Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aleuron.J and PC auto restarts


  • This topic is locked This topic is locked
97 replies to this topic

#1 gwhiz9999

gwhiz9999

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 03 March 2014 - 06:00 PM

As instructed by a BC "Study Hall Senior," I have run RKill and am now starting a new topic here. RKill didn't seem to run all the way through, as it gave me a "has stopped working" pop up. It found a rootkit issue that prompted the "SHS" to send me here, apparently.

 

I am trying to resolve some issues on an HP Invent PC running Vista. Among them are:

 

1. The PC has recently started to shut itself down randomly. This seems to only happen when the network/ethernet cable is hooked up to the router, but it has done it at least once when it was disconnect, but with Internet Explorer open. It commonly gives messages like "Windows must now restart because the DCOM Server Process Launcher Service terminated unexpectedly," but it doesn't always say exactly that, to my recollection.

 

2. It will not allow me to start Microsoft Security Essential's real time protection. It gives error code 0x800705b4.

 

3. Despite the problem in #2, on restart, MSE finds Alureon.J every time.

 

4. There is a svchost.exe process that sometimes runs up to the high 90s. It shows that it is connected to the services DcomLaunch and PlugPlay.

 

5. For quite some time (over a year), if F11 is not used for system recovery on startup, the system quickly goes to a bluescreen after logging on to a user account.

 

I do not know exactly what has been done on this PC, but I know that it has had MalwareBytes and SuperAntiSpyware run on it. There is also a ComboFix icon on the desktop.

 

I have now run DDS and have the two logs, but I had to download them on another PC and then copy them to this one. It gives an error message something like "Your current settings do not allow you to download this file."

 

I am not sure which method I am supposed to use for getting you the Attach.txt file, as I have seen instructions that say to post it in the text here, AND to send it as an attachment. I will post it in the text here. The user name has been replaced with asterisks.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by ******* at 16:33:28 on 2014-03-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.1645 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB05974 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TaskScheduler] c:\prowin13\32bit\TaskSch.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\*******\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{18E0DE6B-F98C-4384-B81D-04BE4BFF0052} : DHCPNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-12 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2010-2-26 72704]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\toolbarbroker.exe --> c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S4 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe --> c:\windows\runservice.exe [?]
.
=============== Created Last 30 ================
.
2014-03-03 11:22:44 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c3a8ccb8-a60d-49a3-bf2f-2adf9578e476}\offreg.dll
2014-03-01 04:39:37 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3f2eaf35-9c6f-444d-881f-d51f87666193}\mpengine.dll
2014-02-28 07:49:55 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c3a8ccb8-a60d-49a3-bf2f-2adf9578e476}\mpengine.dll
2014-02-26 05:27:17 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-18 05:38:06 -------- d-----w- c:\windows\Migration
2014-02-18 02:54:09 -------- d-----w- c:\windows\system32\MRT
2014-02-18 02:38:43 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-02-18 02:38:38 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-02-18 02:38:38 16896 ----a-w- c:\windows\system32\winusb.dll
2014-02-18 02:38:38 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-02-18 02:38:37 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-02-18 02:38:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-02-18 02:38:37 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-02-18 02:38:35 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-02-18 02:38:35 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-02-18 02:38:35 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-02-13 13:20:09 -------- d-----w- c:\users\mcgarry\appdata\local\Intuit,_Inc
2014-02-12 10:07:14 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-06 19:45:56 -------- d-----w- c:\users\mcgarry\appdata\local\Intuit
2014-02-06 18:40:38 -------- d-----w- C:\ProWin13
2014-02-04 23:17:46 -------- d-----w- c:\programdata\Brother
2014-02-03 02:03:50 376320 ----a-w- c:\windows\system32\dpnet.dll
2014-02-03 02:03:50 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2014-02-03 02:03:49 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2014-02-03 02:03:48 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-02-03 02:03:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-02-03 02:01:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-02-03 00:05:08 -------- d-----w- C:\$RECYCLE.BIN
2014-02-02 23:01:26 98816 ----a-w- c:\windows\sed.exe
2014-02-02 23:01:26 256000 ----a-w- c:\windows\PEV.exe
2014-02-02 23:01:26 208896 ----a-w- c:\windows\MBR.exe
2014-02-02 23:01:24 -------- d-----w- C:\ComboFix
2014-02-02 13:37:39 -------- d-----w- C:\SUPERDelete
.
==================== Find3M  ====================
.
2014-02-21 09:13:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 09:13:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-18 11:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:34:17.39 ===============
 

AND....

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2007 4:20:06 PM
System Uptime: 3/3/2014 6:22:08 AM (10 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Leonite2
Processor: Intel® Core™2 Duo CPU     E4500  @ 2.20GHz | Socket 775 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 322.676 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.234 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_6377\920321111113
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_6377\920321111113
Service: USBSTOR
.
==== System Restore Points ===================
.
RP2757: 1/27/2014 7:07:56 PM - Scheduled Checkpoint
RP2758: 1/29/2014 12:00:01 AM - Scheduled Checkpoint
RP2759: 1/30/2014 2:15:21 PM - Scheduled Checkpoint
RP2760: 1/31/2014 6:27:37 AM - Scheduled Checkpoint
RP2761: 1/31/2014 8:28:53 PM - Scheduled Checkpoint
RP2762: 2/1/2014 7:56:53 PM - Scheduled Checkpoint
RP2763: 2/2/2014 8:07:39 PM - Windows Update
RP2764: 2/3/2014 7:36:48 PM - Scheduled Checkpoint
RP2765: 2/4/2014 6:17:08 PM - Device Driver Package Install: Brother Printers
RP2766: 2/6/2014 12:00:01 AM - Scheduled Checkpoint
RP2768: 2/6/2014 1:44:59 PM - Installed AnswerWorks 4.0 Runtime - English
RP2769: 2/6/2014 5:34:27 PM - Windows Update
RP2770: 2/7/2014 1:39:33 PM - Scheduled Checkpoint
RP2771: 2/8/2014 9:19:43 AM - Scheduled Checkpoint
RP2772: 2/9/2014 3:33:29 AM - Scheduled Checkpoint
RP2773: 2/10/2014 12:00:33 PM - Windows Update
RP2774: 2/14/2014 12:00:39 PM - Windows Update
RP2775: 2/15/2014 8:38:25 PM - Scheduled Checkpoint
RP2776: 2/17/2014 9:30:28 PM - Windows Update
RP2777: 2/18/2014 12:27:27 AM - Windows Update
RP2778: 2/18/2014 12:35:16 AM - Windows Update
RP2780: 2/19/2014 6:03:59 PM - Scheduled Checkpoint
RP2781: 2/20/2014 6:10:05 PM - Windows Update
RP2782: 2/22/2014 12:41:16 AM - Scheduled Checkpoint
RP2783: 2/23/2014 5:54:07 PM - Scheduled Checkpoint
RP2784: 2/24/2014 12:27:07 AM - Windows Update
RP2785: 2/28/2014 2:41:37 AM - Windows Update
RP2786: 3/1/2014 2:11:43 PM - Scheduled Checkpoint
RP2787: 3/3/2014 7:22:35 AM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Flash Player 12 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
AIO_Scan
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet
BlackBerry App World Browser Plugin
Bonjour
BufferChm
Carbonite Online Backup Setup
Copy
CustomerResearchQFolder
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Setup
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Document eSort Components
Enhanced Multimedia Keyboard Solution
EntlClnt
eSupportQFolder
F4100
F4100_doccd
F4100_Help
Full Tilt Poker
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Driver Diagnostics
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Product Assistant
HP Solution Center 9.0
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Matrix Storage Manager
Intel® Viiv™ Software
Intuit Entitlement Client
Intuit Entitlement Client v8
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 24
Java™ SE Runtime Environment 6 Update 1
JNLP
LightScribe  1.8.15.1
Logitech Updater
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Home and Student 60 day trial
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Paltalk Messenger  11.2
PokerStars
PokerStars.net
ProSeries 2013
ProSeries 2013 Shared Components
ProSeries Basic Edition 2005
ProSeries Basic Edition 2006
ProSeries Basic Edition 2007
ProSeries Basic Edition 2008
ProSeries Basic Edition 2009
ProSeries Basic Edition 2010
ProSeries Basic Edition 2011
ProSeries Basic Edition 2012
ProSeries Basic Edition 2013
ProSeries Basic User's Guide 2011
PSSWCORE
Python 2.5
QuickTime
RealPlayer 7 Basic
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Segoe UI
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
SUPERAntiSpyware
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WeatherBug Gadget
WebReg
WexTech AnswerWorks
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Winmx Community 1
XP Codec Pack
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/3/2014 6:33:20 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/3/2014 6:25:37 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 AvgMfx86 AvgTdiX avwkaxua bcmgyh MpFilter
3/3/2014 6:25:37 AM, Error: Service Control Manager [7022]  - The Diagnostic System Host service hung on starting.
3/3/2014 6:25:35 AM, Error: Service Control Manager [7022]  - The Diagnostic Service Host service hung on starting.
3/3/2014 6:24:08 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/3/2014 6:23:10 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/3/2014 6:20:27 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
3/3/2014 6:20:27 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/3/2014 6:20:27 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
3/3/2014 6:10:38 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/3/2014 6:00:13 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/3/2014 6:00:13 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/3/2014 6:00:00 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/3/2014 5:56:52 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
3/3/2014 1:15:26 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/2/2014 12:15:47 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/2/2014 12:05:19 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/2/2014 12:05:19 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/2/2014 12:05:08 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/2/2014 1:35:47 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/2/2014 1:15:29 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/2/2014 1:06:13 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 6:39:35 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
3/1/2014 6:39:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/1/2014 6:32:12 AM, Error: Service Control Manager [7034]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 3 time(s).
3/1/2014 6:31:58 AM, Error: Service Control Manager [7031]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7031]  - The Lavasoft Ad-Aware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX avwkaxua bcmgyh DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:49 AM, Error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/1/2014 6:31:30 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/1/2014 6:31:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/1/2014 6:30:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/1/2014 6:30:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/1/2014 6:30:53 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/1/2014 6:30:49 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2014 6:30:42 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/1/2014 6:30:19 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 4:55:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/1/2014 4:46:18 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 4:09:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/1/2014 3:59:22 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 3:59:22 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 3:59:12 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:51:18 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:51:18 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:51:06 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:48:42 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 AvgMfx86 AvgTdiX avwkaxua bcmgyh MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
3/1/2014 12:46:38 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:41:49 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:35:50 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/1/2014 12:26:31 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:05:01 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:05:01 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 12:04:50 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 1:18:02 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 1:18:02 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
3/1/2014 1:16:07 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/28/2014 3:01:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.838.0).
2/28/2014 2:55:03 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.838.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x80070643   Error description: Fatal error during installation.
2/28/2014 2:54:58 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version: 2.1.8904.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x80004004   Error description: Operation aborted
2/28/2014 2:54:58 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 17.36.0.0   Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 2.1.8904.0   Error code: 0x80004004   Error description: Operation aborted
2/28/2014 11:52:05 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/28/2014 11:51:37 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/28/2014 11:33:52 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/28/2014 11:33:52 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/28/2014 11:33:41 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.838.0, AS: 1.167.838.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/27/2014 1:47:48 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/27/2014 1:47:48 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 12:29:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.658.0).
2/26/2014 12:29:12 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.658.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x80070643   Error description: Fatal error during installation.
2/26/2014 12:29:11 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version: 2.1.8904.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x80004004   Error description: Operation aborted
2/26/2014 12:29:11 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 17.36.0.0   Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 2.1.8904.0   Error code: 0x80004004   Error description: Operation aborted
2/26/2014 11:23:34 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 11:19:25 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 11:17:43 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 11:17:43 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Quarantine   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x80070032   Error description: The request is not supported.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 11:16:47 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.658.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/26/2014 11:12:10 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 10:59:00 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: *******-PC\*******   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/26/2014 10:58:36 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:DOS/Alureon.J&threatid=2147658331   Name: Trojan:DOS/Alureon.J   ID: 2147658331   Severity: Severe   Category: Trojan   Path: boot:_\\.\PHYSICALDRIVE0\Partition0 (Type 00);boot:_\\.\PHYSICALDRIVE0\Partition1 (Type 00)   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Remove   Action Status:  To finish removing malware and other potentially unwanted software, restart the computer.   To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x8007065b   Error description: Function failed during execution.    Signature Version: AV: 1.167.658.0, AS: 1.167.658.0, NIS: 0.0.0.0   Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
2/25/2014 12:28:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.566.0).
2/25/2014 12:28:12 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.566.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x80070643   Error description: Fatal error during installation.
2/25/2014 12:28:11 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version: 2.1.8904.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x80004004   Error description: Operation aborted
2/25/2014 12:28:11 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 17.36.0.0   Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 2.1.8904.0   Error code: 0x80004004   Error description: Operation aborted
2/24/2014 12:33:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.483.0).
2/24/2014 12:32:29 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.167.483.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10302.0   Error code: 0x80070643   Error description: Fatal error during installation.
2/24/2014 12:32:28 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version: 2.1.8904.0   Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x80004004   Error description: Operation aborted
2/24/2014 12:32:28 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 17.36.0.0   Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 2.1.8904.0   Error code: 0x80004004   Error description: Operation aborted
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:11 PM

Posted 03 March 2014 - 08:59 PM

Hello gwhiz9999,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 03 March 2014 - 11:04 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 01
Ran by ******* at 2014-03-03 22:41:32
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.10 - Lavasoft)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applet (HKCU\...\Applet) (Version:  - Applet)
BlackBerry App World Browser Plugin (HKLM\...\{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}) (Version: 2.0.0 - Research In Motion Limited)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Carbonite Online Backup Setup (HKLM\...\Carbonite Setup Lite) (Version: 3.7.3 - Carbonite Inc.)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.1 - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
DJ_AIO_ProductContext (Version: 90.0.236.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Document eSort Components (HKLM\...\{5658CE44-2822-45C9-A5C0-F93AB4682BBF}) (Version: 3.1.1.74 - Intuit Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
EntlClnt (HKLM\...\{C9052439-99E8-4A4C-9C81-49776DDFA969}) (Version: 1.1.0 - Intuit)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4100 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
F4100_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.13.5.WIN.FullTilt.Real - Full Tilt Poker)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 2.1.0 - Hewlett-Packard) Hidden
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}) (Version: 9.0 - HP)
HP Driver Diagnostics (HKLM\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Viiv™ Software (HKLM\...\Intel® Configuration Center) (Version: 1.6.361.6 - Intel Corporation)
Intel® Viiv™ Software (Version: 1.6.361.6 - Intel Corporation) Hidden
Intuit Entitlement Client (HKLM\...\{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}) (Version: 1.0.0 - Intuit Inc.)
Intuit Entitlement Client v8 (HKLM\...\{4C5B3CFD-DF38-49E2-82D9-5A933F36242F}) (Version: 8.0.24 - Intuit Inc.)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
JNLP (HKCU\...\JNLP) (Version:  - JNLP)
LightScribe  1.8.15.1 (Version: 1.8.15.1 - http://www.lightscribe.com) Hidden
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1804 - WildTangent)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paltalk Messenger  11.2 (HKLM\...\Paltalk Messenger) (Version: 11.2.0 - AVM Software Inc.)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
ProSeries 2013 (HKLM\...\ProSeries 2013) (Version:  - Intuit Inc.)
ProSeries 2013 Shared Components  (HKLM\...\{27997608-50A8-466B-B534-743C7498B259}) (Version: 8.0.32 - Intuit Inc.)
ProSeries Basic Edition 2005 (HKLM\...\ProSeries Basic Edition 2005) (Version:  - )
ProSeries Basic Edition 2006 (HKLM\...\ProSeries Basic Edition 2006) (Version:  - )
ProSeries Basic Edition 2007 (HKLM\...\ProSeries Basic Edition 2007) (Version:  - )
ProSeries Basic Edition 2008 (HKLM\...\ProSeries Basic Edition 2008) (Version:  - )
ProSeries Basic Edition 2009 (HKLM\...\ProSeries Basic Edition 2009) (Version:  - )
ProSeries Basic Edition 2010 (HKLM\...\ProSeries Basic Edition 2010) (Version:  - )
ProSeries Basic Edition 2011 (HKLM\...\ProSeries Basic Edition 2011) (Version:  - )
ProSeries Basic Edition 2012 (HKLM\...\ProSeries Basic Edition 2012) (Version:  - )
ProSeries Basic Edition 2013 (HKLM\...\ProSeries Basic Edition 2013) (Version:  - Intuit Inc.)
ProSeries Basic User's Guide 2011 (HKLM\...\{2A8E36DD-061D-4877-9736-30E7266A4669}) (Version: 1.00.000 - Intuit)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer 7 Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1006 - SUPERAntiSpyware.com)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WexTech AnswerWorks (HKLM\...\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}) (Version: 1.00.000 - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Winmx Community 1 (HKLM\...\Winmx Community 1) (Version:  - )
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

28-01-2014 00:07:56 Scheduled Checkpoint
29-01-2014 05:00:01 Scheduled Checkpoint
30-01-2014 19:15:21 Scheduled Checkpoint
31-01-2014 11:27:37 Scheduled Checkpoint
01-02-2014 01:28:53 Scheduled Checkpoint
02-02-2014 00:56:53 Scheduled Checkpoint
03-02-2014 01:07:39 Windows Update
04-02-2014 00:36:48 Scheduled Checkpoint
04-02-2014 23:17:08 Device Driver Package Install: Brother Printers
06-02-2014 05:00:01 Scheduled Checkpoint
06-02-2014 18:44:59 Installed AnswerWorks 4.0 Runtime - English
06-02-2014 22:34:27 Windows Update
07-02-2014 18:39:33 Scheduled Checkpoint
08-02-2014 14:19:43 Scheduled Checkpoint
09-02-2014 08:33:29 Scheduled Checkpoint
10-02-2014 17:00:33 Windows Update
14-02-2014 17:00:39 Windows Update
16-02-2014 01:38:25 Scheduled Checkpoint
18-02-2014 02:30:28 Windows Update
18-02-2014 05:27:27 Windows Update
18-02-2014 05:35:16 Windows Update
19-02-2014 23:03:59 Scheduled Checkpoint
20-02-2014 23:10:05 Windows Update
22-02-2014 05:41:16 Scheduled Checkpoint
23-02-2014 22:54:07 Scheduled Checkpoint
24-02-2014 05:27:07 Windows Update
28-02-2014 07:41:37 Windows Update
01-03-2014 19:11:43 Scheduled Checkpoint
03-03-2014 12:22:35 Scheduled Checkpoint

==================== Hosts content: ==========================

2011-12-14 08:33 - 2011-12-14 08:33 - 00001398 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

==================== Scheduled Tasks (whitelisted) =============

Task: {092D85E5-0A2F-4CD2-BD08-EE68A98A9BE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-02] (Google Inc.)
Task: {0C979B13-028B-4FEE-9ACB-7691F364F0F4} - \3738848576 No Task File
Task: {11404BBF-DCDA-4956-8ECA-D0EE94766483} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {17CCC569-3E41-4C2B-8404-453BB111AAA9} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C0877CF-37CC-4E17-A09E-85EE406C7509} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {65DBA2A4-0B17-4E77-A442-8AB0C43B7E22} - System32\Tasks\Security Center Update - 3810497100 => C:\Users\*******\AppData\Roaming\Ytufmoy\azutfeh.exe <==== ATTENTION
Task: {6878E5CF-5301-4131-9188-BE197B194617} - System32\Tasks\Security Center Update - 2662494139 => C:\Users\*******\AppData\Roaming\Uqidrog\zyzocy.exe <==== ATTENTION
Task: {77D517E2-B945-49FB-B5C7-A2BF35FCD6FD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A29C842F-4F8D-4650-AD98-659851ABD282} - System32\Tasks\JavaUpdateAdministrator => C:\Windows\system32\jusched.exe
Task: {B1FA6050-EF1A-44FD-9E7E-2CE16E7535EB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B4466090-C018-4326-BEE0-ACFB2B8476FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-02] (Google Inc.)
Task: {B9DD1127-28FE-48B4-A2C4-7E2F637CF617} - System32\Tasks\JavaUpdate******* => C:\Windows\system32\jusched.exe
Task: {D3E91D9F-F57E-4F86-A360-AD5593470EBE} - System32\Tasks\winupd => C:\Users\*******\AppData\Local\Temp:winupd.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F1DA0C00-0507-4B5E-A791-A76586A463F9} - \2092284640 No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-03 12:32 - 2006-09-03 12:32 - 00208896 _____ () C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AVG Security Toolbar Service => 3
MSCONFIG\Services: avg8emc => 2
MSCONFIG\Services: avg8wd => 2
MSCONFIG\Services: LicCtrlService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Retrogamer_2zService => 2
MSCONFIG\Services: Symantec Core LC => 3
MSCONFIG\Services: SymAppCore => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^3E399BFB-BB7A-2EE0-FA03-BD55CB89C16D.lnk => C:\Windows\pss\3E399BFB-BB7A-2EE0-FA03-BD55CB89C16D.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^r3r722.lnk => C:\Windows\pss\r3r722.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CarboniteSetupLite => "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: LVCOMS => C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 10:39:12 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 10:39:12 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/03/2014 06:12:00 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 06:12:00 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/03/2014 05:06:48 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 05:06:48 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (03/03/2014 06:43:25 AM) (Source: Application Error) (User: )
Description: Faulting application rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, faulting module rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, exception code 0xc0000417, fault offset 0x00061025,
process id 0x10cc, application start time 0xrkill.exe0.

Error: (03/03/2014 06:39:53 AM) (Source: Application Error) (User: )
Description: Faulting application rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, faulting module rkill.exe, version 2.6.5.0, time stamp 0x52cccd65, exception code 0xc0000417, fault offset 0x00061025,
process id 0xee8, application start time 0xrkill.exe0.

Error: (03/03/2014 06:38:56 AM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 06:38:56 AM) (Source: LoadPerf) (User: )
Description: Performance16

System errors:
=============
Error: (03/03/2014 06:16:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.167.838.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.4.0304.00

 Source Path: 4.4.0304.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/03/2014 06:08:50 PM) (Source: Service Control Manager) (User: )
Description: AvgLdx86
AvgMfx86
AvgTdiX
avwkaxua
bcmgyh
MpFilter

Error: (03/03/2014 06:08:50 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic System Host

Error: (03/03/2014 06:08:48 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic Service Host

Error: (03/03/2014 06:07:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/03/2014 06:06:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.J60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.J603

 Name: Trojan:DOS/Alureon.J

 ID: 2147658331

 Severity: %Trojan:DOS/Alureon.J600

 Category: %Trojan:DOS/Alureon.J602

 Path: 4.4.0304.02

 Detection Origin: 4.4.0304.04

 Detection Type: 4.4.0304.08

 Detection Source: %Trojan:DOS/Alureon.J608

 User: {CFBC537F-275A-450E-B937-F4E34AC7FC1D}9

 Process Name: %Trojan:DOS/Alureon.J609

 Action: {CFBC537F-275A-450E-B937-F4E34AC7FC1D}1

 Action Status:  {CFBC537F-275A-450E-B937-F4E34AC7FC1D}8

 Error Code: {CFBC537F-275A-450E-B937-F4E34AC7FC1D}3

 Error description: {CFBC537F-275A-450E-B937-F4E34AC7FC1D}4

 Signature Version: 2014-03-03T23:06:17.666Z1

 Engine Version: 2014-03-03T23:06:17.666Z2

Error: (03/03/2014 06:06:48 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (03/03/2014 06:03:32 PM) (Source: Service Control Manager) (User: )
Description: 2Reboot the machineDCOM Server Process Launcher%%1190

Error: (03/03/2014 06:03:32 PM) (Source: Service Control Manager) (User: )
Description: Plug and Play1600002Reboot the machine

Error: (03/03/2014 06:03:32 PM) (Source: Service Control Manager) (User: )
Description: DCOM Server Process Launcher1600002Reboot the machine

Microsoft Office Sessions:
=========================
Error: (03/03/2014 10:39:12 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 10:39:12 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/03/2014 06:12:00 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 06:12:00 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/03/2014 05:06:48 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 05:06:48 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (03/03/2014 06:43:25 AM) (Source: Application Error)(User: )
Description: rkill.exe2.6.5.052cccd65rkill.exe2.6.5.052cccd65c00004170006102510cc01cf36d5c4c8cea8

Error: (03/03/2014 06:39:53 AM) (Source: Application Error)(User: )
Description: rkill.exe2.6.5.052cccd65rkill.exe2.6.5.052cccd65c000041700061025ee801cf36d52d590bc8

Error: (03/03/2014 06:38:56 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (03/03/2014 06:38:56 AM) (Source: LoadPerf)(User: )
Description: Performance16

CodeIntegrity Errors:
===================================
  Date: 2014-03-01 07:53:15.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:15.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:14.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:14.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:14.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:14.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:13.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:13.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:13.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-01 07:53:13.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3069.76 MB
Available physical RAM: 1738.89 MB
Total Pagefile: 6371.81 MB
Available Pagefile: 4922.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.12 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:456.71 GB) (Free:322.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive c: detected.
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.05 GB) (Free:1.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB Disk) (Removable) (Total:0.93 GB) (Free:0.2 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Not Active) - (Size=457 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 03 March 2014 - 11:07 PM

Here is the FRST log...  the Addition file is posted above.  The user name is replaced with asterisks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 01
Ran by ******* (administrator) on *******-PC on 03-03-2014 22:41:07
Running from C:\Users\*******\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - FactoryMode
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\.DEFAULT\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Windows\temp\sxdoxab\slpthic\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...\Run: [TaskScheduler] - C:\ProWin13\32bit\TaskSch.exe [570696 2013-10-29] (Intuit, Inc.)
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1333348606-492717255-550365633-1001\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esigs.exe (JinMiramkan S.O.L.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esigs.exe (JinMiramkan S.O.L.)
GroupPolicyUsers\S-1-5-21-1333348606-492717255-550365633-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - {311B0173-19D3-4602-AA4A-EC26238AB306} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM - {DF761FA9-F829-4605-9A12-812EB7F453D4} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - DefaultScope {3754F538-E3D6-4DFC-A179-FCDCA7CBB5E6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
SearchScopes: HKCU - {0E1CA5FA-8747-4BD4-885D-ECCC5A8914CE} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {112A7E09-6595-D1C3-2C4E-CDFD9E56B66C} URL = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-80-0-SUuD
SearchScopes: HKCU - {311B0173-19D3-4602-AA4A-EC26238AB306} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {3754F538-E3D6-4DFC-A179-FCDCA7CBB5E6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PLT
SearchScopes: HKCU - {D54B0257-22EF-439B-8555-B0DB5FDFF9F1} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {DF761FA9-F829-4605-9A12-812EB7F453D4} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - {EE4D92CE-3321-4F29-B81F-4E0C1F0B4F30} URL = http://delicious.com/search?p={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: TBSB05974 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Move Media Player 7) - C:\Users\MCGARRY\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-07-07] (Lavasoft)
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)
S3 Intuit Fuse Service; C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe [72704 2010-02-26] (Intuit)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)
S4 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [X]
S4 avg8emc; C:\PROGRA~1\AVG\AVG8\avgemc.exe [X]
S4 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [X]
S3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [X]
S4 LicCtrlService; C:\Windows\runservice.exe [X]

==================== Drivers (Whitelisted) ====================

R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 netrcacm; C:\Windows\System32\DRIVERS\netrcacm.sys [20648 2003-01-20] (Thomson Inc.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 alkdshnq; \??\C:\Windows\system32\drivers\alkdshnq.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S1 aqsanngd; \??\C:\Windows\system32\drivers\aqsanngd.sys [X]
S1 AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys [X]
S1 AvgMfx86; \SystemRoot\System32\Drivers\avgmfx86.sys [X]
S1 AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys [X]
S0 avwkaxua; System32\drivers\xije.sys [X]
S0 bcmgyh; System32\drivers\tyqnwih.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 bstvazyb; \??\C:\Windows\system32\drivers\bstvazyb.sys [X]
S1 bvarbgyl; \??\C:\Windows\system32\drivers\bvarbgyl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cpvsppwf; \??\C:\Windows\system32\drivers\cpvsppwf.sys [X]
S1 dpkzdlyl; \??\C:\Windows\system32\drivers\dpkzdlyl.sys [X]
S1 eqtsqrkq; \??\C:\Windows\system32\drivers\eqtsqrkq.sys [X]
S1 euvxxpxk; \??\C:\Windows\system32\drivers\euvxxpxk.sys [X]
S1 ewmkdtgv; \??\C:\Windows\system32\drivers\ewmkdtgv.sys [X]
S1 gxjloemw; \??\C:\Windows\system32\drivers\gxjloemw.sys [X]
S1 htprhrkm; \??\C:\Windows\system32\drivers\htprhrkm.sys [X]
S1 hzpslbar; \??\C:\Windows\system32\drivers\hzpslbar.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 izxknfhx; \??\C:\Windows\system32\drivers\izxknfhx.sys [X]
S1 kbpmlycy; \??\C:\Windows\system32\drivers\kbpmlycy.sys [X]
S1 ktbgknvm; \??\C:\Windows\system32\drivers\ktbgknvm.sys [X]
S1 lcenuqdr; \??\C:\Windows\system32\drivers\lcenuqdr.sys [X]
S1 lvpraqcm; \??\C:\Windows\system32\drivers\lvpraqcm.sys [X]
S1 mdjdnfjb; \??\C:\Windows\system32\drivers\mdjdnfjb.sys [X]
S1 mlphridt; \??\C:\Windows\system32\drivers\mlphridt.sys [X]
S1 mrprezwo; \??\C:\Windows\system32\drivers\mrprezwo.sys [X]
S1 mviweoyo; \??\C:\Windows\system32\drivers\mviweoyo.sys [X]
S1 nqhgvsxo; \??\C:\Windows\system32\drivers\nqhgvsxo.sys [X]
S1 nwducuyi; \??\C:\Windows\system32\drivers\nwducuyi.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 pkahftxf; \??\C:\Windows\system32\drivers\pkahftxf.sys [X]
S1 qvrmfuml; \??\C:\Windows\system32\drivers\qvrmfuml.sys [X]
S1 tnlbmanh; \??\C:\Windows\system32\drivers\tnlbmanh.sys [X]
S1 ttcrhqhp; \??\C:\Windows\system32\drivers\ttcrhqhp.sys [X]
S1 tzsgmikk; \??\C:\Windows\system32\drivers\tzsgmikk.sys [X]
S1 veklgqwm; \??\C:\Windows\system32\drivers\veklgqwm.sys [X]
S1 vwjppfpl; \??\C:\Windows\system32\drivers\vwjppfpl.sys [X]
S1 xqqrlxav; \??\C:\Windows\system32\drivers\xqqrlxav.sys [X]
S1 ytdamovg; \??\C:\Windows\system32\drivers\ytdamovg.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-03 22:41 - 2014-03-03 22:41 - 00018316 _____ () C:\Users\*******\Desktop\FRST.txt
2014-03-03 22:40 - 2014-03-03 22:41 - 00000000 ____D () C:\FRST
2014-03-03 22:37 - 2014-03-03 22:26 - 01145344 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe
2014-03-03 17:30 - 2014-03-03 17:55 - 00002005 _____ () C:\Users\*******\Desktop\Messages for Bleeping Computer.txt
2014-03-03 16:34 - 2014-03-03 17:56 - 00074403 _____ () C:\Users\*******\Desktop\attach.txt
2014-03-03 16:34 - 2014-03-03 17:55 - 00012972 _____ () C:\Users\*******\Desktop\dds.txt
2014-03-03 16:30 - 2014-03-03 16:26 - 00688992 ____R (Swearware) C:\Users\MCGARRY\Desktop\dds.com
2014-03-03 06:39 - 2014-03-03 06:43 - 00005232 _____ () C:\Users\*******\Desktop\Rkill.txt
2014-03-03 06:02 - 2014-03-03 06:19 - 00005232 _____ () C:\Users\*******\Desktop\RkillGPM.txt
2014-03-03 05:56 - 2014-03-03 05:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\*******\Desktop\rkillGPM.exe
2014-03-03 05:56 - 2014-03-03 05:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\*******\Desktop\rkill.exe
2014-03-01 16:46 - 2014-03-01 16:46 - 00088992 _____ () C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Template
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 _____ () C:\Users\*******\AppData\Roaming\wklnhst.dat
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 21:40 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 21:40 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 21:40 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 21:40 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 21:40 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 21:40 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 21:40 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-17 21:40 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 21:40 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-17 21:40 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 21:40 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 21:40 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 21:40 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 21:40 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 21:40 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-17 21:40 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 21:38 - 2012-07-25 22:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-02-17 21:38 - 2012-07-25 22:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-02-17 21:38 - 2012-07-25 22:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-02-17 21:38 - 2012-07-25 22:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-02-17 21:38 - 2012-07-25 22:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-02-17 21:38 - 2012-07-25 22:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-02-17 21:38 - 2012-07-25 21:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-02-17 21:38 - 2012-07-25 21:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-02-17 21:38 - 2012-07-25 21:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-02-17 21:38 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-02-17 21:38 - 2009-07-14 07:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-02-13 08:20 - 2014-02-13 08:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Intuit,_Inc
2014-02-12 05:07 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-06 14:45 - 2014-02-06 14:45 - 00000000 ____D () C:\Users\*******\AppData\Local\Intuit
2014-02-06 13:45 - 2014-02-06 13:45 - 00000626 _____ () C:\Users\Public\Desktop\ProSeries 2013.lnk
2014-02-06 13:40 - 2014-02-06 13:58 - 00000000 ____D () C:\ProWin13
2014-02-06 13:10 - 2014-02-06 13:10 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.ynhbtkh.partial
2014-02-06 13:10 - 2014-02-06 13:10 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.f61w6hd.partial
2014-02-06 13:05 - 2014-02-06 13:05 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.023d57l.partial
2014-02-04 18:17 - 2014-02-04 18:17 - 00000000 ____D () C:\ProgramData\Brother
2014-02-02 21:04 - 2013-10-29 19:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-02 21:04 - 2013-08-26 21:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-02-02 21:04 - 2013-08-26 21:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-02-02 21:04 - 2013-08-26 21:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-02-02 21:04 - 2013-08-26 21:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-02-02 21:04 - 2013-08-26 20:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-02 21:04 - 2013-08-26 20:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-02-02 21:04 - 2013-08-26 20:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-02 21:04 - 2013-08-26 20:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-02 21:04 - 2013-08-26 20:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-02 21:04 - 2013-07-31 22:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-02 21:04 - 2013-07-31 21:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-02-02 21:04 - 2013-07-20 05:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-02 21:04 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-02 21:04 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-02 21:04 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-02-02 21:04 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-02-02 21:04 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-02-02 21:04 - 2012-09-25 11:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-02-02 21:04 - 2012-05-11 10:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-02-02 21:03 - 2013-10-29 21:13 - 01304064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2014-02-02 21:03 - 2013-10-29 21:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-02-02 21:03 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-02-02 21:03 - 2012-11-02 05:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-02-02 21:03 - 2012-11-02 03:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-02-02 21:03 - 2012-06-29 11:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-02-02 21:02 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-02 21:02 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-02 21:02 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-02 21:02 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-02 21:02 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-02-02 21:02 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-02 21:02 - 2013-10-10 19:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-02-02 21:02 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-02 21:02 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-02 21:02 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-02 21:02 - 2013-10-03 07:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-02 21:02 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-02-02 21:02 - 2013-07-15 23:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-02-02 21:02 - 2013-06-28 21:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-02 21:02 - 2013-06-26 18:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-02 21:02 - 2013-05-01 23:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-02-02 21:02 - 2013-05-01 23:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2014-02-02 21:02 - 2013-04-23 23:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-02-02 21:02 - 2013-04-23 20:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-02-02 21:02 - 2013-03-03 14:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-02-02 21:02 - 2012-11-21 22:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-02-02 21:02 - 2012-11-19 23:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-02 21:02 - 2012-11-07 22:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-02-02 21:02 - 2012-11-02 05:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-02-02 21:02 - 2012-09-28 11:11 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-02 21:02 - 2012-02-29 10:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-02-02 21:02 - 2012-02-29 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-02-02 21:02 - 2011-05-05 08:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-02 21:02 - 2011-05-05 08:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-02 21:01 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-02 21:01 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-02-02 21:01 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-02 21:01 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-02-02 21:01 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-02-02 21:01 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-02-02 21:01 - 2013-07-03 23:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-02 21:01 - 2013-07-02 21:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-02-02 21:01 - 2013-07-02 21:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-02 21:01 - 2013-06-03 23:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-02 21:01 - 2013-06-03 20:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-02 21:01 - 2013-05-31 23:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-02 21:01 - 2013-04-17 07:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-02-02 21:01 - 2013-03-08 22:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-02-02 21:01 - 2013-03-08 20:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-02-02 21:01 - 2013-03-07 22:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-02-02 21:01 - 2013-03-07 22:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-02 21:01 - 2013-02-11 20:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-02-02 19:13 - 2014-02-02 19:13 - 00012630 _____ () C:\ComboFix.txt
2014-02-02 18:01 - 2014-02-02 19:13 - 00000000 ____D () C:\ComboFix
2014-02-02 18:01 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-02 18:01 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-02 18:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-02 18:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-02 18:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-02 18:01 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-02 18:01 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-02 18:01 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-02 17:58 - 2014-02-02 17:59 - 05179159 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2014-02-02 17:53 - 2014-02-02 17:53 - 05179159 _____ (Swearware) C:\Users\*******\Downloads\ComboFix (1).exe
2014-02-02 08:37 - 2014-02-02 08:37 - 00000000 ____D () C:\SUPERDelete

==================== One Month Modified Files and Folders =======

2014-03-03 22:41 - 2014-03-03 22:41 - 00018316 _____ () C:\Users\MCGARRY\Desktop\FRST.txt
2014-03-03 22:41 - 2014-03-03 22:40 - 00000000 ____D () C:\FRST
2014-03-03 22:39 - 2011-04-04 12:06 - 01502780 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 22:39 - 2006-11-02 05:33 - 00006588 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 22:26 - 2014-03-03 22:37 - 01145344 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe
2014-03-03 22:13 - 2012-08-21 10:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 22:06 - 2006-11-02 07:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 22:06 - 2006-11-02 07:47 - 00003568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 21:55 - 2010-06-02 19:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 18:07 - 2010-06-02 19:32 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 18:07 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 18:05 - 2011-04-03 22:58 - 00165188 _____ () C:\Windows\PFRO.log
2014-03-03 18:04 - 2006-11-02 08:01 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-03 17:56 - 2014-03-03 16:34 - 00074403 _____ () C:\Users\*******\Desktop\attach.txt
2014-03-03 17:55 - 2014-03-03 17:30 - 00002005 _____ () C:\Users\*******\Desktop\Messages for Bleeping Computer.txt
2014-03-03 17:55 - 2014-03-03 16:34 - 00012972 _____ () C:\Users\*******\Desktop\dds.txt
2014-03-03 16:26 - 2014-03-03 16:30 - 00688992 ____R (Swearware) C:\Users\MCGARRY\Desktop\dds.com
2014-03-03 06:43 - 2014-03-03 06:39 - 00005232 _____ () C:\Users\*******\Desktop\Rkill.txt
2014-03-03 06:19 - 2014-03-03 06:02 - 00005232 _____ () C:\Users\*******\Desktop\RkillGPM.txt
2014-03-03 05:46 - 2014-03-03 05:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\*******\Desktop\rkillGPM.exe
2014-03-03 05:46 - 2014-03-03 05:56 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\*******\Desktop\rkill.exe
2014-03-01 17:49 - 2014-01-09 02:29 - 00000000 ____D () C:\BasWin13
2014-03-01 16:46 - 2014-03-01 16:46 - 00088992 _____ () C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Template
2014-03-01 15:47 - 2014-03-01 15:47 - 00000000 _____ () C:\Users\*******\AppData\Roaming\wklnhst.dat
2014-03-01 12:25 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\L2Schemas
2014-02-28 22:21 - 2013-01-10 22:59 - 00000000 ____D () C:\BasWin12
2014-02-26 23:26 - 2006-11-02 05:23 - 00000246 _____ () C:\Windows\win.ini
2014-02-23 01:27 - 2011-01-28 19:27 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-02-21 04:13 - 2012-03-29 16:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 04:13 - 2011-05-20 13:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 18:31 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-18 18:09 - 2008-12-30 18:02 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-02-18 00:49 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-02-18 00:32 - 2011-04-03 05:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-18 00:19 - 2006-11-02 07:47 - 00335640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-17 23:12 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-02-17 23:12 - 2006-11-02 07:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-17 23:11 - 2010-03-20 20:20 - 00017976 _____ () C:\Windows\system32\lvcoinst.log
2014-02-17 23:11 - 2009-05-17 21:22 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-02-17 23:11 - 2007-09-11 16:05 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-02-17 23:05 - 2009-11-22 00:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-17 21:54 - 2014-02-17 21:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:17 - 2007-12-07 15:38 - 00000000 ____D () C:\Users\*******
2014-02-14 18:02 - 2011-04-04 12:05 - 00002856 _____ () C:\Windows\setupact.log
2014-02-13 08:20 - 2014-02-13 08:20 - 00000000 ____D () C:\Users\*******\AppData\Local\Intuit,_Inc
2014-02-12 17:19 - 2012-01-12 09:08 - 00000000 ____D () C:\BasWin11
2014-02-06 14:45 - 2014-02-06 14:45 - 00000000 ____D () C:\Users\*******\AppData\Local\Intuit
2014-02-06 13:58 - 2014-02-06 13:40 - 00000000 ____D () C:\ProWin13
2014-02-06 13:45 - 2014-02-06 13:45 - 00000626 _____ () C:\Users\Public\Desktop\ProSeries 2013.lnk
2014-02-06 13:10 - 2014-02-06 13:10 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.ynhbtkh.partial
2014-02-06 13:10 - 2014-02-06 13:10 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.f61w6hd.partial
2014-02-06 13:05 - 2014-02-06 13:05 - 00000000 _____ () C:\Users\*******\Downloads\CoreInstallerTY13_exe.023d57l.partial
2014-02-05 03:58 - 2014-02-17 21:40 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-17 21:40 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-17 21:40 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-17 21:40 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-17 21:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-17 21:40 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-17 21:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-17 21:40 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-17 21:40 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-17 21:40 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-17 21:40 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-17 21:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-17 21:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-17 21:40 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:47 - 2014-02-17 21:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:46 - 2014-02-17 21:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 19:09 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-04 18:17 - 2014-02-04 18:17 - 00000000 ____D () C:\ProgramData\Brother
2014-02-04 02:09 - 2014-01-15 12:28 - 00000080 _____ () C:\Windows\system32\qfxohyr.fmj
2014-02-03 17:27 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\twain_32
2014-02-02 20:39 - 2011-06-24 14:34 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-02-02 20:39 - 2011-06-24 14:34 - 00000034 _____ () C:\Windows\system32\BD2040.DAT
2014-02-02 19:58 - 2008-07-02 00:10 - 00000000 ____D () C:\Windows\pss
2014-02-02 19:13 - 2014-02-02 19:13 - 00012630 _____ () C:\ComboFix.txt
2014-02-02 19:13 - 2014-02-02 18:01 - 00000000 ____D () C:\ComboFix
2014-02-02 19:13 - 2011-04-04 07:54 - 00000000 ____D () C:\Qoobox
2014-02-02 19:05 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-02 17:59 - 2014-02-02 17:58 - 05179159 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2014-02-02 17:53 - 2014-02-02 17:53 - 05179159 _____ (Swearware) C:\Users\*******\Downloads\ComboFix (1).exe
2014-02-02 08:37 - 2014-02-02 08:37 - 00000000 ____D () C:\SUPERDelete
2014-02-01 21:41 - 2008-06-09 20:51 - 00000000 ____D () C:\Windows\Minidump
2014-02-01 21:41 - 2007-09-11 15:49 - 00136338 _____ () C:\Windows\Minidump\Mini020114-01.dmp

ZeroAccess:
C:\Users\*******\AppData\Local\{86b55bb3-2453-4331-b933-8b54c269a60e}

Alureon:
C:\Users\*******\AppData\Local\temp\sitccod\snivheb\wow.dll

Files to move or delete:
====================
C:\ProgramData\r3r722.fee
C:\ProgramData\r3r722.odd
C:\Users\*******\acrobatreader.exe
C:\Users\*******\icq.exe
C:\Users\*******\notepad.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-09-17 03:32] - [2009-04-11 01:28] - 0550912 ____A (Microsoft Corporation) ECB4DC895E9ED3985D29284E17C703FC

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-03 18:14

==================== End Of Log ============================



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:11 PM

Posted 04 March 2014 - 12:10 PM

C:\Users\*******\AppData\Local\{86b55bb3-2453-4331-b933-8b54c269a60e}

Is this the name of the user or did you change all of them in the log before you sent it? If you changed the user names I need you to run FRST again this time not changing the user names and post that log. It is crucially for the fix of this machine.
 
Please make sure that you can view all hidden files.  Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esigs.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotalhttp://www.virustotal.com/



Do you have ads or music playing in the background when there shouldn't be?

Edited by fireman4it, 04 March 2014 - 12:13 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 March 2014 - 12:35 PM

As I noted, the user name was manually blanked out, as the owner is uncomfortable posting his name for the world to see.  It is the only user name used for the PC.  There is another user account set up, but it is never used, and none of the asterisk user names were from that user account.  All of them were the "main" user name.  Is there a way to go through this process without divulging the user name? 



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:11 PM

Posted 04 March 2014 - 02:20 PM

There is no way i can write scripts to fix this machine without the proper usernames in the log. Each script has to be written specifically for that computer and that user for it to work properly.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 04 March 2014 - 03:53 PM

Heya ghwiz9999,

 

I'll take over for now.

 

If I write you a fix, do you think you can modify the name back to the users loginname so that the script will work?

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 March 2014 - 04:38 PM

I wasn't trying to be a pain, and I apologize if "fireman" felt like I was being ungrateful.

 

Myrti, if changing the user name is similar to what I have already done, it wouldn't be a problem at all.  



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 04 March 2014 - 04:53 PM

Heya,
 
 
Don't worry about it. We're all here to help. :) Changing the username would just be substituting the asteriks back to the username. nothing more.
Iit looks like you're quite seriously infected and have been for a while already.  Part of the problem is the outdated software on the machine. I also see leftovers for AVG on your PC, how did you remove it?
 
In addition one or more of the identified infections is a backdoor trojan and a rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 March 2014 - 06:06 PM

The problem is not with my personal PC, but rather, my father's (and brother's) PC.  I don't know what all went on during this PC's life, but I have used it on occasion.  I am not sure what was done regarding AVG.

 

The PC has been lying disconnected from the internet, except for when I post logs from it to you.  I am not sure that a reformat is even feasible, as I don't think the machine's software is even around anymore.

 

I understand that you can't guarantee a "for sure" fix, but at least for now, I would like to try to get it cleaned.

 

The TDSSKiller scan found nothing.


Edited by gwhiz9999, 04 March 2014 - 06:07 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 04 March 2014 - 08:19 PM

Hi,

now that's a bit unusual, but I guess a number of the infections may no longer be active.

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 March 2014 - 10:02 PM

That scan found some things.  I had noted before that the svchost.exe process that is eating up system memory was tied to "DComLaunch" and "PlugPlay" services, and the DComLaunch issue showed up on the scan. 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-04 20:59:57
-----------------------------
20:59:57.831    OS Version: Windows 6.0.6002 Service Pack 2
20:59:57.831    Number of processors: 2 586 0xF0D
20:59:57.831    ComputerName: *******-PC  UserName: *******
20:59:59.079    Initialize success
21:02:25.422    AVAST engine defs: 14030401
21:02:37.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:02:38.017    Disk 0 Vendor: Hitachi_ V56O Size: 476940MB BusType: 3
21:02:38.123    Disk 0 MBR read successfully
21:02:38.139    Disk 0 MBR scan
21:02:38.144    Disk 0 unknown MBR code
21:02:38.157    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS       467673 MB offset 63
21:02:38.191    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         9264 MB offset 957795300
21:02:38.197    Disk 0 scanning sectors +976768065
21:02:38.261    Disk 0 scanning C:\Windows\system32\drivers
21:02:56.074    Service scanning
21:03:00.804    Service DcomLaunch C:\Windows\system32\rpcss.dll **INFECTED** Win32:Patched-AOD [Trj]
21:03:20.412    Service RpcSs C:\Windows\system32\rpcss.dll **INFECTED** Win32:Patched-AOD [Trj]
21:03:30.795    Modules scanning
21:03:49.273    Disk 0 trace - called modules:
21:03:49.288    
21:03:51.112    AVAST engine scan C:\Windows
21:03:58.028    AVAST engine scan C:\Windows\system32
21:05:50.587    File: C:\Windows\system32\rpcss.dll  **INFECTED** Win32:Patched-AOD [Trj]
21:08:01.194    AVAST engine scan C:\Windows\system32\drivers
21:08:25.235    AVAST engine scan C:\Users\*******
21:17:12.047    File: C:\Users\*******\AppData\Local\temp\sjtmqmx\sxxpnjb\wow.dll  **INFECTED** Win32:Agent-ARYP [Trj]
21:17:12.218    File: C:\Users\*******\AppData\Local\temp\smxipvy\suxqnom\wow.dll  **INFECTED** Win32:Malware-gen
21:17:15.760    File: C:\Users\*******\AppData\Local\temp\srqpxpe\scvknxt\wow.dll  **INFECTED** Win32:Malware-gen
21:34:24.240    AVAST engine scan C:\ProgramData
21:39:25.332    Scan finished successfully
21:50:57.708    Disk 0 MBR has been saved successfully to "C:\Users\*******\Desktop\MBR.dat"
21:50:57.724    The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:11 AM

Posted 05 March 2014 - 05:20 AM

Hi,

yes, the rpcss file has been patched and needs replacing. I was trying to see if we need to address the MBR as well. But we can start by removing rpcss.dll. For that we will need a clean copy of rpcss.dll, so let's look for it:

For that please open up FRST.exe and type rpcss.dll into the window, then hit search. Once the search is done you should have a file called search.txt in the same folder as FRST.exe. Please post the content here.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 gwhiz9999

gwhiz9999
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 05 March 2014 - 08:04 AM

Here is the file/log you asked for:
 
 
Farbar Recovery Scan Tool (x86) Version: 04-03-2014 01
Ran by ******* at 2014-03-05 07:43:41
Running from C:\Users\*******\Desktop
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009-09-17 03:32] - [2009-04-11 01:28] - 0550400 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009-04-15 04:47] - [2009-03-02 23:32] - 0551424 ____A (Microsoft Corporation) 4DFCBDEF3CCAA98F99038DED78945253
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2009-04-15 04:47] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-05-12 01:06] - [2008-01-19 02:36] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2009-04-15 04:47] - [2009-03-02 23:17] - 0550400 ____A (Microsoft Corporation) B1BB45E24717A7F790B4411C4446EF5E
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009-04-15 04:47] - [2009-03-02 23:19] - 0549888 ____A (Microsoft Corporation) 7B981222A257D076885BFFB66F19B7CE
 
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
[2006-11-02 03:50] - [2006-11-02 04:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F
 
C:\Windows\System32\rpcss.dll
[2009-09-17 03:32] - [2009-04-11 01:28] - 0550912 ____A (Microsoft Corporation) ECB4DC895E9ED3985D29284E17C703FC
 
C:\Windows\ERDNT\cache\rpcss.dll
[2011-04-03 23:44] - [2009-04-11 01:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9
 
=== End Of Search ===





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users