yes
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:21:998 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:24:900 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:27:989 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: Send failed with hr = 80072ee7.
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>. error 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Misc WARNING: DownloadFileInternal failed for http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x8024402c
2013-07-17 15:11:30:922 1024 2f4 Setup WARNING: SelfUpdate check failed to download package information, error = 0x8024402C
2013-07-17 15:11:30:937 1024 2f4 Setup FATAL: SelfUpdate check failed, err = 0x8024402C
2013-07-17 15:11:30:937 1024 2f4 Agent   * WARNING: Skipping scan, self-update check returned 0x8024402C
2013-07-17 15:11:30:984 1024 2f4 Agent   * WARNING: Exit code = 0x8024402C
2013-07-17 15:11:30:984 1024 2f4 Agent *********
2013-07-17 15:11:30:984 1024 2f4 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 15:11:30:984 1024 2f4 Agent *************
2013-07-17 15:11:30:984 1024 2f4 Agent WARNING: WU client failed Searching for update with error 0x8024402c
2013-07-17 15:11:30:984 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:11:31:015 1024 175c AU >>##  RESUMED  ## AU: Search for updates [CallId = {05DD5102-AF10-4C01-A486-D87B7EEC2993}]
2013-07-17 15:11:31:015 1024 175c AU   # WARNING: Search callback failed, result = 0x8024402C
2013-07-17 15:11:31:015 1024 175c AU   # WARNING: Failed to find updates with error code 8024402C
2013-07-17 15:11:31:015 1024 175c AU #########
2013-07-17 15:11:31:015 1024 175c AU ##  END  ##  AU: Search for updates [CallId = {05DD5102-AF10-4C01-A486-D87B7EEC2993}]
2013-07-17 15:11:31:015 1024 175c AU #############
2013-07-17 15:11:31:015 1024 175c AU Successfully wrote event for AU health state:0
2013-07-17 15:11:31:015 1024 175c AU AU setting next detection timeout to 2013-07-18 03:11:31
2013-07-17 15:11:31:015 1024 175c AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 15:11:31:015 1024 175c AU Successfully wrote event for AU health state:0
2013-07-17 15:11:31:093 1024 175c AU Successfully wrote event for AU health state:0
2013-07-17 15:11:36:023 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:16:43:423 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 15:16:53:267 1024 2f4 Report CWERReporter finishing event handling. (00000000)
2013-07-17 16:47:59:070 1024 1a0 AU ###########  AU: Uninitializing Automatic Updates  ###########
2013-07-17 16:48:01:098 1024 1a0 Handler FATAL: UH: 0x80073712: StartSession failed in CCbs::IsCbsPending
2013-07-17 16:48:01:286 1024 1a0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 16:48:01:426 1024 1a0 Service *********
2013-07-17 16:48:01:426 1024 1a0 Service **  END  **  Service: Service exit [Exit code = 0x240001]
2013-07-17 16:48:01:426 1024 1a0 Service *************
2013-07-17 17:07:56:092 1032 dc0 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 17:07:56:108 1032 dc0 Misc   = Process: C:\Windows\system32\svchost.exe
2013-07-17 17:07:56:108 1032 dc0 Misc   = Module: c:\windows\system32\wuaueng.dll
2013-07-17 17:07:56:092 1032 dc0 Service *************
2013-07-17 17:07:56:108 1032 dc0 Service ** START **  Service: Service startup
2013-07-17 17:07:56:108 1032 dc0 Service *********
2013-07-17 17:07:57:403 1032 dc0 Agent   * WU client version 7.6.7600.256
2013-07-17 17:07:57:403 1032 dc0 Agent   * Base directory: C:\Windows\SoftwareDistribution
2013-07-17 17:07:57:418 1032 dc0 Agent   * Access type: No proxy
2013-07-17 17:07:57:418 1032 dc0 Agent   * Network state: Disconnected
2013-07-17 17:07:59:088 1032 dc0 DtaStor Default service for AU is {00000000-0000-0000-0000-000000000000}
2013-07-17 17:07:59:244 1032 dc0 DtaStor Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2013-07-17 17:07:59:368 1032 dc0 Agent WARNING: Failed to read the service id for re-registration 0x80070002
2013-07-17 17:07:59:368 1032 dc0 Agent WARNING: Missing service entry in the backup data store; cleaning up
2013-07-17 17:08:44:374 1032 dc0 Report CWERReporter::Init succeeded
2013-07-17 17:08:44:374 1032 dc0 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2013-07-17 17:08:44:374 1032 dc0 Agent ***********  Agent: Initializing global settings cache  ***********
2013-07-17 17:08:44:374 1032 dc0 Agent   * WSUS server: <NULL>
2013-07-17 17:08:44:374 1032 dc0 Agent   * WSUS status server: <NULL>
2013-07-17 17:08:44:374 1032 dc0 Agent   * Target group: (Unassigned Computers)
2013-07-17 17:08:44:374 1032 dc0 Agent   * Windows Update access disabled: No
2013-07-17 17:08:44:406 1032 dc0 DnldMgr Download manager restoring 0 downloads
2013-07-17 17:08:44:406 1032 dc0 AU ###########  AU: Initializing Automatic Updates  ###########
2013-07-17 17:08:44:406 1032 dc0 AU   # Approval type: Scheduled (User preference)
2013-07-17 17:08:44:406 1032 dc0 AU   # Scheduled install day/time: Every day at 3:00
2013-07-17 17:08:44:406 1032 dc0 AU   # Auto-install minor updates: Yes (User preference)
2013-07-17 17:08:44:406 1032 dc0 AU   # Will interact with non-admins (Non-admins are elevated (User preference))
2013-07-17 17:08:44:406 1032 dc0 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 17:08:45:170 1032 dc0 Report ***********  Report: Initializing static reporting data  ***********
2013-07-17 17:08:45:170 1032 dc0 Report   * OS Version = 6.1.7600.0.0.66304
2013-07-17 17:08:45:170 1032 dc0 Report   * OS Product Type = 0x00000003
2013-07-17 17:08:45:201 1032 dc0 Report   * Computer Brand = TOSHIBA
2013-07-17 17:08:45:201 1032 dc0 Report   * Computer Model = Satellite L305
2013-07-17 17:08:45:217 1032 dc0 Report   * Bios Revision = 1.80
2013-07-17 17:08:45:217 1032 dc0 Report   * Bios Name = InsydeH2O Version 1.80
2013-07-17 17:08:45:217 1032 dc0 Report   * Bios Release Date = 2009-03-20T00:00:00
2013-07-17 17:08:45:217 1032 dc0 Report   * Locale ID = 1033
2013-07-17 17:08:45:264 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 17:08:45:264 1032 dc0 AU Initializing featured updates
2013-07-17 17:08:45:279 1032 dc0 AU Found 0 cached featured updates
2013-07-17 17:08:45:279 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 17:08:45:279 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 17:08:45:279 1032 dc0 AU AU finished delayed initialization
2013-07-17 17:08:50:287 1032 99c Report CWERReporter finishing event handling. (00000000)
2013-07-17 17:09:01:300 1032 99c Report CWERReporter finishing event handling. (00000000)
2013-07-17 17:09:08:180 1032 99c Report CWERReporter finishing event handling. (00000000)
2013-07-17 17:09:48:910 1032 99c Report CWERReporter finishing event handling. (00000000)
2013-07-17 18:40:44:717 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 18:40:49:724 1032 498 Report CWERReporter finishing event handling. (00000000)
2013-07-17 19:25:57:120 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 19:26:02:206 1032 78c Report CWERReporter finishing event handling. (00000000)
2013-07-17 19:36:21:102 1032 dc0 Shutdwn user declined update at shutdown
2013-07-17 19:36:21:102 1032 dc0 AU Successfully wrote event for AU health state:0
2013-07-17 19:36:21:102 1032 dc0 AU AU initiates service shutdown
2013-07-17 19:36:21:102 1032 dc0 AU ###########  AU: Uninitializing Automatic Updates  ###########
2013-07-17 19:36:22:568 1032 dc0 Handler FATAL: UH: 0x80073712: StartSession failed in CCbs::IsCbsPending
2013-07-17 19:36:23:442 1032 dc0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 19:36:23:614 1032 dc0 Service *********
2013-07-17 19:36:23:614 1032 dc0 Service **  END  **  Service: Service exit [Exit code = 0x240001]
2013-07-17 19:36:23:614 1032 dc0 Service *************
2013-07-17 19:40:51:099 1032 c24 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0700)  ===========
2013-07-17 19:40:51:099 1032 c24 Misc   = Process: C:\Windows\system32\svchost.exe
2013-07-17 19:40:51:099 1032 c24 Misc   = Module: c:\windows\system32\wuaueng.dll
2013-07-17 19:40:51:099 1032 c24 Service *************
2013-07-17 19:40:51:115 1032 c24 Service ** START **  Service: Service startup
2013-07-17 19:40:51:115 1032 c24 Service *********
2013-07-17 19:40:51:645 1032 c24 Agent   * WU client version 7.6.7600.256
2013-07-17 19:40:51:645 1032 c24 Agent   * Base directory: C:\Windows\SoftwareDistribution
2013-07-17 19:40:51:645 1032 c24 Agent   * Access type: No proxy
2013-07-17 19:40:51:645 1032 c24 Agent   * Network state: Disconnected
2013-07-17 19:41:37:494 1032 c24 Report CWERReporter::Init succeeded
2013-07-17 19:41:37:494 1032 c24 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2013-07-17 19:41:37:494 1032 c24 Agent ***********  Agent: Initializing global settings cache  ***********
2013-07-17 19:41:37:494 1032 c24 Agent   * WSUS server: <NULL>
2013-07-17 19:41:37:494 1032 c24 Agent   * WSUS status server: <NULL>
2013-07-17 19:41:37:494 1032 c24 Agent   * Target group: (Unassigned Computers)
2013-07-17 19:41:37:494 1032 c24 Agent   * Windows Update access disabled: No
2013-07-17 19:41:37:509 1032 c24 DnldMgr Download manager restoring 0 downloads
2013-07-17 19:41:37:540 1032 c24 AU ###########  AU: Initializing Automatic Updates  ###########
2013-07-17 19:41:37:540 1032 c24 AU   # Approval type: Scheduled (User preference)
2013-07-17 19:41:37:540 1032 c24 AU   # Scheduled install day/time: Every day at 3:00
2013-07-17 19:41:37:540 1032 c24 AU   # Auto-install minor updates: Yes (User preference)
2013-07-17 19:41:37:540 1032 c24 AU   # Will interact with non-admins (Non-admins are elevated (User preference))
2013-07-17 19:41:37:540 1032 c24 AU Setting AU scheduled install time to 2013-07-18 10:00:00
2013-07-17 19:41:38:367 1032 c24 Report ***********  Report: Initializing static reporting data  ***********
2013-07-17 19:41:38:367 1032 c24 Report   * OS Version = 6.1.7600.0.0.66304
2013-07-17 19:41:38:367 1032 c24 Report   * OS Product Type = 0x00000003
2013-07-17 19:41:38:383 1032 c24 Report   * Computer Brand = TOSHIBA
2013-07-17 19:41:38:383 1032 c24 Report   * Computer Model = Satellite L305
2013-07-17 19:41:38:398 1032 c24 Report   * Bios Revision = 1.80
2013-07-17 19:41:38:398 1032 c24 Report   * Bios Name = InsydeH2O Version 1.80
2013-07-17 19:41:38:398 1032 c24 Report   * Bios Release Date = 2009-03-20T00:00:00
2013-07-17 19:41:38:398 1032 c24 Report   * Locale ID = 1033
2013-07-17 19:41:38:445 1032 c24 AU Successfully wrote event for AU health state:0
2013-07-17 19:41:38:445 1032 c24 AU Initializing featured updates
2013-07-17 19:41:38:461 1032 c24 AU Found 0 cached featured updates
2013-07-17 19:41:38:461 1032 c24 AU Successfully wrote event for AU health state:0
2013-07-17 19:41:38:461 1032 c24 AU Successfully wrote event for AU health state:0
2013-07-17 19:41:38:461 1032 c24 AU AU finished delayed initialization
2013-07-17 19:41:43:500 1032 ca0 Report CWERReporter finishing event handling. (00000000)
2013-07-17 20:10:40:570 1032 320 Report CWERReporter finishing event handling. (00000000)
2013-07-17 20:10:47:574 1032 320 Report CWERReporter finishing event handling. (00000000)
2013-07-17 20:11:31:005 1032 c24 AU #############
2013-07-17 20:11:31:005 1032 c24 AU ## START ##  AU: Search for updates
2013-07-17 20:11:31:005 1032 c24 AU #########
2013-07-17 20:11:31:005 1032 c24 AU <<## SUBMITTED ## AU: Search for updates [CallId = {9D6A177B-8808-4B3F-BDC3-853EDA208949}]
2013-07-17 20:11:31:005 1032 320 Agent *************
2013-07-17 20:11:31:005 1032 320 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-07-17 20:11:31:005 1032 320 Agent *********
2013-07-17 20:11:31:005 1032 320 Agent   * Online = Yes; Ignore download priority = No
2013-07-17 20:11:31:005 1032 320 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1%






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users