Laptop acts like it's got a virus any time I get a Windows Update

**Moon Safari** · 13-02-2011

It's reacting really badly to Windows Updates and not successfully installing most of them, I've got a prompt for updates that won't go away and won't install after about 10 attempts. It's making my laptop crash and freeze all the time now.

I've got a screenshot of my Update History I can post tomorrow, thanks if anyone can help, I don't know what to do.

**broni** · 13-02-2011

Please, complete all steps listed here: HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

**Moon Safari** · 14-02-2011

Sorry for delayed reply Broni, I can only get the laptop to run on Safe Mode with networking now, I'll try to go through the above steps now. Thanks.

**Moon Safari** · 14-02-2011

Malwarebytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5763

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

14/02/2011 19:07:59
mbam-log-2011-02-14 (19-07-59).txt

Scan type: Quick scan
Objects scanned: 144680
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Moon Safari** · 14-02-2011

Gmer Log

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-14 19:46:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: g0pryoql.exe; Driver: C:\Users\MARKMC~1\AppData\Local\Temp\axrdifoc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74827817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7487A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7482BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7481F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [748275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7481E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74858395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7482DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7481FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7481FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [748171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [748ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7484C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7481D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74816853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7481687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74822AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\explorer.exe[1532] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Par ameters\Keys\002269d1b739
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Par ameters\Keys\002269d1b739@d4cbaff409fa 0x21 0x57 0x4E 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Paramet ers\Keys\002269d1b739 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Paramet ers\Keys\002269d1b739@d4cbaff409fa 0x21 0x57 0x4E 0xBF ...
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Paramet ers\Keys\002269d1b739 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Paramet ers\Keys\002269d1b739@d4cbaff409fa 0x21 0x57 0x4E 0xBF ...

---- EOF - GMER 1.0.15 ----

**Moon Safari** · 14-02-2011

MBR Check Text

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 8930
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 118):
0x82C14000 \SystemRoot\system32\ntkrnlpa.exe
0x82FCE000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\System32\drivers\mountmgr.sys
0x80791000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83206000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x832DF000 \SystemRoot\system32\drivers\atapi.sys
0x832E7000 \SystemRoot\system32\drivers\ataport.SYS
0x83305000 \SystemRoot\system32\drivers\fltmgr.sys
0x83337000 \SystemRoot\system32\drivers\fileinfo.sys
0x83347000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x83350000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE01000 \SystemRoot\system32\drivers\ndis.sys
0x8AF0C000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF37000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B319000 \SystemRoot\system32\drivers\volsnap.sys
0x8B35A000 \SystemRoot\System32\Drivers\mup.sys
0x8B369000 \SystemRoot\System32\drivers\ecache.sys
0x8B390000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B3B4000 \SystemRoot\system32\drivers\disk.sys
0x8B3C5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3E6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3EF000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8B3F4000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B000000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AF83000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AF8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AFCC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EA09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA96000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8EC0D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EF94000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFA7000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8EFB1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EFBC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFEB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EFED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EAA6000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8EAFE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EFF8000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EB16000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EB45000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EB86000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EB9D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EBA8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EBDA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AFDB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F296000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F2A6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F2A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F2E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F2EA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F2F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F32C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F33D000 \??\C:\Windows\system32\SAVRKBootTasks.sys
0x8F342000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F34B000 \SystemRoot\System32\Drivers\Null.SYS
0x8F352000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F359000 \SystemRoot\System32\drivers\vga.sys
0x8F365000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F386000 \SystemRoot\System32\drivers\watchdog.sys
0x8F392000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F39A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F3A5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F3B3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F3BC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F3D2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F3E9000 \SystemRoot\system32\DRIVERS\smb.sys
0x80799000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x833C1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9020C000 \SystemRoot\system32\drivers\afd.sys
0x90254000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9026A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90278000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x902B4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x902BE000 \SystemRoot\system32\drivers\csc.sys
0x90319000 \SystemRoot\System32\Drivers\dfsc.sys
0x90330000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B113000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9033D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x816B0000 \SystemRoot\System32\win32k.sys
0x9034E000 \SystemRoot\System32\drivers\Dxapi.sys
0x818C0000 \SystemRoot\System32\drivers\dxg.sys
0x818F0000 \SystemRoot\System32\TSDDD.dll
0x81970000 \SystemRoot\System32\framebuf.dll
0x90358000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90382000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9038C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x903A5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x903BA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x805BD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x903D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x807E1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAAC09000 \??\C:\Users\MARKMC~1\AppData\Local\Temp\axrdifoc. sys
0x77630000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
460 csrss.exe
496 csrss.exe
504 C:\Windows\System32\wininit.exe
548 C:\Windows\System32\winlogon.exe
580 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
2024 C:\Program Files\Windows Media Player\wmpnscfg.exe
1532 C:\Windows\explorer.exe
1712 C:\Program Files\Mozilla Firefox\firefox.exe
1780 C:\Program Files\Mozilla Firefox\plugin-container.exe
1512 C:\Users\Mark McL\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c0100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`c2e00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
298 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

**Moon Safari** · 14-02-2011

DDS Text

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Mark McL at 19:58:26.85 on 14/02/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3068.2213 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mark McL\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\users\markmc~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\click-~1.lnk - c:\program files\click-n-type\Click-N-Type.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

================= FIREFOX ===================

FF - ProfilePath - c:\users\markmc~1\appdata\roaming\mozilla\firefox\ profiles\zculsmuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-12-10 18816]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-28 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-17 3658752]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/05/02 03

10];c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-5-2 87536]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/07 18:03:03];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-28 75048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 135664]
S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-28 122368]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [2008-9-28 280192]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2010-8-19 27216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-17 85136]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-7-8 33792]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-7-8 10368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101 x.sys [2008-5-26 40752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-7-22 27904]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-14 07:45:51 -------- d-sh--w- C:\found.008
2011-02-14 06:30:08 -------- d-sh--w- C:\found.007
2011-02-14 02

58 -------- d-sh--w- C:\found.006
2011-02-14 01:37:29 -------- d-sh--w- C:\found.005
2011-02-13 19:18:33 13944160 ----a-w- c:\program files\IE8-WindowsVista-x86-ENU.exe
2011-02-13 18:00:59 -------- d-----w- c:\program files\Feedback Tool
2011-02-11 00:10:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 00:10:40 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 14:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-13 03:44:09 119296 ----a-w- c:\windows\system32\zlib.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-06 21:15:13 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-01-06 21:15:01 319488 ----a-w- c:\windows\HideWin.exe
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 02:47:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 01:00:53 446464 ----a-w- c:\users\mark mcl\TFC.exe
2010-12-17 17:47:25 883488 ----a-w- c:\program files\JavaSetup6u23.exe
2010-12-15 07:51:30 1086304 ----a-w- c:\program files\avg_remover_stf_x86_2011_1165.exe
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-07-03 21:35:55 1013584 ----a-w- c:\program files\TDSSKiller.exe
2010-07-03 12:59:46 294400 ----a-w- c:\program files\exeHelper.com
2010-07-02 13:11:38 3725496 ----a-w- c:\program files\ComboFix.exe
2010-07-02 12:41:23 525824 ----a-w- c:\program files\dds.scr
2010-07-02 00:47:40 1529241 ----a-w- c:\program files\SDFix.exe
2010-06-09 03:17:14 5588664 ----a-w- c:\program files\PoolSharksInstaller.exe
2010-05-17 17:32:33 1339288 ----a-w- c:\program files\sar_15_sfx.exe

============= FINISH: 19:58:39.60 ===============

**Moon Safari** · 14-02-2011

DDS Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 28/09/2008 19:07:00
System Uptime: 14/02/2011 18:46:02 (1 hours ago)

Motherboard: Acer | | Aspire 8930
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | CPU | 2527/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 110.146 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 297.887 GiB free.
E: is FIXED (NTFS) - 139 GiB total, 139.399 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer Crystal Eye Webcam 3.0.6.3
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Alice Greenfingers
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVG 2011
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner
Chuzzle
Click-N-Type
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
DAL Scanner
Daniusoft MP3 WAV Converter(Build 2.0.25)
Diner Dash Flo on the Go
ESET Online Scanner v3
eSobi v2
Feedback Tool
Flip Words 2
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
ITECIR
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Launch Manager
LightScribe 1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Orion
PhotoNow!
Pinnacle Game Profiler
PIXresizer 2.0.4
Pool Sharks 2.1
RealPlayer
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sophos Anti-Rootkit 1.5.4
Spelling Dictionaries Support For Adobe Reader 9
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
Ultimate Extras sounds from Microsoft® Tinker™
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors software
VLC media player 1.0.2
WavePad Sound Editor
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Windows Sound Schemes
Xbox 360 Controller UI

==== Event Viewer Messages From Past Week ========

14/02/2011 19:01:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/02/2011 18:48:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
14/02/2011 18:48:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
14/02/2011 18:48:02, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 18:47:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
14/02/2011 18:47:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/02/2011 18:47:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/02/2011 18:47:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/02/2011 18:47:31, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
14/02/2011 18:47:27, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
14/02/2011 18:42:32, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:23:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/02/2011 17:23:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-SP1-Update~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package-TopLevel~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package-MiniLP~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
14/02/2011 17:22:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17:22:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/02/2011 17

40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
14/02/2011 07:53:40, Error: EventLog [6008] - The previous system shutdown at 23:30:40 on 13/02/2011 was unexpected.
13/02/2011 22:37:50, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
13/02/2011 22:37:50, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
13/02/2011 22:37:45, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
13/02/2011 22:36:40, Error: EventLog [6008] - The previous system shutdown at 22:22:30 on 13/02/2011 was unexpected.
13/02/2011 22:35:35, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
13/02/2011 22

21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073701: Update for Windows (KB944036).
13/02/2011 22:16:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
13/02/2011 22:16:48, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/02/2011 22:16:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
13/02/2011 22:15:38, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
13/02/2011 22:11:38, Error: EventLog [6008] - The previous system shutdown at 22:07:51 on 13/02/2011 was unexpected.
13/02/2011 21:58:47, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
13/02/2011 21:58:44, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.
13/02/2011 19:51:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070570: Update for Windows (KB944036).
13/02/2011 19:51:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070570: Update for Internet Explorer 8 Dynamic Installer Compatibility View List for Windows Vista (KB2447568).
13/02/2011 19:51:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070570: Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB982381).
13/02/2011 19:51:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070570: Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB2482017).
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB982381_ie8~31bf3856ad364e35~x86~~8.0 .1.1 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB982381_ie8_0~31bf3856ad364e35~x86~~8 .0.1.1 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017~31bf3856ad364e35~x86~~8.0.1. 0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017_ie8~31bf3856ad364e35~x86~~8. 0.1.0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017_ie8_0~31bf3856ad364e35~x86~~ 8.0.1.0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568_ie8~31bf3856ad364e35~x86~~8. 0.1.0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568_ie8_0~31bf3856ad364e35~x86~~ 8.0.1.0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB982381~31bf3856ad364e35~x86~~8.0.1 .1 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2482017~31bf3856ad364e35~x86~~8.0. 1.0 () into Absent(Absent) state
13/02/2011 19:49:55, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2447568~31bf3856ad364e35~x86~~8.0. 1.0 () into Absent(Absent) state
13/02/2011 19:49:52, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568~31bf3856ad364e35~x86~~8.0.1. 0 () into Absent(Absent) state
13/02/2011 19:49:51, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB982381~31bf3856ad364e35~x86~~8.0.1.1 () into Absent(Absent) state
13/02/2011 19:47:52, Error: EventLog [6008] - The previous system shutdown at 19:38:54 on 13/02/2011 was unexpected.
13/02/2011 19:31:53, Error: EventLog [6008] - The previous system shutdown at 19:27:13 on 13/02/2011 was unexpected.
13/02/2011 19:13:13, Error: EventLog [6008] - The previous system shutdown at 18:55:14 on 13/02/2011 was unexpected.
13/02/2011 19:12:27, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
13/02/2011 18:51:38, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0820: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2482017).
13/02/2011 18:48:14, Error: EventLog [6008] - The previous system shutdown at 18:34:59 on 13/02/2011 was unexpected.
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package-Package-en-US-MiniLP (Feature Pack) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982664 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982632 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982381 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB981332 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980302 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB980182 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978506 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB978207 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976749 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976662 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB976325 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975364 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB974455 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973874 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972636 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972260 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971961 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971930 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB969897 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2482017 (Security Update) into Install Requested(Install Requested) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2447568 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2416400 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2362765 (Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2360131 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2183461 (Security Update) into Installed(Installed) state
13/02/2011 18:35:25, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Internet Explorer 8_en-US (Language Pack) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB971180 (Update) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB969497 (Update) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB944036 (Product) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package IE8SP1Update (Update) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package IE8RTMUpdate (Update) into Installed(Installed) state
13/02/2011 18:35:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package 944036 (Update) into Uninstall Requested(Uninstall Requested) state
13/02/2011 18:25:59, Error: EventLog [6008] - The previous system shutdown at 18:01:48 on 13/02/2011 was unexpected.
13/02/2011 17:44:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/02/2011 17:40:48, Error: EventLog [6008] - The previous system shutdown at 17:27:42 on 13/02/2011 was unexpected.
13/02/2011 16:36:40, Error: EventLog [6008] - The previous system shutdown at 16:32:07 on 13/02/2011 was unexpected.
13/02/2011 14:47:06, Error: EventLog [6008] - The previous system shutdown at 05:22:49 on 13/02/2011 was unexpected.
13/02/2011 04:55:09, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2482017).
13/02/2011 04:55:08, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2482017 (Security Update) into Staging(Staging) state
13/02/2011 04:55:08, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2482017 (Security Update) into Resolved(Resolved) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-9_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-8_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-7_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-6_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-5_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-46_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-45_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-44_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-43_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-42_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-41_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-40_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-4_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-39_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-38_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-37_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-36_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-35_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-34_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-33_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-32_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-31_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-30_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-3_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-29_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-28_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-27_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-26_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-25_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-24_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-23_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-22_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-21_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-20_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-2_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-19_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-18_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-17_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-16_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-15_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-14_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-13_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-12_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-11_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-10_neutral_GDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:55:03, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2482017-1_neutral_LDR from package KB2482017(Security Update) into Staging(Staging) state
13/02/2011 04:24:57, Error: EventLog [6008] - The previous system shutdown at 04:16:54 on 13/02/2011 was unexpected.
13/02/2011 03:43:54, Error: EventLog [6008] - The previous system shutdown at 03:00:21 on 13/02/2011 was unexpected.
12/02/2011 15:11:39, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00215D3F6DDC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/02/2011 06:36:06, Error: EventLog [6008] - The previous system shutdown at 04:15:34 on 12/02/2011 was unexpected.
12/02/2011 04:09:33, Error: EventLog [6008] - The previous system shutdown at 03:00:28 on 12/02/2011 was unexpected.
11/02/2011 12:36:27, Error: EventLog [6008] - The previous system shutdown at 04:14:30 on 11/02/2011 was unexpected.
11/02/2011 04:00:30, Error: EventLog [6008] - The previous system shutdown at 03:00:16 on 11/02/2011 was unexpected.
11/02/2011 00:08:36, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2482017 (Security Update) into Absent(Absent) state
10/02/2011 23:57:30, Error: EventLog [6008] - The previous system shutdown at 23:37:59 on 10/02/2011 was unexpected.
10/02/2011 23:33:59, Error: EventLog [6008] - The previous system shutdown at 23:26:03 on 10/02/2011 was unexpected.
10/02/2011 23

31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Platform Update Supplement for Windows Vista (KB2117917).
10/02/2011 23:18:03, Error: EventLog [6008] - The previous system shutdown at 23:08:21 on 10/02/2011 was unexpected.
10/02/2011 23:08:19, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2485376).
10/02/2011 23:08:19, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2483185).
10/02/2011 23:05:21, Error: EventLog [6008] - The previous system shutdown at 03:00:21 on 10/02/2011 was unexpected.
09/02/2011 21:03:09, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows Vista (KB2485376).
09/02/2011 21:03:09, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows Vista (KB2483185).

==== End Of File ===========================

**broni** · 14-02-2011

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Moon Safari** · 15-02-2011

Thanks.

Combofix Log

Running from: c:\users\Mark McL\Desktop\yourname.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\users\Mark McL\Desktop\Internet Explorer.lnk

.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-15 03:01 . 2011-02-15 03:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-15 03:01 . 2011-02-15 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 02:53 . 2011-02-15 02:54 -------- d-----w- C:\yourname
2011-02-15 02:43 . 2011-02-15 02:43 -------- d--h--w- c:\windows\PIF
2011-02-15 01:57 . 2011-02-15 02:17 -------- d-----w- C:\ComboFix
2011-02-15 00:53 . 2011-02-02 17:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0EB63D2-139A-46E9-8E93-1DEC537F883B}\mpengine.dll
2011-02-14 07:45 . 2011-02-14 07:45 -------- d-----w- C:\found.008
2011-02-14 06:30 . 2011-02-14 06:30 -------- d-----w- C:\found.007
2011-02-14 02:21 . 2011-02-14 02:21 -------- d-----w- C:\found.006
2011-02-14 01:37 . 2011-02-14 01:37 -------- d-----w- C:\found.005
2011-02-13 19:18 . 2011-02-13 19:18 13944160 ----a-w- c:\program files\IE8-WindowsVista-x86-ENU.exe
2011-02-13 18:00 . 2011-02-13 18:00 -------- d-----w- c:\program files\Feedback Tool
2011-02-11 00:10 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-11 00:10 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-30 14:57 . 2011-01-30 14:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-02-15 00:46 . 2009-09-27 23:24 119296 ----a-w- c:\windows\system32\zlib.dll
2011-02-02 17:11 . 2009-10-03 12:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-06 21:15 . 2008-07-17 12:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-01-06 21:15 . 2010-12-24 06:49 319488 ----a-w- c:\windows\HideWin.exe
2010-12-28 15:55 . 2011-01-12 18:02 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2009-05-24 23:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2009-05-24 23:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 02:47 . 2010-04-27 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 01:00 . 2010-12-20 01:00 446464 ----a-w- c:\users\Mark McL\TFC.exe
2010-12-17 17:47 . 2010-12-17 17:47 883488 ----a-w- c:\program files\JavaSetup6u23.exe
2010-12-15 07:51 . 2010-12-15 07:51 1086304 ----a-w- c:\program files\avg_remover_stf_x86_2011_1165.exe
2010-12-14 14:49 . 2011-01-12 18:02 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-07-03 21:35 . 2010-06-30 16:25 1013584 ----a-w- c:\program files\TDSSKiller.exe
2010-07-03 12:59 . 2010-07-03 12:59 294400 ----a-w- c:\program files\exeHelper.com
2010-07-02 13:11 . 2010-07-02 12:49 3725496 ----a-w- c:\program files\ComboFix.exe
2010-07-02 12:41 . 2010-07-02 12:41 525824 ----a-w- c:\program files\dds.scr
2010-07-02 00:47 . 2010-07-02 00:47 1529241 ----a-w- c:\program files\SDFix.exe
2010-06-09 03:17 . 2010-06-09 03:17 5588664 ----a-w- c:\program files\PoolSharksInstaller.exe
2010-05-17 17:32 . 2010-05-17 17:32 1339288 ----a-w- c:\program files\sar_15_sfx.exe
.

------- Sigcheck -------

[-] 2011-02-13 18:55 . F0E2B8E5CEC2E882E1D0901079CE7AC3 . 12213760 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8080.16413_none _fbe57578ae70873b\mshtml.dll
[-] 2010-11-02 . 9AC463498C480E9EB3C63DC21E4F29C8 . 5959168 . . [8.00.6001.18999] . . c:\windows\System32\mshtml.dll
[-] 2010-11-02 . 9AC463498C480E9EB3C63DC21E4F29C8 . 5959168 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18999_none _f5d3eb7c383792a1\mshtml.dll
[-] 2010-09-08 . 1704FC902E1B53EF87593D60FD312A55 . 5957120 . . [8.00.6001.18975] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2009-04-11 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none _152e8ba81f4b4668\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none _f62e34f637f4eb79\mshtml.dll
[7] 2009-03-03 . 0DCC9623D9A3E77212177F59738BE29A . 3580928 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18226_none _1333784c22344556\mshtml.dll
[7] 2009-03-03 . A77A82830D2BBB001A53A5368934F7EB . 3581440 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22389_none _137f366d3b7fd8cb\mshtml.dll
[7] 2009-03-03 . 94ED56734E8AB74357F8EA2C5C174EA9 . 3595264 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16830_none _113c67fe251b384c\mshtml.dll
[7] 2009-03-03 . 67FFB5ED7723D03B50734614D31B57A5 . 3596800 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21023_none _11d3adb53e2e3b6c\mshtml.dll
[7] 2008-04-25 . 2C2A85BBAB617EDDD19119F66C05B1C3 . 3578368 . . [7.00.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none _130533f222576ec7\mshtml.dll
[7] 2008-04-25 . 13A0AA60B35A6A13152A759536C10203 . 3591680 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none _110754e02542e30a\mshtml.dll
[7] 2008-04-25 . 92A81ADE1E576A53176777260190F3A1 . 3578368 . . [7.00.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none _1392d1e53b7173ed\mshtml.dll
[7] 2008-04-25 . 38EC352C600EB037FE02749F8C170B6B . 3593728 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none _11d3d3ad3e2e0b03\mshtml.dll
[7] 2008-02-22 . 9C4091CD321D6D8BCF9842F109EE574B . 3578368 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none _133073a22236ff03\mshtml.dll
[7] 2008-02-22 . ED2588D1864319C54E79443130A8004B . 3593728 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none _11a1c3533e52feed\mshtml.dll
[7] 2008-02-22 . 977C356E655F357665310C0C95D0DBD4 . 3578368 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none _13b70f8f3b5752c8\mshtml.dll
[7] 2008-02-21 . 3AE6072A86AD8049DD133DB40F73F0C8 . 3591680 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none _113495242520a5f4\mshtml.dll
[7] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none _1343129c22297b1c\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-05-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-08-01 92704]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-21 173288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-09-07 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-01-11 202256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Mark McL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Click-N-Type.LNK - c:\program files\Click-N-Type\Click-N-Type.exe [2009-9-20 905216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-25 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:c *

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mark McL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^autobahn.lnk]
path=c:\users\Mark McL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk
backup=c:\windows\pss\autobahn.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mark McL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Mark McL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 04:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-08-01 16:51 405504 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinnacle Game Profiler]
2010-05-24 20:35 2789376 ----a-w- c:\program files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-21 13:42 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2009-07-27 17:01 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-21 16:19 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-26 17:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/05/02 03:56];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 16:43 87536]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/07 18:03];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 135664]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 599344]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8094.tmp [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2009-05-28 10368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101 x.sys [2008-05-26 40752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 11:03]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 11:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Mark McL\AppData\Roaming\Mozilla\Firefox\Profiles\zculs muv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\RegTweaker\key.dll
HKLM-RunOnce-<NO NAME> - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-15 03:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8094.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1340)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2011-02-15 03:02:13
ComboFix-quarantined-files.txt 2011-02-15 03:02

Pre-Run: 114,600,632,320 bytes free
Post-Run: 114,531,790,848 bytes free

- - End Of File - - 88FAB264B283F60B9D002E7C0C76C73C

Laptop acts like it's got a virus any time I get a Windows Update

Laptop acts like it's got a virus any time I get a Windows Update

Similar Threads

Help. Google links, cannot update, popups, just about everything this time

Do I need to update Quick Time, getting error message

Device Drivers Update For Windows XP for Sony VAIO Laptop

2007 time zone update for Microsoft Windows

First time user of FrontPage - Web Site Update