Jump to content

Recurring Message: "Windows 7 Build 7601 Not a genuine version of Windows"


Recommended Posts

Firstly, unless you had given Microsoft your personal telephone number, I really really doubt the phone call was from MS. It is most likely the call was from a scammer. Next time, hang up on the call.

You need to tell me if this system, at any point, had Norton Symantec installed or Mcafee. Or any 3rd-party firewall.

As to the last things I outlined:

You may physically disconnect from the internet while doing the Windows Repair steps.

And steps marked # 2 and 3 can be done while in Safe mode.

Edited by Maurice Naggar
Link to post
Share on other sites

My system does have McAfee. The computer came with a 3 month free trial of McAfee already preloaded. Then, I was offered the opportunity to purchase it for a year, so I did. I believe a version of NOrton was also pre-loaded, but I declined that one. The McAfee includes a firewall as well as antivirus protection.

I had already completed the things you outlined before I posted last time.

Link to post
Share on other sites

My system does have McAfee. The computer came with a 3 month free trial of McAfee already preloaded. Then, I was offered the opportunity to purchase it for a year, so I did. I believe a version of NOrton was also pre-loaded, but I declined that one. The McAfee includes a firewall as well as antivirus protection.

OK.

Next, download and Save to your system the Norton/Symantec product removal tool from >> here <<

Once save is all done, DO a RIGHT-click on it and Run as Administrator.

When all done, Logoff and Restart your system (fresh).

Hoping this will remove all traces of Norton and just maybe remove a block that may have been left over from it.

Advise me when done.

NEXT:

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • RIGHT click on RSITx64.exe and select Run As Administrator to start RSITx64.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

I have no idea whicj one was there. I never paid any attention to it other than to decline it, and I couldn't find it anywhere on the computer, so I just picked the link that seemed to cover the most things and downloaded and ran the Norton Removal Tool. Next I will proceed to the RSIT instructions.

Link to post
Share on other sites

log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by Ann at 2012-12-16 05:47:17

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 895 GB (96%) free of 936 GB

Total RAM: 8172 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:47:45 AM, on 12/16/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\trend micro\Ann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab

O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11564 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"taskhost.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"

"C:\Program Files\mcafee.com\agent\mcagent.exe" /runkey

"C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

"C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe"

"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"

"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc

"C:\Windows\system32\mfevtps.exe"

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"

"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files (x86)\Nero\Update\NASvc.exe"

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2840995679-1911674583-2934464987-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2840995679-1911674583-2934464987-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

taskeng.exe {1B1BCB62-CACE-4D9A-BEC0-98586F5D3243}

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\Ann\Desktop\RSITx64.exe"

C:\Windows\servicing\TrustedInstaller.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-06-21 322344]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-23 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]

{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07 1152264]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-23 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-30 11660904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-09-12 1535112]

"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]

"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-28 408432]

"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-28 202608]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-26 343168]

"Hotkey Utility"=C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2011-08-10 627304]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2012-12-16 05:47:17 ----D---- C:\rsit

2012-12-16 05:47:17 ----D---- C:\Program Files\trend micro

2012-12-14 07:34:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2012-12-14 07:34:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-12-14 07:34:56 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2012-12-14 07:34:56 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-12-14 07:34:56 ----A---- C:\Windows\system32\mshtmled.dll

2012-12-14 07:34:56 ----A---- C:\Windows\system32\ieUnatt.exe

2012-12-14 07:34:56 ----A---- C:\Windows\system32\ieui.dll

2012-12-14 07:34:55 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-12-14 07:34:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-12-14 07:34:55 ----A---- C:\Windows\SYSWOW64\url.dll

2012-12-14 07:34:55 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2012-12-14 07:34:55 ----A---- C:\Windows\system32\wininet.dll

2012-12-14 07:34:55 ----A---- C:\Windows\system32\urlmon.dll

2012-12-14 07:34:55 ----A---- C:\Windows\system32\url.dll

2012-12-14 07:34:55 ----A---- C:\Windows\system32\msfeeds.dll

2012-12-14 07:34:55 ----A---- C:\Windows\system32\jscript9.dll

2012-12-14 07:34:54 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-12-14 07:34:54 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-12-14 07:34:54 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-12-14 07:34:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-12-14 07:34:54 ----A---- C:\Windows\system32\vbscript.dll

2012-12-14 07:34:54 ----A---- C:\Windows\system32\jsproxy.dll

2012-12-14 07:34:54 ----A---- C:\Windows\system32\jscript.dll

2012-12-14 07:34:54 ----A---- C:\Windows\system32\iertutil.dll

2012-12-14 07:34:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-12-14 07:34:52 ----A---- C:\Windows\system32\mshtml.dll

2012-12-14 07:34:52 ----A---- C:\Windows\system32\ieframe.dll

2012-12-14 07:34:51 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-12-14 07:33:46 ----A---- C:\Windows\system32\winsrv.dll

2012-12-14 07:33:46 ----A---- C:\Windows\system32\KernelBase.dll

2012-12-14 07:33:46 ----A---- C:\Windows\system32\kernel32.dll

2012-12-14 07:33:45 ----A---- C:\Windows\SYSWOW64\KernelBase.dll

2012-12-14 07:33:45 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2012-12-14 07:33:45 ----A---- C:\Windows\system32\conhost.exe

2012-12-14 07:33:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-14 07:33:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-12-14 07:33:44 ----A---- C:\Windows\SYSWOW64\wow32.dll

2012-12-14 07:33:44 ----A---- C:\Windows\SYSWOW64\setup16.exe

2012-12-14 07:33:44 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2012-12-14 07:33:44 ----A---- C:\Windows\SYSWOW64\instnm.exe

2012-12-14 07:33:44 ----A---- C:\Windows\system32\wow64win.dll

2012-12-14 07:33:44 ----A---- C:\Windows\system32\wow64cpu.dll

2012-12-14 07:33:44 ----A---- C:\Windows\system32\wow64.dll

2012-12-14 07:33:44 ----A---- C:\Windows\system32\ntvdm64.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-14 07:33:43 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-14 07:33:42 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-14 07:33:41 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-14 07:33:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-12-14 07:33:39 ----A---- C:\Windows\SYSWOW64\user.exe

2012-12-14 07:33:17 ----A---- C:\Windows\system32\tzres.dll

2012-12-14 07:33:16 ----A---- C:\Windows\SYSWOW64\tzres.dll

2012-12-14 07:33:07 ----A---- C:\Windows\system32\win32k.sys

2012-12-14 07:33:06 ----A---- C:\Windows\SYSWOW64\atmlib.dll

2012-12-14 07:33:06 ----A---- C:\Windows\SYSWOW64\atmfd.dll

2012-12-14 07:33:06 ----A---- C:\Windows\system32\atmlib.dll

2012-12-14 07:33:06 ----A---- C:\Windows\system32\atmfd.dll

2012-12-14 07:33:04 ----A---- C:\Windows\SYSWOW64\dpnet.dll

2012-12-14 07:33:04 ----A---- C:\Windows\system32\dpnet.dll

2012-12-13 13:33:50 ----D---- C:\Windows\system32\catroot2

2012-12-13 13:32:02 ----D---- C:\Windows\SoftwareDistribution

2012-12-13 13:29:59 ----A---- C:\SetACL.exe

2012-12-13 13:24:33 ----A---- C:\subinacl.exe

2012-12-13 12:31:56 ----N---- C:\bootsqm.dat

2012-12-13 12:28:21 ----A---- C:\Windows\PSEXESVC.EXE

2012-12-13 12:27:58 ----D---- C:\Tweaking.com_Windows_Repair_Logs

2012-12-13 12:27:47 ----D---- C:\Program Files (x86)\Tweaking.com

2012-12-11 11:40:13 ----D---- C:\MGADiagToolOutput

2012-12-11 11:40:00 ----D---- C:\ProgramData\Office Genuine Advantage

2012-12-11 11:19:37 ----D---- C:\Windows\temp

2012-12-11 11:19:35 ----A---- C:\ComboFix.txt

2012-12-11 11:17:32 ----D---- C:\$RECYCLE.BIN

2012-12-11 04:31:38 ----D---- C:\Users\Ann\AppData\Roaming\Windows Live Writer

2012-12-10 20:39:17 ----A---- C:\Windows\zip.exe

2012-12-10 20:39:17 ----A---- C:\Windows\SWSC.exe

2012-12-10 20:39:17 ----A---- C:\Windows\SWREG.exe

2012-12-10 20:39:17 ----A---- C:\Windows\sed.exe

2012-12-10 20:39:17 ----A---- C:\Windows\PEV.exe

2012-12-10 20:39:17 ----A---- C:\Windows\NIRCMD.exe

2012-12-10 20:39:17 ----A---- C:\Windows\MBR.exe

2012-12-10 20:39:17 ----A---- C:\Windows\grep.exe

2012-12-10 20:39:13 ----D---- C:\Qoobox

2012-12-08 14:36:56 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-12-08 14:28:42 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-12-08 13:10:56 ----D---- C:\_OTL

2012-12-06 16:36:15 ----A---- C:\AdwCleaner[s1].txt

2012-12-05 06:31:43 ----A---- C:\TDSSKiller.2.8.15.0_05.12.2012_06.31.43_log.txt

2012-12-05 06:29:03 ----A---- C:\TDSSKiller.2.8.15.0_05.12.2012_06.29.03_log.txt

2012-12-05 06:26:56 ----A---- C:\AdwCleaner[R1].txt

2012-12-03 20:58:36 ----D---- C:\Windows\ERDNT

2012-12-03 20:57:29 ----D---- C:\Program Files (x86)\ERUNT

2012-12-01 11:20:06 ----D---- C:\Program Files (x86)\ReadKiddoRead Giving Assistant

2012-11-28 00:42:55 ----D---- C:\Users\Ann\AppData\Roaming\Jewel Match 3

2012-11-15 03:08:53 ----A---- C:\Windows\system32\Wdfres.dll

2012-11-15 03:08:53 ----A---- C:\Windows\system32\drivers\WdfLdr.sys

2012-11-15 03:08:53 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2012-11-15 03:03:22 ----A---- C:\Windows\system32\WUDFx.dll

2012-11-15 03:03:22 ----A---- C:\Windows\system32\WUDFSvc.dll

2012-11-15 03:03:22 ----A---- C:\Windows\system32\WUDFPlatform.dll

2012-11-15 03:03:22 ----A---- C:\Windows\system32\WUDFHost.exe

2012-11-15 03:03:22 ----A---- C:\Windows\system32\WUDFCoinstaller.dll

2012-11-15 03:03:22 ----A---- C:\Windows\system32\drivers\WUDFRd.sys

2012-11-15 03:03:22 ----A---- C:\Windows\system32\drivers\WUDFPf.sys

2012-11-14 21:59:57 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll

2012-11-14 21:59:57 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll

2012-11-14 21:59:57 ----A---- C:\Windows\system32\dhcpcsvc6.dll

2012-11-14 21:59:57 ----A---- C:\Windows\system32\dhcpcore6.dll

2012-11-14 21:59:52 ----A---- C:\Windows\SYSWOW64\ncsi.dll

2012-11-14 21:59:52 ----A---- C:\Windows\system32\ncsi.dll

2012-11-14 21:59:52 ----A---- C:\Windows\system32\drivers\tcpip.sys

2012-11-14 21:59:51 ----A---- C:\Windows\SYSWOW64\nlaapi.dll

2012-11-14 21:59:51 ----A---- C:\Windows\SYSWOW64\netevent.dll

2012-11-14 21:59:51 ----A---- C:\Windows\SYSWOW64\netcorehc.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\nlasvc.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\nlaapi.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\netevent.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\netcorehc.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\iphlpsvc.dll

2012-11-14 21:59:51 ----A---- C:\Windows\system32\drivers\tcpipreg.sys

2012-11-14 21:59:38 ----A---- C:\Windows\SYSWOW64\synceng.dll

2012-11-14 21:59:38 ----A---- C:\Windows\system32\synceng.dll

2012-10-25 15:18:46 ----A---- C:\Windows\system32\drivers\HipShieldK.sys

2012-10-19 23:24:11 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2012-10-19 23:24:11 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-10-19 23:24:11 ----A---- C:\Windows\SYSWOW64\java.exe

2012-10-10 13:24:28 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-10-10 13:24:28 ----A---- C:\Windows\system32\drivers\ntfs.sys

2012-10-10 13:24:27 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-10-10 13:24:27 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-10-10 13:23:59 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2012-10-10 13:23:59 ----A---- C:\Windows\system32\wintrust.dll

2012-10-10 13:23:37 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2012-10-10 13:23:37 ----A---- C:\Windows\system32\kerberos.dll

2012-10-10 13:23:34 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll

2012-10-10 13:23:34 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2012-10-10 13:23:34 ----A---- C:\Windows\system32\cryptsvc.dll

2012-10-10 13:23:34 ----A---- C:\Windows\system32\cryptnet.dll

2012-10-10 13:23:34 ----A---- C:\Windows\system32\crypt32.dll

2012-10-10 13:23:33 ----A---- C:\Windows\SYSWOW64\cryptnet.dll

2012-09-25 14:02:25 ----A---- C:\Windows\system32\OxpsConverter.exe

======List of files/folders modified in the last 3 months======

2012-12-16 05:47:21 ----D---- C:\Windows\System32

2012-12-16 05:47:21 ----D---- C:\Windows\inf

2012-12-16 05:47:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-12-16 05:47:17 ----RD---- C:\Program Files

2012-12-16 05:46:58 ----D---- C:\Windows\system32\config

2012-12-16 05:39:00 ----A---- C:\Windows\SYSWOW64\log.txt

2012-12-16 05:35:19 ----D---- C:\Program Files (x86)\Common Files

2012-12-15 06:25:09 ----D---- C:\Program Files (x86)\McAfee

2012-12-15 06:25:08 ----D---- C:\Program Files\Common Files\mcafee

2012-12-15 00:55:16 ----D---- C:\Windows\system32\drivers

2012-12-15 00:55:16 ----D---- C:\Windows\system32\catroot

2012-12-15 00:53:06 ----SHD---- C:\Windows\Installer

2012-12-14 07:52:38 ----SHD---- C:\System Volume Information

2012-12-14 07:44:59 ----D---- C:\Windows\winsxs

2012-12-14 07:43:36 ----D---- C:\Windows\SYSWOW64\en-US

2012-12-14 07:43:36 ----D---- C:\Windows\SysWOW64

2012-12-14 07:43:36 ----D---- C:\Windows\system32\en-US

2012-12-14 07:43:34 ----D---- C:\Windows\SYSWOW64\migration

2012-12-14 07:43:34 ----D---- C:\Windows\system32\migration

2012-12-14 07:43:34 ----D---- C:\Windows\AppPatch

2012-12-14 07:43:34 ----D---- C:\Program Files (x86)\Internet Explorer

2012-12-14 07:43:33 ----D---- C:\Program Files\Internet Explorer

2012-12-14 07:38:21 ----D---- C:\ProgramData\Microsoft Help

2012-12-14 07:35:59 ----A---- C:\Windows\system32\MRT.exe

2012-12-13 13:32:02 ----D---- C:\Windows

2012-12-13 13:30:58 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2012-12-13 13:30:40 ----D---- C:\Windows\SYSWOW64\wbem

2012-12-13 12:27:47 ----RD---- C:\Program Files (x86)

2012-12-13 01:37:58 ----D---- C:\Windows\Prefetch

2012-12-11 11:40:00 ----D---- C:\ProgramData

2012-12-11 11:17:33 ----A---- C:\Windows\system.ini

2012-12-11 11:17:31 ----D---- C:\Windows\system32\drivers\etc

2012-12-11 11:15:08 ----D---- C:\Windows\SYSWOW64\drivers

2012-12-08 14:37:01 ----D---- C:\ProgramData\Adobe

2012-12-08 14:36:56 ----D---- C:\Windows\Tasks

2012-12-08 14:36:56 ----D---- C:\Windows\system32\Tasks

2012-12-08 14:35:13 ----D---- C:\Program Files (x86)\Adobe

2012-12-08 14:28:50 ----D---- C:\Program Files (x86)\Java

2012-12-04 13:02:53 ----SD---- C:\Users\Ann\AppData\Roaming\Microsoft

2012-12-01 19:48:05 ----D---- C:\Windows\rescache

2012-11-15 15:58:53 ----D---- C:\Windows\Microsoft.NET

2012-11-15 15:58:30 ----RSD---- C:\Windows\assembly

2012-11-15 03:25:51 ----D---- C:\Windows\system32\wbem

2012-11-15 03:25:51 ----D---- C:\Windows\system32\drivers\en-US

2012-11-15 03:25:49 ----RSD---- C:\Windows\Fonts

2012-11-09 06:37:30 ----A---- C:\Windows\system32\mfevtps.exe

2012-11-08 00:50:13 ----D---- C:\ProgramData\Norton

2012-10-25 15:18:58 ----D---- C:\ProgramData\McAfee

2012-10-25 15:18:46 ----D---- C:\Program Files\mcafee

2012-10-25 15:17:51 ----D---- C:\Windows\system32\DriverStore

2012-10-19 18:46:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-06 438808]

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2012-11-09 771096]

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-20 22648]

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-20 20520]

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-20 62776]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-25 10496512]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-25 326656]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2012-11-09 69672]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-06-30 54784]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-06-30 77696]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-30 2647528]

R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2012-11-09 178840]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2012-11-09 309400]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]

R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []

S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-25 204288]

R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-29 36456]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-11-09 241016]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2012-11-09 177680]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

S2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 250808]

S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-20 194032]

S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

S3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe [2012-11-16 383608]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-02 1255736]

S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]

S4 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.09 2012-12-16 05:47:47

======Uninstall list======

-->"C:\Program Files (x86)\Acer Games\Game Explorer Categories - main\Uninstall.exe"

-->"C:\Program Files (x86)\InstallShield Installation Information\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}\setup.exe" -runfromtemp -l0x0409 -removeonly

-->"C:\Program Files (x86)\InstallShield Installation Information\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}\setup.exe" -runfromtemp -l0x0409 -removeonly

Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly

Acer Games-->"C:\Program Files (x86)\Acer Games\Uninstall.exe"

Acer Registration-->C:\Program Files (x86)\Acer\Registration\Uninstall.exe

Acer ScreenSaver-->C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe

Acer Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex

Adobe Reader XI-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"

Agatha Christie - Death on the Nile-->"C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\uninstall\uninstaller.exe"

AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}

AMD AVIVO64 Codecs-->MsiExec.exe /X{DEDB22C7-C2A6-FE67-8EE8-F68419CE2351}

AMD Catalyst Install Manager-->msiexec /q/x{682EBE5A-58A4-37ED-7D1B-5AB6182BF8D5} REBOOT=ReallySuppress

AMD Drag and Drop Transcoding-->MsiExec.exe /X{41F41196-D050-A938-B1E4-7478160C091F}

AMD Media Foundation Decoders-->MsiExec.exe /X{66B57223-522B-F018-CB82-04478543A9A9}

Bejeweled 2 Deluxe-->"C:\Program Files (x86)\Acer Games\Bejeweled 2 Deluxe\uninstall\uninstaller.exe"

Bing Bar-->MsiExec.exe /X{C28D96C0-6A90-459E-A077-A6706F4EC0FC}

Build-a-lot 4 - Power Source-->"C:\Program Files (x86)\Acer Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe"

Catalyst Control Center - Branding-->MsiExec.exe /I{ADB118EC-3B73-41A1-8D07-0AC162C75958}

Chronicles of Albian-->"C:\Program Files (x86)\Acer Games\Chronicles of Albian\uninstall\uninstaller.exe"

clear.fi Client-->"C:\Program Files (x86)\InstallShield Installation Information\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}\setup.exe" -runfromtemp -l0x0009 -removeonly

Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"

Cradle of Rome 2-->"C:\Program Files (x86)\Acer Games\Cradle of Rome 2\uninstall\uninstaller.exe"

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{99F50845-55E3-4E06-9A5A-17D37F4D4FB9}" "1033" "0"

Dora's World Adventure-->"C:\Program Files (x86)\Acer Games\Doras World Adventure\uninstall\uninstaller.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Etron USB3.0 Host Controller-->MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}

Final Drive: Nitro-->"C:\Program Files (x86)\Acer Games\Final Drive Nitro\uninstall\uninstaller.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{488F0347-C4A7-4374-91A7-30818BEDA710}

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E6C807F38EB64284.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\Acer Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe"

Hotkey Utility-->C:\Program Files (x86)\Acer\Hotkey Utility\Uninstall.exe

HP Deskjet 1000 J110 series Basic Device Software-->MsiExec.exe /I{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}

HP Deskjet 1000 J110 series Help-->MsiExec.exe /I{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}

HP Deskjet 1000 J110 series Product Improvement Study-->MsiExec.exe /I{1A570BFA-D775-47EE-8071-06E9559C14F5}

HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exe

HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}

Identity Card-->C:\Program Files (x86)\Acer\Identity Card\Uninstall.exe

Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217007FF}

JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}

Jewel Match 3-->"C:\Program Files (x86)\Acer Games\Jewel Match 3\uninstall\uninstaller.exe"

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

McAfee Internet Security Suite-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Click-to-Run 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall

Microsoft Office Click-to-Run 2010-->MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL

Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mystery of Mortlake Mansion-->"C:\Program Files (x86)\Acer Games\Mystery of Mortlake Mansion\uninstall\uninstaller.exe"

MyWinLocker 4-->MsiExec.exe /X{39F15B50-A977-4CA6-B1C3-6A8724CDA025}

MyWinLocker Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}\setup.exe" -runfromtemp -l0x0409 -removeonly

MyWinLocker Suite-->MsiExec.exe /X{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}

MyWinLocker-->MsiExec.exe /I{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}

Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}

Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}

Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}

Nero DiscSpeed 10 Help (CHM)-->MsiExec.exe /X{C18A0418-442A-4186-AF98-D08F5054A2FC}

Nero DiscSpeed 10-->MsiExec.exe /X{34490F4E-48D0-492E-8249-B48BECF0537C}

Nero Express 10 Help (CHM)-->MsiExec.exe /X{33643918-7957-4839-92C7-EA96CB621A98}

Nero Express 10-->MsiExec.exe /X{70550193-1C22-445C-8FA4-564E155DB1A7}

Nero Multimedia Suite 10 Essentials-->MsiExec.exe /I{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}

Nero StartSmart 10 Help (CHM)-->MsiExec.exe /X{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}

Nero StartSmart 10-->MsiExec.exe /X{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}

Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}

Penguins!-->"C:\Program Files (x86)\Acer Games\Penguins!\uninstall\uninstaller.exe"

Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"

Polar Bowler-->"C:\Program Files (x86)\Acer Games\Polar Bowler\uninstall\uninstaller.exe"

Polar Golfer-->"C:\Program Files (x86)\Acer Games\Polar Golfer\uninstall\uninstaller.exe"

ReadKiddoRead Giving Assistant (remove only)-->C:\Program Files (x86)\ReadKiddoRead Giving Assistant\Uninstall.exe

Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1033" "0"

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1033" "0"

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}" "1033" "0"

Shared C Run-time for x64-->MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054}

Shredder-->MsiExec.exe /I{C2695E83-CF1D-43D1-84FE-B3BEC561012A}

Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Times Reader-->msiexec /qb /x {491ADA37-04EE-2ECE-9F86-DDC0106047AC}

Times Reader-->MsiExec.exe /I{491ADA37-04EE-2ECE-9F86-DDC0106047AC}

Torchlight-->"C:\Program Files (x86)\Acer Games\Torchlight\uninstall\uninstaller.exe"

Tweaking.com - Windows Repair (All in One)-->"C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"

Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C4F26A9B-B121-4135-8084-A0D9C780C7C8}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{460FF681-BC66-4C38-99DF-7012E03F1EBA}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{C633216E-FF30-45B6-B2AB-21922A9353EF}" "1033" "0"

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{47894754-0FEC-4920-9A65-6C1E732587AC}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{5DA2D071-A54C-47C0-83E5-43C63DBFD936}" "1033" "0"

Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"

Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\Acer Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"

Welcome Center-->C:\Program Files (x86)\Acer\Welcome Center\Uninstall.exe

WildTangent Games App (Acer Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\acer\Uninstall.exe"

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh-->MsiExec.exe /I{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger-->MsiExec.exe /X{6057E21C-ABE9-4059-AE3E-3BEB9925E660}

Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}

Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{C893D8C0-1BA0-4517-B11C-E89B65E72F70}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client Resources-->MsiExec.exe /I{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{5E2CD4FB-4538-4831-8176-05D653C3E6D4}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{05E379CC-F626-4E7D-8354-463865B303BF}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{62687B11-58B5-4A18-9BC3-9DF4CE03F194}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{3B9A92DA-6374-4872-B646-253F18624D5F}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Live-->MsiExec.exe /I{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

Zuma's Revenge-->"C:\Program Files (x86)\Acer Games\Zumas Revenge\uninstall\uninstaller.exe"

======System event log======

Computer Name: Ann-PC

Event Code: 4101

Message: Display driver amdkmdap stopped responding and has successfully recovered.

Record Number: 20899

Source Name: Display

Time Written: 20120611230327.000000-000

Event Type: Warning

User:

Computer Name: Ann-PC

Event Code: 4101

Message: Display driver amdkmdap stopped responding and has successfully recovered.

Record Number: 20897

Source Name: Display

Time Written: 20120611230313.000000-000

Event Type: Warning

User:

Computer Name: Ann-PC

Event Code: 7000

Message: The Google Update Service (gupdate) service failed to start due to the following error:

The pipe has been ended.

Record Number: 20700

Source Name: Service Control Manager

Time Written: 20120611005423.733618-000

Event Type: Error

User:

Computer Name: Ann-PC

Event Code: 7039

Message: A service process other than the one launched by the Service Control Manager connected when starting the Google Update Service (gupdate) service. The Service Control Manager launched process 4680 and process 2224 connected instead.

Note that if this service is configured to start under a debugger, this behavior is expected.

Record Number: 20699

Source Name: Service Control Manager

Time Written: 20120611005423.390417-000

Event Type: Warning

User:

Computer Name: Ann-PC

Event Code: 10005

Message: DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:

{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Record Number: 20698

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20120611005423.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Ann-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1552

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120501095756.986934-000

Event Type: Error

User:

Computer Name: Ann-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1551

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120501095756.815334-000

Event Type: Error

User:

Computer Name: Ann-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1550

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120501095756.784134-000

Event Type: Error

User:

Computer Name: Ann-PC

Event Code: 4107

Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

.

Record Number: 1549

Source Name: Microsoft-Windows-CAPI2

Time Written: 20120501095756.784134-000

Event Type: Error

User:

Computer Name: WIN-8QIO0IIRS9P

Event Code: 6001

Message: The winlogon notification subscriber <GPClient> failed a notification event.

Record Number: 1541

Source Name: Microsoft-Windows-Winlogon

Time Written: 20120117081138.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: WIN-8QIO0IIRS9P

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-8QIO0IIRS9P$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x274

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 840

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120117080959.140582-000

Event Type: Audit Success

User:

Computer Name: WIN-8QIO0IIRS9P

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 839

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120117080957.533779-000

Event Type: Audit Success

User:

Computer Name: WIN-8QIO0IIRS9P

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-8QIO0IIRS9P$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x274

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 838

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120117080957.533779-000

Event Type: Audit Success

User:

Computer Name: WIN-8QIO0IIRS9P

Event Code: 4738

Message: A user account was changed.

Subject:

Security ID: S-1-5-21-2840995679-1911674583-2934464987-500

Account Name: Administrator

Account Domain: WIN-8QIO0IIRS9P

Logon ID: 0x35352

Target Account:

Security ID: S-1-5-21-2840995679-1911674583-2934464987-500

Account Name: Administrator

Account Domain: WIN-8QIO0IIRS9P

Changed Attributes:

SAM Account Name: -

Display Name: -

User Principal Name: -

Home Directory: -

Home Drive: -

Script Path: -

Profile Path: -

User Workstations: -

Password Last Set: -

Account Expires: -

Primary Group ID: -

AllowedToDelegateTo: -

Old UAC Value: 0x211

New UAC Value: 0x211

User Account Control: -

User Parameters: -

SID History: -

Logon Hours: -

Additional Information:

Privileges: -

Record Number: 837

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120117080951.387369-000

Event Type: Audit Success

User:

Computer Name: WIN-8QIO0IIRS9P

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-2840995679-1911674583-2934464987-500

Account Name: Administrator

Domain Name: WIN-8QIO0IIRS9P

Logon ID: 0x35352

Record Number: 836

Source Name: Microsoft-Windows-Eventlog

Time Written: 20120117080934.461339-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\EgisTec MyWinLocker;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=2a07

"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log

"windows_tracing_flags"=3

"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------

Link to post
Share on other sites

MyWinlocker appears to be a 3rd-party tool to encrypt files on your hard drive. Yes, if you did NOT buy it and it is still there, Uninstall it using Control Panel, and restart the system fresh.

Then make a new run of DDS and then also SecurityCheck and copy/paste DDS.txt + Checkup.txt for my review.

We should be able to do tools-cleanup and closure on the next round.

Link to post
Share on other sites

.DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Ann at 20:33:43 on 2012-12-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8172.6561 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.insightbb.com/

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab

DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

TCP: NameServer = 74.128.17.114 74.128.19.102

TCP: Interfaces\{15879CE4-7E4D-444A-92FC-92B6C0AD6FBB} : DHCPNameServer = 74.128.17.114 74.128.19.102

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://acer.msn.com

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 339776]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-20 204288]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-17 13336]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-20 244624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-7-20 241016]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-7-20 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-7-20 177680]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-21 231440]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 515528]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-17 533096]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-17 2656280]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-25 196440]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-20 224704]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-3 1255736]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-16 10:47:17 -------- d-----w- C:\Program Files\trend micro

2012-12-14 12:33:46 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-12-13 18:33:50 -------- d-----w- C:\Windows\System32\catroot2

2012-12-13 18:30:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2012-12-13 18:29:59 303616 ----a-w- C:\SetACL.exe

2012-12-13 18:24:33 290304 ----a-w- C:\subinacl.exe

2012-12-13 17:27:58 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs

2012-12-13 17:27:47 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2012-12-11 16:40:13 -------- d-----w- C:\MGADiagToolOutput

2012-12-11 16:17:32 -------- d-----w- C:\$RECYCLE.BIN

2012-12-11 09:31:51 -------- d-----w- C:\Users\Ann\AppData\Local\{3D3027FF-DFE5-41EE-B09F-3AFE51A3E840}

2012-12-11 09:31:38 -------- d-----w- C:\Users\Ann\AppData\Roaming\Windows Live Writer

2012-12-11 09:31:38 -------- d-----w- C:\Users\Ann\AppData\Local\Windows Live Writer

2012-12-11 01:39:17 98816 ----a-w- C:\Windows\sed.exe

2012-12-11 01:39:17 256000 ----a-w- C:\Windows\PEV.exe

2012-12-11 01:39:17 208896 ----a-w- C:\Windows\MBR.exe

2012-12-08 19:36:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-08 19:36:56 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-08 18:10:56 -------- d-----w- C:\_OTL

2012-12-01 16:20:06 -------- d-----w- C:\Program Files (x86)\ReadKiddoRead Giving Assistant

2012-11-28 05:42:55 -------- d-----w- C:\Users\Ann\AppData\Roaming\Jewel Match 3

.

==================== Find3M ====================

.

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 11:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-11-09 11:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-11-09 11:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe

2012-11-09 11:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-11-09 11:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-11-09 11:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-11-09 11:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-11-09 11:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-11-09 11:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

============= FINISH: 20:34:10.90 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5/1/2012 6:02:37 AM

System Uptime: 12/17/2012 3:06:24 PM (5 hours ago)

.

Motherboard: Acer | | Aspire M3970G

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 873.507 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SD/MMC/MS/MSPRO

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC#MS#MSPRO&REV_1.00#8&B400CA5&0&20060413092100000&4#

Manufacturer: Generic-

Name: I:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC#MS#MSPRO&REV_1.00#8&B400CA5&0&20060413092100000&4#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SD/MMC

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#8&B400CA5&0&20060413092100000&2#

Manufacturer: Generic-

Name: G:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#8&B400CA5&0&20060413092100000&2#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Compact Flash

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&B400CA5&0&20060413092100000&0#

Manufacturer: Generic-

Name: E:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#8&B400CA5&0&20060413092100000&0#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SM/xD-Picture

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#8&B400CA5&0&20060413092100000&1#

Manufacturer: Generic-

Name: F:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#8&B400CA5&0&20060413092100000&1#

Service: WUDFRd

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: MS/MS-Pro/HG

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#8&B400CA5&0&20060413092100000&3#

Manufacturer: Generic-

Name: H:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#8&B400CA5&0&20060413092100000&3#

Service: WUDFRd

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI

Adobe Shockwave Player 11.6

Agatha Christie - Death on the Nile

AMD APP SDK Runtime

AMD AVIVO64 Codecs

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Bejeweled 2 Deluxe

Bing Bar

Build-a-lot 4 - Power Source

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chronicles of Albian

clear.fi Client

Coupon Printer for Windows

Cradle of Rome 2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dora's World Adventure

ERUNT 1.1j

Etron USB3.0 Host Controller

Final Drive: Nitro

Galerie de photos Windows Live

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker 2 Premium Edition

Hotkey Utility

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Deskjet 1000 J110 series Product Improvement Study

HP Photo Creations

HP Update

Identity Card

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 9

Java Auto Updater

JavaFX 2.1.1

Jewel Match 3

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Internet Security Suite

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Penguins!

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

ReadKiddoRead Giving Assistant (remove only)

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

Skype™ 5.10

swMSM

Times Reader

Torchlight

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers

Welcome Center

WildTangent Games App (Acer Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

12/17/2012 4:41:14 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

12/17/2012 3:03:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

12/17/2012 3:03:35 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/17/2012 3:02:18 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

12/17/2012 3:00:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.

12/17/2012 1:14:29 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

12/17/2012 1:13:46 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

12/17/2012 1:05:55 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/16/2012 5:44:56 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

12/16/2012 10:46:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/14/2012 7:52:14 AM, Error: Service Control Manager [7022] - The Intel® Management and Security Application User Notification Service service hung on starting.

12/13/2012 12:38:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

12/13/2012 12:38:22 PM, Error: Service Control Manager [7022] - The Software Protection service hung on starting.

12/13/2012 1:44:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

12/13/2012 1:44:04 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/12/2012 5:56:25 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.

12/12/2012 4:00:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.

12/12/2012 4:00:10 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/12/2012 3:57:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

12/12/2012 3:56:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

12/11/2012 11:21:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

12/11/2012 11:21:41 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/11/2012 11:16:33 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/11/2012 11:13:11 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/10/2012 9:37:50 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

12/10/2012 4:17:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

12/10/2012 4:17:15 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/10/2012 4:13:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

12/10/2012 4:13:34 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/10/2012 4:12:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

12/10/2012 4:12:51 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/10/2012 4:11:33 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

.

==== End Of File ===========================

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.1

Java 7 Update 9

Adobe Reader XI

Google Chrome 20.0.1132.57

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your original issue, re, not a genuine version, is cleared up. The security check log report is good.

We are almost ready to wrap up ---but it appears there is some sort of Windows Update issue, whereby it is failing.

Please do this:

See these references on the System Update Readiness Tool and run the SUR

Have plenty of patience while it runs.

http://windows.microsoft.com/en-US/windows7/What-is-the-System-Update-Readiness-Tool

Then make a new run to Microsoft Windows Update and check for Importnant or Critical updates, and apply those.

NEXT:

Download this zip file from here http://sdrv.ms/Kp1lc3 so we can get a report.

Save the zip file to a unique folder.

Extract the contents. Then double-click the vbs file to start it.

You will get a Notepad report named UpdateHistory.txt located in your %temp% (temporary file folder).

The topmost entries (at the top of the file) are the most recent update items.

Copy the topmost 2 pages and then paste into your reply here.

Link to post
Share on other sites

Just wanted to let you know, I am trying my best here, but now every webpage is freezing. I keep getting ">insert website< is not responding, recover webpage?" When I restart the comp and come back, I can't do anything right away. I have to sit and wait for the system to "settle", for lack of a better word, before I attempt to do anything. It's crazy. I was running the SUR, it was taking awhile so I walked away to do other things, when I came back, the screen was black, and when I moved the mouse my entire desktop was completely blank. Now, this has happened to me before, and I always assumed it was a setting in the screen itself that I didn't understand, and I turn the computer off and back on to get the desktop back. But, this time, I don't know if the SUR finished or not, so I am going to run it again while sitting here just to make sure.

Link to post
Share on other sites

ok, all instructions completed. Here is the report:

Report run at 12/18/2012 11:45:02 AM

------------------------------------------------------------------

Title: Update for Windows 7 for x64-based Systems (KB2709981)

Description: Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Date/Time in GMT: 12/18/2012 4:27:54 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Update for Windows 7 for x64-based Systems (KB2574819)

Description: Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

Date/Time in GMT: 12/18/2012 4:27:51 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Update for Windows 7 for x64-based Systems (KB2592687)

Description: The Remote Desktop Protocol 8.0 update enables you to use the new Remote Desktop Services features. These features are introduced in Windows 8 and in Windows Server 2012 and are available for computers that are running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. After you install this item, you may have to restart your computer.

Date/Time in GMT: 12/18/2012 4:27:51 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Advanced Micro Devices, Inc. - Display, Other hardware - AMD Radeon HD 7350

Description: Advanced Micro Devices, Inc. Display, Other hardware software update released in November, 2011

Date/Time in GMT: 12/18/2012 4:27:33 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Hotfix for Windows (KB947821)

Description: Fix for KB947821

Date/Time in GMT: 12/18/2012 4:14:31 PM

Install mechanism: wusa

Install status: Succeeded

------------------------------------------------------------------

Title: Hotfix for Windows (KB947821)

Description: Fix for KB947821

Date/Time in GMT: 12/18/2012 3:10:15 PM

Install mechanism: wusa

Install status: Succeeded

------------------------------------------------------------------

Title: Update for Windows 7 for x64-based Systems (KB2779562)

Description: Install this update to resolve issues caused by revised daylight saving time and time zone laws in several countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2012. After you install this item, you may have to restart your computer.

Date/Time in GMT: 12/14/2012 12:38:36 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Description: A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Date/Time in GMT: 12/14/2012 12:38:22 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Windows 7 for x64-based Systems (KB2779030)

Description: A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Date/Time in GMT: 12/14/2012 12:38:18 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Description: A security vulnerability exists in Microsoft Word 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Date/Time in GMT: 12/14/2012 12:38:07 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Windows Malicious Software Removal Tool x64 - December 2012 (KB890830)

Description: After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.

Date/Time in GMT: 12/14/2012 12:38:00 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Description: A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability.

Date/Time in GMT: 12/14/2012 12:35:57 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Windows 7 for x64-based Systems (KB2753842)

Description: A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Date/Time in GMT: 12/14/2012 12:35:50 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Windows 7 for x64-based Systems (KB2758857)

Description: A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Date/Time in GMT: 12/14/2012 12:35:42 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Security Update for Windows 7 for x64-based Systems (KB2770660)

Description: A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

Date/Time in GMT: 12/14/2012 12:35:30 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761465)

Description: Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Date/Time in GMT: 12/14/2012 12:35:23 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Description: This update provides the latest junk email and malicious links filter definitions for Microsoft Office 2010 32-Bit Edition.

Date/Time in GMT: 12/14/2012 12:34:50 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Title: Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Description: Microsoft has released an update for Microsoft Office 2010 32-Bit Edition. This update provides the latest fixes to Microsoft Office 2010 32-Bit Edition. Additionally, this update contains stability and performance improvements.

Date/Time in GMT: 12/14/2012 12:34:31 PM

Install mechanism: AutomaticUpdates

Install status: Succeeded

------------------------------------------------------------------

Total number of updates found: 18

Number of updates succeeded: 18

Number of updates failed: 0

Number of updates aborted: 0

Link to post
Share on other sites

No need to re-run the SUR tool. You had several successful updates today from Windows Updates. Congratulations.

Any "slow issues" are not necessarily due to malware. They are most likely from other causes.

Here are some recommended articles:

MS Speed up your pc - Win7 / Vista

http://windows.microsoft.com/en-US/windows/explore/speed-up-your-pc

What to do if your Computer is running slowly

http://www.malwareremoval.com/tutorials/runningslowly.php

See Quietman7's Slow Computer/browser? Check Here First

http://www.bleepingcomputer.com/forums/topic87058.html

See Miekiemoes' Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Slow Computer/Browser: Check here first!

http://www.bleepingcomputer.com/forums/topic44694.html

Link to post
Share on other sites

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Ann\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Adwcleaner.exe

Roguekiller.exe

TDSSKILLER.exe

SecurityCheck.exe

FSS.exe

CFscript.txt

MGADiag

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Safer practices & malware prevention

Let me know when you have completed the cleanup steps.cool.gif

Link to post
Share on other sites

Thank you so so so much for everything! :P I did go ahead and get the Spyware Buster. I also went to Trend Micro and ran it, which came back all clean (I've used this site before on other computers.) That said, a lot of the rest of the stuff you recommended, I simply don't understand. To say I am a computer novice is an understatement! This one especially:

I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

See the FAQ page http://mvps.org/winh...02/hostsfaq.htm

That would help to keep your browser away from known spyware/malware sites.

Does the McAfee not cover me enough or what?
Link to post
Share on other sites

The MVP Hosts file adds a layer of protection, whether or not you have McAfee.

The steps for it are fairly simple:

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.

4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews

for information. And you can also sign-up for email notice when Mike publishes updates.

I wish you well. Cheers.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.