False Java Update notification - MS Antispyware - de-activated windows 7 etc

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

False Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:37 am

Hi,

I had a bogus java update notifier which yielded an error stating something like "unable to download update".
I ran CCcleaner and did not see anything strange immediately.
The next time I used the computer MS Security Essentials pops up with a warning and it cleaned it before I could look at it in detail, MS Antispyware pops up and takes over the screen. Task Manager will launch but before any action can be taken it closes. I am unable to run any tools. Power off.
Safe mode
I uninstalled MS Antispyware via the add/remove app. Scanned and deleted all files created within the last hour.
Ran CCcleaner.
Reinstalled AntiMalware Bytes updated and scanned - clean.
Reboot
Back into windows and all my desktop files are gone, and my user account has lost all user program settings. Windows is no longer activated and MS Security Essentials is disabled due to the status of Windows not being a valid license.
I correct the license issue - reboot - then have to reset all my program settings etc. Restore thunderbird email database from backup as well as firefox bookmarks etc as all was wiped.
Uninstalled and re-downloaded java from website. Installed Adaware Free, Installed MS Malicious Software Removal Tool, Updated AntiMalware Bytes, and MS Security Essentials, and ran a continuous scan with all four simultaneously for 2 days. No items discovered.

Here is the continuing symptom:
If I open explorer and browse to my user account and just let it sit, every few minutes I will get a series of popups stating: "Location is not available C:\Users\Kevin\MyDocuments is not accessible. Access is denied." Then all the files in the profile pop up with the same warning as I hit ESC only to end with the last file being renamed in giberish for a few seconds in blue text (I have screen captures of this). Then it all pops back to normal.

I ain't never seen my computer do that - It happens like clockwork every few minutes.

All my scans run with the above were clean.

Ran OTL and aswMBR but......
I cannot seem to attach any of the logs - i get an error about the attachment, and if I paste even just the OTL.txt file I get "the posted message is too long."

Give me an email and I will send them.

HELP!!

Cyber

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:57 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
You will have to break the logs into smaller portions and make multiple posts.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

OTL.txt - Part 1 of 2

OTL logfile created on: 12/1/2011 8:00:58 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 50.82% Memory free
6.49 Gb Paging File | 4.94 Gb Available in Paging File | 76.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 678.00 Gb Free Space | 72.79% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1057.53 Gb Free Space | 56.76% Space Free | Partition Type: NTFS

Computer Name: KEVINSDESKTOP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 18:26:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.com
PRC - [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 19:47:29 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 02:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/21 02:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/09/21 02:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/05/26 13:55:54 | 000,060,416 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
PRC - [2009/12/17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/01/23 18:18:02 | 003,008,000 | ---- | M] () -- C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/30 18:23:20 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 19:47:30 | 001,988,760 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/11/09 19:47:29 | 000,161,944 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/11/09 19:47:29 | 000,021,656 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 18:57:18 | 000,011,264 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
MOD - [2011/04/11 18:56:54 | 000,108,544 | ---- | M] () -- C:\Windows\System32\FileMonitor32.dll
MOD - [2011/03/21 14:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/21 02:42:38 | 000,068,656 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2010/09/21 02:42:20 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2010/05/26 13:55:54 | 000,060,416 | ---- | M] () -- C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
MOD - [2008/01/23 18:18:02 | 003,008,000 | ---- | M] () -- C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/21 02:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 02:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 02:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/09/07 16:04:53 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/28 22:13:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/11/06 11:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/09 09:07:54 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/09/09 09:07:14 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV - [2011/12/01 19:50:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F74F42C5-DF80-4B36-BB3D-4B210EB045A2}\MpKsl45ac175b.sys -- (MpKsl45ac175b)
DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/19 23:25:37 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 05:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 05:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 03:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 02:42:46 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/09/21 02:42:44 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/09/21 02:42:00 | 000,023,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/09/21 02:41:08 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/09/21 02:40:04 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/09/21 01:42:32 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/09/20 23:18:16 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/09/20 23:18:14 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/09/20 23:18:14 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/12/02 12:21:00 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,027,016 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 12:20:54 | 000,123,784 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2008/09/09 11:16:52 | 000,254,320 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\C2SCSI.SYS -- (c2scsi)
DRV - [2008/09/09 10:12:58 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/01/10 11:45:34 | 000,053,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus)
DRV - [2008/01/10 11:45:32 | 000,090,368 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KUSBusByTCP.sys -- (KUSBusByTCP)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 C0 D9 E5 1C 47 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.smartplanet.com/blog/science-scope"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: dnssec@nic.cz:0.17.5beta
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110329release

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 18:23:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/29 19:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/16 18:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/11/16 18:45:31 | 000,000,000 | ---D | M]

[2011/11/27 01:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2010/08/28 19:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/30 22:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\76kgv07m.d\extensions
[2011/11/27 01:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\91rib8sp.d\extensions
[2011/11/27 01:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\91rib8sp.d\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/27 01:23:50 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\91rib8sp.d\extensions\smartlinks@getsmartlinks.com
[2011/11/27 01:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lc1phgdl.k9\extensions
[2011/11/27 01:23:51 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\lc1phgdl.k9\extensions\smartlinks@getsmartlinks.com
[2011/11/29 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\extensions
[2011/11/29 19:38:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/27 01:23:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/27 01:23:53 | 000,000,000 | ---D | M] (DNSSEC Validator) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\extensions\dnssec@nic.cz
[2011/11/27 01:23:53 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\extensions\DTToolbar@toolbarnet.com
[2011/05/19 23:25:23 | 000,002,055 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\searchplugins\daemon-search.xml
[2011/11/30 20:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 07:34:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/27 20:20:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/27 02:02:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYRKAM6W.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYRKAM6W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RYRKAM6W.DEFAULT\EXTENSIONS\SMARTLINKS@GETSMARTLINKS.COM.XPI
[2011/11/30 18:23:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/30 18:23:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Control Center] C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PDHookServer] C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe ()
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{391B7075-76F3-4B09-AF03-906F37C42C55}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\Windows\system32\FileMonitor32.dll) -C:\Windows\System32\FileMonitor32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/07 15:51:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{49c03eca-586a-11e0-a76d-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{49c03eca-586a-11e0-a76d-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{9d80e76b-b3a3-11df-8b88-001e906b3d8f}\Shell - "" = AutoRun
O33 - MountPoints2\{9d80e76b-b3a3-11df-8b88-001e906b3d8f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Privacy Protection - hkey= - key= - File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {27F56718-C944-1810-26CE-5AB00109966D} - Microsoft Windows Media Player 12.0
ActiveX: {2C69D48B-6902-FCAA-8E8F-11AE9DA3F835} - DirectX
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3E6324E5-D607-FE89-B218-985C8C332BB0} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4AD216BC-4F4E-33DA-33BF-9A93C4983BBB} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AF216916-6484-F0F4-E6C8-37B6AFAA0991} - Internet Explorer
ActiveX: {B02D1AFF-2431-789F-5BA5-A75F11E6916E} - DirectX
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D82B295D-16DE-3F71-4FB9-8B67F6FBE308} - Microsoft Windows Media Player 12.0
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F9F05C2A-CB14-71F4-DF65-1BA6DA209E67} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - MSH263.DRV File not found
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

OLT.txt Part 2 of 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 21:58:24 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/30 21:58:24 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/30 21:48:41 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2011/11/30 21:48:38 | 000,543,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
[2011/11/30 20:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/30 06:06:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\AdobeUM
[2011/11/29 23:26:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\vlc
[2011/11/29 19:52:29 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/11/29 19:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/29 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Apple
[2011/11/27 02:27:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Winamp
[2011/11/27 02:23:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Roxio
[2011/11/27 02:02:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/27 02:02:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/27 02:02:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/27 01:56:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2011/11/27 01:35:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Adobe
[2011/11/27 01:35:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2011/11/27 01:32:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\iPodder
[2011/11/27 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Thunderbird
[2011/11/27 01:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2011/11/27 01:22:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Thunderbird_TEST
[2011/11/27 01:22:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Thunderbird
[2011/11/27 01:02:14 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/27 00:59:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Autodesk
[2011/11/27 00:59:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Autodesk
[2011/11/27 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla_TEST
[2011/11/27 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Mozilla
[2011/11/27 00:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Skype
[2011/11/27 00:17:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Apple Computer
[2011/11/27 00:17:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Apple Computer
[2011/11/27 00:17:26 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop
[2011/11/27 00:17:24 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore
[2011/11/27 00:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011/11/27 00:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 00:09:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/27 00:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/27 00:07:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Avanquest Software
[2011/11/24 00:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/16 18:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/16 18:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/16 18:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/16 18:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/09 17:40:29 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2011/12/01 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 19:24:28 | 000,634,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/01 19:24:28 | 000,111,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/01 19:24:13 | 000,006,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:24:13 | 000,006,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 19:17:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 19:17:05 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/01 19:16:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 19:16:47 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 22:31:37 | 000,001,126 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/30 20:59:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/30 19:22:28 | 000,000,512 | ---- | M] () -- C:\Users\Kevin\Desktop\MBR.dat
[2011/11/29 23:18:49 | 000,000,498 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\show desktop - Shortcut.lnk
[2011/11/29 23:13:22 | 000,000,505 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Devices and Printers - Shortcut.lnk
[2011/11/29 23:13:17 | 000,000,104 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Control Panel - Shortcut.lnk
[2011/11/29 19:55:28 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/11/29 19:52:31 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/27 02:20:18 | 000,000,063 | ---- | M] () -- C:\Users\Kevin\Desktop\Tobuscus's Channel - YouTube.URL
[2011/11/27 01:52:23 | 000,000,120 | ---- | M] () -- C:\Users\Kevin\Desktop\About In Memory Of Michael Christopher Simmons (1991 - 2010).URL
[2011/11/27 01:25:22 | 000,002,044 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/27 01:03:16 | 000,002,267 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010.lnk
[2011/11/27 01:01:52 | 000,001,990 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerDesk 8.lnk
[2011/11/27 00:18:49 | 000,001,091 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/27 00:18:49 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 00:01:25 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/22 13:26:12 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/22 08:31:16 | 001,489,492 | ---- | M] () -- C:\Users\Kevin\Documents\A0-1.pdf
[2011/11/18 20:55:44 | 025,145,953 | ---- | M] () -- C:\Users\Kevin\Documents\Gift Certificates.pdf
[2011/11/18 20:54:54 | 008,785,316 | ---- | M] () -- C:\Users\Kevin\Documents\Gift Certificates.jpg
[2011/11/16 18:45:26 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/16 18:43:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/16 18:43:55 | 000,001,753 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/16 18:39:46 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/11/16 18:32:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/10 20:49:19 | 000,424,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/12/01 19:17:05 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/30 20:58:41 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/30 19:22:28 | 000,000,512 | ---- | C] () -- C:\Users\Kevin\Desktop\MBR.dat
[2011/11/29 23:18:49 | 000,000,498 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\show desktop - Shortcut.lnk
[2011/11/29 23:13:22 | 000,000,505 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Devices and Printers - Shortcut.lnk
[2011/11/29 23:13:17 | 000,000,104 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Control Panel - Shortcut.lnk
[2011/11/29 23:08:28 | 000,000,971 | ---- | C] () -- C:\Users\Kevin\Desktop\DVD Shrink 3.2.lnk
[2011/11/29 19:52:31 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/27 02:22:54 | 000,002,208 | ---- | C] () -- C:\Users\Kevin\Desktop\Roxio Creator 10 CE.lnk
[2011/11/27 02:20:18 | 000,000,063 | ---- | C] () -- C:\Users\Kevin\Desktop\Tobuscus's Channel - YouTube.URL
[2011/11/27 01:53:51 | 000,000,053 | ---- | C] () -- C:\Users\Kevin\Desktop\Randomly ordered wallpapers - Wallbase.net.URL
[2011/11/27 01:53:37 | 001,554,081 | ---- | C] () -- C:\Users\Kevin\Desktop\10_windows7_tips.pdf
[2011/11/27 01:52:23 | 000,000,120 | ---- | C] () -- C:\Users\Kevin\Desktop\About In Memory Of Michael Christopher Simmons (1991 - 2010).URL
[2011/11/27 01:35:10 | 000,002,015 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS2.lnk
[2011/11/27 01:34:30 | 000,002,651 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Project 2007.lnk
[2011/11/27 01:34:07 | 000,002,657 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/11/27 01:34:02 | 000,002,655 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/11/27 01:31:57 | 000,000,939 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Juice.lnk
[2011/11/27 01:31:26 | 000,001,753 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/27 01:24:52 | 000,002,044 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/27 01:20:05 | 000,001,126 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/27 01:04:49 | 000,310,168 | ---- | C] () -- C:\Users\Kevin\Documents\Kevin.arg
[2011/11/27 01:03:14 | 000,002,267 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010.lnk
[2011/11/27 01:01:52 | 000,001,990 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerDesk 8.lnk
[2011/11/27 00:19:25 | 000,006,992 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 00:19:25 | 000,006,992 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 00:18:49 | 000,001,091 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/27 00:09:16 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 00:01:25 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/22 08:31:16 | 001,489,492 | ---- | C] () -- C:\Users\Kevin\Documents\A0-1.pdf
[2011/11/18 20:55:39 | 025,145,953 | ---- | C] () -- C:\Users\Kevin\Documents\Gift Certificates.pdf
[2011/11/18 20:54:50 | 008,785,316 | ---- | C] () -- C:\Users\Kevin\Documents\Gift Certificates.jpg
[2011/11/16 18:45:26 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/16 18:43:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/30 22:52:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/04/15 21:20:46 | 000,108,544 | ---- | C] () -- C:\Windows\System32\FileMonitor32.dll
[2011/02/27 13:14:30 | 000,000,871 | ---- | C] () -- C:\Windows\QIII.INI
[2010/08/31 18:04:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/28 22:23:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/28 21:46:33 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,424,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,634,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,111,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/05 13:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 13:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/30 18:23:21 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/30 18:23:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/30 18:23:19 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/06 05:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/01/09 15:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/07/18 18:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/24 16:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\Audible
[2010/08/29 16:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD Architecture 2010
[2010/09/07 16:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/08/28 19:45:31 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest
[2011/04/15 21:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2010/08/30 22:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2011/10/17 23:06:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/11/27 01:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/20 12:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\Celestia
[2011/11/26 23:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/05/19 23:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2011/05/19 23:25:30 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2011/04/10 12:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/10/25 22:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2011/07/09 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2010/10/26 22:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2010/12/21 22:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2010/11/11 14:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/05/20 22:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Flip Video
[2011/11/24 00:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/02/26 20:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\HawkingTech
[2011/05/05 20:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\id Software
[2011/05/05 20:30:31 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/11/30 21:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/11/16 18:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/11/16 18:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/11/27 02:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/08/28 23:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Juice
[2011/11/29 19:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/11/27 01:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/22 19:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/12/07 20:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/09/20 13:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/07 16:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2011/11/30 20:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/10/12 16:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/16 09:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/07 16:01:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/09/20 22:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/11/30 22:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/11/30 18:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/11/09 19:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2011/02/27 13:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mplayer
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/28 22:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/08/30 22:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/26 22:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/11/30 21:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/08/29 21:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Plextor
[2011/02/27 13:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Quake III Arena
[2011/11/16 18:45:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/08/30 12:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Quickview
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/10/26 22:20:56 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/10/17 23:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2011/10/29 07:34:45 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/10/11 21:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\SoundSpectrum
[2011/06/13 21:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Stellarium
[2011/01/19 22:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\TweakNow PowerPack 2010
[2009/07/13 21:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/06/30 21:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/09/24 07:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\VMware
[2011/06/03 20:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/06/03 20:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2011/02/09 21:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\WinBubble
[2011/07/09 09:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/07/09 09:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/03/29 23:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/07/09 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/07/09 09:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 21:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/07/09 09:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/07/09 09:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/07/09 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/08/29 16:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Virtual PC
[2010/08/29 17:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows XP Mode

< MD5 for: AGP440.SYS >
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 18:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 18:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 18:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 18:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 05:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/10 22:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/10 22:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/10 22:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/10 22:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/10 22:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/10 22:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 05:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 05:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-02 03:24:34

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/12 21:24:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/12 21:24:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/30 18:23:19 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/30 18:23:20 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/12 21:24:31 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/12 21:24:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/12 21:24:32 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< End of report >

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 4:08 am

Extras.txt

OTL Extras logfile created on: 12/1/2011 8:36:58 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.65% Memory free
6.49 Gb Paging File | 5.07 Gb Available in Paging File | 78.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 677.16 Gb Free Space | 72.70% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1057.52 Gb Free Space | 56.76% Space Free | Partition Type: NTFS

Computer Name: KEVINSDESKTOP | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [File Finder...] -- C:\Program Files\Avanquest\PowerDesk\pdfind.exe /PATH:%1 (Avanquest Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B4237ED-75E7-4A79-87FB-D35E555BB58E}" = PowerDesk 8 Patch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator 10 CE
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010
"{5783F2D7-8004-0409-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - English
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFD02D2-44CF-4033-97E8-768A82C4C007}" = Roxio Plextor Driver Documentation
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{7F52AAD1-0BB2-4C28-BACC-E52515BCD885}" = HawkingTech Multifunction Print Server
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB3C10B1-C8C2-4197-A687-0901064F68AB}" = Roxio Creator 10 CE
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED0C604-C479-4F8D-B48C-1D1F4D545C91}" = PowerDesk 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{edbd3afb-a04c-46f9-9190-8ec872ac07a4}" = Nero 9 Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Any Video Converter_is1" = Any Video Converter 3.1.7
"AudibleDownloadManager" = Audible Download Manager
"AutoCAD Architecture 2010" = AutoCAD Architecture 2010
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DWG QuickViewer Rel 1.1.0.3" = DWG QuickViewer Rel 1.1.0.3
"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
"EPSON Scanner" = EPSON Scan
"G-Force" = G-Force
"Juice" = Juice 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PRJSTDR" = Microsoft Office Project Standard 2007
"Quake III Arena" = Quake III Arena
"Stellarium_is1" = Stellarium 0.10.6.1
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Detector Plug-in
"WinBubble" = WinBubble

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2011 10:17:02 PM | Computer Name = KevinsDesktop | Source = Adobe Version Cue CS2 | ID = 3
Description = VersionCueCS2.exe: VCStartupCallJavaEntryPoint: Failed to invoke java
entry point 'main' in class 'com.adobe.versioncue.launcher.VCMain' with args ' 0X005EAD60 >{type = mutable, count = 18, values = ( 0 : NULL>]>{contents = "-bundleRoots"} 1 : ]>{contents
= "third_party,plugins"} 2 : ]>{contents
= "-osgi.framework"} 3 : ]>{contents = "third_party/org.eclipse.osgi_3.0.1"}
4
: ]>{contents = "-configuration"} 5 : 0X005E98B8 []>{contents = "config/configuration"} 6 : 0X005E98D8 []>{contents = "-application"} 7 : []>{contents = "com.adobe.versioncue.tomcat.application"} 8 :
]>{contents = "-nl"} 9 : []>{contents = "en_US"} 10 : NULL>]>{contents = "-config"} 11 : ]>{contents
= "config"} 12 : ]>{contents = "-os"} 13
: ]>{contents = "win32"} 14 : []>{contents = "-ws"} 15 : NULL>]>{contents = "win32"} 16 : ]>{contents
= "-arch"} 17 : ]>{contents = "x86"} ) }'

Error - 12/1/2011 10:17:02 PM | Computer Name = KevinsDesktop | Source = Adobe Version Cue CS2 | ID = 3
Description = VersionCueCS2.exe: Exception

Error - 12/1/2011 10:17:02 PM | Computer Name = KevinsDesktop | Source = Adobe Version Cue CS2 | ID = 3
Description = VersionCueCS2.exe: in thread "main"

Error - 12/1/2011 10:20:26 PM | Computer Name = KevinsDesktop | Source = VSS | ID = 8193
Description =

Error - 12/1/2011 10:22:31 PM | Computer Name = KevinsDesktop | Source = MsiInstaller | ID = 1023
Description =

Error - 12/1/2011 10:48:27 PM | Computer Name = KevinsDesktop | Source = VSS | ID = 8193
Description =

Error - 12/1/2011 10:50:02 PM | Computer Name = KevinsDesktop | Source = MsiInstaller | ID = 1023
Description =

Error - 12/1/2011 11:03:17 PM | Computer Name = KevinsDesktop | Source = VSS | ID = 8193
Description =

Error - 12/1/2011 11:19:17 PM | Computer Name = KevinsDesktop | Source = VSS | ID = 8193
Description =

Error - 12/1/2011 11:38:59 PM | Computer Name = KevinsDesktop | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 4/30/2011 9:57:12 AM | Computer Name = KevinsDesktop | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 4/30/2011 10:02:10 AM | Computer Name = KevinsDesktop | Source = DCOM | ID = 10010
Description =

Error - 4/30/2011 10:02:46 AM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2492386).

Error - 4/30/2011 10:02:46 AM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2506928).

Error - 4/30/2011 10:12:29 AM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB982018).

Error - 5/1/2011 2:14:39 PM | Computer Name = KevinsDesktop | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 5/1/2011 2:19:48 PM | Computer Name = KevinsDesktop | Source = DCOM | ID = 10010
Description =

Error - 5/1/2011 2:20:30 PM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2492386).

Error - 5/1/2011 2:20:30 PM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB2506928).

Error - 5/1/2011 2:30:07 PM | Computer Name = KevinsDesktop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800705b4: Update for Windows 7 (KB982018).

< End of report >

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 5:13 am

aswMBR.txt

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-01 21:58:39
-----------------------------
21:58:39.272 OS Version: Windows 6.1.7601 Service Pack 1
21:58:39.272 Number of processors: 2 586 0x1706
21:58:39.272 ComputerName: KEVINSDESKTOP UserName: Kevin
21:58:40.520 Initialize success
21:58:45.949 AVAST engine defs: 11120101
21:58:48.102 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:58:48.102 Disk 0 Vendor: Hitachi_HDS722020ALA330 JKAOA3EA Size: 1907729MB BusType: 3
21:58:48.117 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
21:58:48.117 Disk 1 Vendor: Hitachi_HDE721010SLA330 ST6OA3AA Size: 953869MB BusType: 3
21:58:50.161 Disk 1 MBR read successfully
21:58:50.161 Disk 1 MBR scan
21:58:50.177 Disk 1 Windows 7 default MBR code
21:58:50.177 Disk 1 scanning sectors +1953521664
21:58:50.301 Disk 1 scanning C:\Windows\system32\drivers
21:59:05.387 Service scanning
21:59:07.149 Service MpKslea30619b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F74F42C5-DF80-4B36-BB3D-4B210EB045A2}\MpKslea30619b.sys **LOCKED** 32
21:59:07.149 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:59:07.867 Modules scanning
21:59:16.868 Disk 1 trace - called modules:
21:59:16.884 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
21:59:16.899 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86210030]
21:59:16.899 3 CLASSPNP.SYS[8ca9b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d7a030]
21:59:17.991 AVAST engine scan C:\Windows
21:59:20.550 AVAST engine scan C:\Windows\system32
22:02:58.257 AVAST engine scan C:\Windows\system32\drivers
22:03:27.872 AVAST engine scan C:\Users\Kevin
22:05:40.971 AVAST engine scan C:\ProgramData
22:09:57.168 Scan finished successfully
22:11:58.811 Disk 1 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
22:11:58.916 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 7:08 pm

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************
False Java Update notification - MS Antispyware - de-activated windows 7 etc Mbamicontw5

False Java Update notification - MS Antispyware - de-activated windows 7 etc Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

False Java Update notification - MS Antispyware - de-activated windows 7 etc DDS

False Java Update notification - MS Antispyware - de-activated windows 7 etc DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 3:33 am

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2011 at 08:23 PM

Application Version : 5.0.1136

Core Rules Database Version : 8022
Trace Rules Database Version: 5834

Scan type : Complete Scan
Total Scan Time : 00:20:52

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 42491
Registry threats detected : 0
File items scanned : 22715
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\IQHFAEO0.txt [ /2o7.net ]
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\T59NHAJB.txt [ /perf.overture.com ]
C:\USERS\KEVIN\Cookies\IQHFAEO0.txt [ Cookie:kevin@2o7.net/ ]

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:16 am

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8326

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/6/2011 9:13:08 PM
mbam-log-2011-12-06 (21-13-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 385579
Time elapsed: 39 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:34 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2010 6:22:10 PM
System Uptime: 12/6/2011 9:26:38 PM (0 hours ago)
.
Motherboard: Intel | | 945GCT-M
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | CPU 1 | 2527/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 676.642 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1064.408 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
I: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP302: 11/30/2011 9:47:10 PM - Windows Update
RP303: 11/30/2011 9:50:04 PM - Windows Update
RP304: 11/30/2011 9:52:41 PM - Windows Update
RP305: 11/30/2011 10:00:48 PM - Windows Update
RP306: 11/30/2011 10:18:04 PM - Windows Update
RP307: 11/30/2011 10:22:46 PM - Windows Update
RP308: 11/30/2011 10:26:58 PM - Windows Update
RP309: 11/30/2011 10:30:39 PM - Windows Update
RP310: 11/30/2011 10:45:43 PM - Windows Update
RP311: 11/30/2011 11:21:08 PM - Windows Update
RP312: 12/1/2011 7:20:25 PM - Windows Update
RP313: 12/1/2011 7:48:27 PM - Windows Update
RP314: 12/1/2011 8:03:17 PM - OTL Restore Point - 12/1/2011 8:03:16 PM
RP315: 12/1/2011 8:19:17 PM - Windows Update
RP316: 12/1/2011 8:38:59 PM - OTL Restore Point - 12/1/2011 8:38:59 PM
RP317: 12/3/2011 4:39:16 PM - Removed PowerDesk 8.
RP318: 12/3/2011 4:51:19 PM - Installed PowerDesk 8.
RP319: 12/5/2011 8:19:38 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.6
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advertising Center
Akamai NetSession Interface
Any Video Converter 3.1.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AutoCAD Architecture 2010
AutoCAD Architecture 2010 Language Pack - English
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Autodesk Revit Architecture 2011
Avanquest update
Belarc Advisor 8.1
Bing Bar
Bonjour
CCleaner
Celestia 1.6.0
Compatibility Pack for the 2007 Office system
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
DirectX 9 Runtime
DirectXInstallService
DivX Setup
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DWG QuickViewer Rel 1.1.0.3
EASEUS Todo Backup 1.1
EPSON Scan
FlipShare
G-Force
Google Earth
Google Update Helper
HawkingTech Multifunction Print Server
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
iCloud
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Juice 2.2
Junk Mail filter update
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
Mozilla Thunderbird (8.0)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA Control Panel 275.33
NVIDIA Display Control Panel
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update 1.3.5
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PowerDesk 8
PowerDesk 8 Patch
PVSonyDll
Quake III Arena
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer Decoder Pack
Roxio Creator 10 CE
Roxio File Backup
Roxio Plextor Driver Documentation
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Click to Call
Skype™ 5.5
Stellarium 0.10.6.1
Suite Specific
SUPERAntiSpyware
tools-windows
TweakNow PowerPack 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
VMware Player
Winamp
Winamp Detector Plug-in
WinBubble
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows XP Mode
.
==== Event Viewer Messages From Past Week ========
.
12/6/2011 9:29:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
12/6/2011 9:29:09 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2011 9:27:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/6/2011 9:27:10 PM, Error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2011 9:27:09 PM, Error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
12/6/2011 9:27:06 PM, Error: VMnetDHCP [2] - Can't open C:\ProgramData\VMware\vmnetdhcp.conf: The system cannot find the file specified. / The system cannot find the file specified
12/6/2011 9:27:05 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
12/6/2011 9:27:03 PM, Error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
12/6/2011 8:31:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
12/6/2011 8:29:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/6/2011 8:29:14 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
12/6/2011 7:48:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/5/2011 8:11:18 PM, Error: cdrom [15] - The device, \Device\CdRom1, is not ready for access yet.
12/5/2011 8:11:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
12/5/2011 8:09:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/4/2011 1:53:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/4/2011 1:19:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/3/2011 4:55:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/3/2011 4:48:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/3/2011 3:02:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/1/2011 9:56:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/1/2011 7:50:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
12/1/2011 7:20:57 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
12/1/2011 7:17:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/30/2011 9:27:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).
11/30/2011 9:25:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523).
11/30/2011 9:16:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/30/2011 9:10:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2572078).
11/30/2011 9:09:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
11/30/2011 8:11:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/30/2011 8:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/30/2011 8:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/30/2011 8:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/30/2011 8:11:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/30/2011 8:11:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/30/2011 8:11:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD c2scsi CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/30/2011 8:11:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2011 8:11:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2011 8:11:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2011 8:11:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/30/2011 11:04:39 AM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
11/30/2011 10:42:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/30/2011 10:30:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/30/2011 10:17:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/29/2011 9:41:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/29/2011 9:41:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/29/2011 9:41:04 PM, Error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
11/29/2011 9:40:16 PM, Error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/29/2011 9:39:57 PM, Error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/29/2011 9:39:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 8:04:58 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 8:04:58 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 8:04:58 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/29/2011 7:52:31 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
11/29/2011 7:43:15 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 7:43:11 PM, Error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/29/2011 7:43:08 PM, Error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/29/2011 7:43:04 PM, Error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 7:43:01 PM, Error: Service Control Manager [7031] - The FlipShare Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/29/2011 7:37:51 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 7:29:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:35 am

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kevin at 21:31:33 on 2011-12-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3327.1872 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Avanquest\PowerDesk\PDExploNXP.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [updateMgr] c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PDHookServer] c:\program files\avanquest\powerdesk\PDHookServer.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: []
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Control Center] c:\program files\hawkingtech\multifunction print server\Control Center.exe -mini
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CD Autorun] c:\program files\tweaknow powerpack 2010\CDAuto.exe
StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dialog~1.lnk - c:\program files\avanquest\powerdesk\pddlghlp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{391B7075-76F3-4B09-AF03-906F37C42C55} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\system32\FileMonitor32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\ryrkam6w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smartplanet.com/blog/science-scope
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\ryrkam6w.default\extensions\dnssec@nic.cz\platform\winnt_x86-msvc\components\dnssecWinStubLoader.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-12-21 27016]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-12-21 21896]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-29 64512]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2008-9-9 254320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-19 218688]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslfb073c81;MpKslfb073c81;c:\programdata\microsoft\microsoft antimalware\definition updates\{71c4796e-70d5-4eb8-94f8-5ef88d5fd4a8}\MpKslfb073c81.sys [2011-12-6 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-30 2214504]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-9-21 539184]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-12-21 123784]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-1-10 53632]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-9-9 309744]
S2 SessionLauncher;SessionLauncher;c:\users\kevin\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\kevin\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-12-21 15240]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-1-10 90368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-9-9 1120752]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-28 1343400]
.
=============== Created Last 30 ================
.
2011-12-07 04:27:01 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71c4796e-70d5-4eb8-94f8-5ef88d5fd4a8}\MpKslfb073c81.sys
2011-12-07 04:26:59 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71c4796e-70d5-4eb8-94f8-5ef88d5fd4a8}\offreg.dll
2011-12-07 03:05:14 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{71c4796e-70d5-4eb8-94f8-5ef88d5fd4a8}\mpengine.dll
2011-12-03 04:09:17 -------- d-----w- c:\users\kevin\appdata\roaming\TweakNow PowerPack 2010
2011-12-03 02:53:44 -------- d-----w- c:\users\kevin\appdata\local\Microsoft Games
2011-12-03 02:14:11 -------- d-----w- c:\users\kevin\appdata\roaming\SUPERAntiSpyware.com
2011-12-03 02:13:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-03 02:13:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-02 04:12:16 -------- d-----w- c:\users\kevin\appdata\local\SoundSpectrum
2011-12-01 04:48:41 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-01 04:48:38 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-01 03:58:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-30 02:52:29 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-30 02:52:19 -------- d-----w- c:\program files\Lavasoft
2011-11-30 02:40:17 -------- d-----w- c:\users\kevin\appdata\local\Apple
2011-11-30 02:35:41 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-27 09:02:06 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-11-27 08:35:25 -------- d-----w- c:\users\kevin\appdata\local\Adobe
2011-11-27 08:32:07 -------- d-----w- c:\users\kevin\appdata\roaming\iPodder
2011-11-27 08:22:00 -------- d-----w- c:\users\kevin\appdata\roaming\Thunderbird_TEST
2011-11-27 08:22:00 -------- d-----w- c:\users\kevin\appdata\local\Thunderbird
2011-11-27 07:59:23 -------- d-----w- c:\users\kevin\appdata\roaming\Autodesk
2011-11-27 07:59:23 -------- d-----w- c:\users\kevin\appdata\local\Autodesk
2011-11-27 07:21:09 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f388423c-5595-4199-ae48-25e3d67cdccd}\gapaengine.dll
2011-11-27 07:20:12 -------- d-----w- c:\users\kevin\appdata\roaming\Mozilla_TEST
2011-11-27 07:20:12 -------- d-----w- c:\users\kevin\appdata\local\Mozilla
2011-11-27 07:17:27 -------- d-----w- c:\users\kevin\appdata\local\Apple Computer
2011-11-27 07:17:24 -------- d-----w- c:\users\kevin\appdata\local\VirtualStore
2011-11-27 07:09:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-27 07:09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-17 01:42:53 -------- d-----w- c:\program files\iPod
2011-11-10 00:40:31 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 00:40:30 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-10 00:40:29 2341888 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-11-30 02:55:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-17 01:32:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 21:32:45.15 ===============

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:38 am

By the way - the anomalous behavior continues...

Any ideas?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 1:49 pm

I ran another scan with aswMBR. Here are the logs.

aswMBR.txt
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-06 21:52:29
-----------------------------
21:52:29.950 OS Version: Windows 6.1.7601 Service Pack 1
21:52:29.950 Number of processors: 2 586 0x1706
21:52:29.951 ComputerName: KEVINSDESKTOP UserName: Kevin
21:52:31.413 Initialize success
21:52:36.825 AVAST engine defs: 11120602
21:52:41.734 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:52:41.737 Disk 0 Vendor: Hitachi_HDS722020ALA330 JKAOA3EA Size: 1907729MB BusType: 3
21:52:41.740 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
21:52:41.744 Disk 1 Vendor: Hitachi_HDE721010SLA330 ST6OA3AA Size: 953869MB BusType: 3
21:52:43.775 Disk 1 MBR read successfully
21:52:43.779 Disk 1 MBR scan
21:52:43.786 Disk 1 Windows 7 default MBR code
21:52:43.808 Disk 1 scanning sectors +1953521664
21:52:43.927 Disk 1 scanning C:\Windows\system32\drivers
21:53:01.757 Service scanning
21:53:02.230 Service MpKslfb073c81 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71C4796E-70D5-4EB8-94F8-5EF88D5FD4A8}\MpKslfb073c81.sys **LOCKED** 32
21:53:02.237 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:53:02.926 Modules scanning
21:53:10.795 Disk 1 trace - called modules:
21:53:10.815 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
21:53:10.822 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86210a58]
21:53:10.829 3 CLASSPNP.SYS[8ca8c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d7a030]
21:53:12.350 AVAST engine scan C:\
00:01:18.381 Scan finished successfully
06:44:02.952 Disk 1 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
06:44:03.061 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"
06:44:39.472 Disk 1 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
06:44:39.472 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"
06:45:42.808 Disk 1 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
06:45:42.808 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

MBR.dat:

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ |…ƒÅâñÍˆV UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþNu€~ €„Š ²€ë„U2äŠV Í]ëž>þ}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{šè¦è¦ € ! ß ßþÿÿ ( 8mt Uª

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 7:18 pm

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 5:13 am

ComboFix 11-12-06.02 - Kevin 12/07/2011 21:40:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3327.2138 [GMT -7:00]
Running from: c:\users\Kevin\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 04:55 . 2011-12-08 04:55 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2011-12-08 04:55 . 2011-12-08 04:55 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-12-08 04:55 . 2011-12-08 04:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 03:43 . 2011-12-08 03:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27F8830D-BF3B-4EBE-90F8-AA0C4582252F}\MpKsl808e603b.sys
2011-12-08 03:43 . 2011-12-08 03:43 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27F8830D-BF3B-4EBE-90F8-AA0C4582252F}\offreg.dll
2011-12-08 03:42 . 2011-12-08 03:42 -------- d-----w- c:\users\Kevin\AppData\Roaming\NVIDIA
2011-12-08 03:41 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27F8830D-BF3B-4EBE-90F8-AA0C4582252F}\mpengine.dll
2011-12-08 03:41 . 2011-12-08 03:42 -------- d-----w- c:\program files\DVDFab 8 Qt
2011-12-08 03:39 . 2011-12-08 03:39 -------- d-----w- c:\users\Kevin\AppData\Roaming\DAEMON Tools Lite
2011-12-03 04:09 . 2011-12-03 04:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\TweakNow PowerPack 2010
2011-12-03 02:53 . 2011-12-03 02:54 -------- d-----w- c:\users\Kevin\AppData\Local\Microsoft Games
2011-12-03 02:14 . 2011-12-03 02:14 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 02:13 . 2011-12-03 02:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-03 02:13 . 2011-12-03 02:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-02 04:42 . 2011-12-02 04:42 -------- d-----w- c:\users\Kevin\AppData\Roaming\DivX
2011-12-02 04:12 . 2011-12-02 04:16 -------- d-----w- c:\users\Kevin\AppData\Roaming\SoundSpectrum
2011-12-02 04:12 . 2011-12-02 04:12 -------- d-----w- c:\users\Kevin\AppData\Local\SoundSpectrum
2011-12-01 04:48 . 2011-12-02 04:22 -------- d-----w- c:\users\UpdatusUser
2011-12-01 04:48 . 2011-05-21 13:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-01 04:48 . 2011-05-21 13:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-12-01 03:58 . 2011-12-01 03:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-30 06:26 . 2011-11-30 06:35 -------- d-----w- c:\users\Kevin\AppData\Roaming\vlc
2011-11-30 02:52 . 2011-11-03 19:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-30 02:52 . 2011-11-30 02:52 -------- d-----w- c:\program files\Lavasoft
2011-11-30 02:40 . 2011-11-30 02:40 -------- d-----w- c:\users\Kevin\AppData\Local\Apple
2011-11-30 02:35 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-27 09:27 . 2011-12-07 05:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Winamp
2011-11-27 09:23 . 2011-11-27 09:23 -------- d-----w- c:\users\Kevin\AppData\Roaming\Roxio
2011-11-27 09:02 . 2011-10-03 12:06 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-27 08:35 . 2011-11-30 13:05 -------- d-----w- c:\users\Kevin\AppData\Local\Adobe
2011-11-27 08:32 . 2011-11-30 05:15 -------- d-----w- c:\users\Kevin\AppData\Roaming\iPodder
2011-11-27 08:23 . 2011-11-27 08:23 -------- d-----w- c:\users\Kevin\AppData\Roaming\Thunderbird
2011-11-27 08:22 . 2011-11-27 08:22 -------- d-----w- c:\users\Kevin\AppData\Local\Thunderbird
2011-11-27 07:59 . 2011-11-27 08:01 -------- d-----w- c:\users\Kevin\AppData\Roaming\Autodesk
2011-11-27 07:59 . 2011-11-27 07:59 -------- d-----w- c:\users\Kevin\AppData\Local\Autodesk
2011-11-27 07:21 . 2011-10-05 00:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F388423C-5595-4199-AE48-25E3D67CDCCD}\gapaengine.dll
2011-11-27 07:20 . 2011-11-27 07:20 -------- d-----w- c:\users\Kevin\AppData\Local\Mozilla
2011-11-27 07:17 . 2011-11-27 08:21 -------- d-----w- c:\users\Kevin\AppData\Roaming\Skype
2011-11-27 07:17 . 2011-11-27 08:31 -------- d-----w- c:\users\Kevin\AppData\Roaming\Apple Computer
2011-11-27 07:17 . 2011-11-27 08:30 -------- d-----w- c:\users\Kevin\AppData\Local\Apple Computer
2011-11-27 07:17 . 2011-11-27 07:17 -------- d-----w- c:\users\Kevin\AppData\Local\VirtualStore
2011-11-27 07:17 . 2011-11-27 07:17 -------- d-----w- c:\programdata\VMware
2011-11-27 07:09 . 2011-11-27 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-27 07:09 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 01:42 . 2011-11-17 01:42 -------- d-----w- c:\program files\iPod
2011-11-10 00:40 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 00:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 00:40 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 02:55 . 2010-08-29 03:26 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-17 01:32 . 2011-05-20 03:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 12:06 . 2010-08-31 03:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-01 01:23 . 2011-04-09 23:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
"PDHookServer"="c:\program files\Avanquest\PowerDesk\PDHookServer.exe" [2011-04-12 65880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Control Center"="c:\program files\HawkingTech\Multifunction Print Server\Control Center.exe" [2008-01-24 3008000]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CD Autorun"="c:\program files\TweakNow PowerPack 2010\CDAuto.exe" [2010-08-17 429312]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\Avanquest\PowerDesk\pddlghlp.exe [2011-4-11 87384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-8-28 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-09-09 309744]
R2 SessionLauncher;SessionLauncher;c:\users\Kevin\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-12-02 15240]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-01-10 90368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-09-09 1120752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1343400]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-12-02 27016]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-12-02 21896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 64512]
S1 c2scsi;c2scsi;c:\windows\system32\DRIVERS\c2scsi.sys [2008-09-09 254320]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-20 218688]
S1 MpKsl808e603b;MpKsl808e603b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27F8830D-BF3B-4EBE-90F8-AA0C4582252F}\MpKsl808e603b.sys [2011-12-08 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-09-21 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-01-10 53632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL808E603B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 19:06]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 20:20]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ryrkam6w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.smartplanet.com/blog/science-scope
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Privacy Protection - c:\users\Kevin\AppData\Roaming\privacy.exe
AddRemove-Akamai - c:\users\Kevin\AppData\Local\Akamai\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-07 22:02:37
ComboFix-quarantined-files.txt 2011-12-08 05:02
.
Pre-Run: 725,695,209,472 bytes free
Post-Run: 725,665,304,576 bytes free
.
- - End Of File - - C48B4CF455288CACA29F62FB6212A1CD

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 7:24 pm

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc10th December 2011, 9:05 pm

I tried it - ran as admin etc - still gives me an error:
failed to start service.

SysProt AntiRootkit need to be run with Admin priveleges!

Seams to run but no activity. Is not listed as being compatible with Windows 7.....

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 2:10 am

Ok. Let's try this.

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:56 pm

FYI, on restart - startup failed and had to repair startup with most recent restore point - apparently due to SysProt Antirootkit.

I tried RootRepeal ......

Well when I attempt to run it with or without admin privileges I get the following:

RootReal Error
Attempt to write to address: 0x013fe000

RootReal Error
Attempt to read from address: 0xf11b6f2e

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:57 pm

By the way.... Symptoms still occurring.....

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 2:24 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 4:20 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Intel
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ECS
System Product Name: 945GCT-M
Logical Drives Mask: 0x0000017d

Kernel Drivers (total 221):
0x82C3C000 \SystemRoot\system32\ntoskrnl.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BBE000 \SystemRoot\system32\kdcom.dll
0x8C02F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C0B4000 \SystemRoot\system32\PSHED.dll
0x8C0C5000 \SystemRoot\system32\BOOTVID.dll
0x8C0CD000 \SystemRoot\system32\CLFS.SYS
0x8C10F000 \SystemRoot\system32\CI.dll
0x8C1BA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C22B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C239000 \SystemRoot\system32\drivers\ACPI.sys
0x8C281000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8C28A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8C292000 \SystemRoot\system32\drivers\pci.sys
0x8C2BC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8C2C7000 \SystemRoot\System32\drivers\partmgr.sys
0x8C2D8000 \SystemRoot\system32\drivers\volmgr.sys
0x8C2E8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C333000 \SystemRoot\system32\drivers\intelide.sys
0x8C33A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8C348000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C35E000 \SystemRoot\system32\drivers\vmbus.sys
0x8C388000 \SystemRoot\system32\drivers\winhv.sys
0x8C39A000 \SystemRoot\system32\drivers\atapi.sys
0x8C3A3000 \SystemRoot\system32\drivers\ataport.SYS
0x8C3C6000 \SystemRoot\system32\drivers\amdxata.sys
0x8C42F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C463000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C474000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C483000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C48D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C5BC000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C5E7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C5FA000 \SystemRoot\System32\Drivers\cng.sys
0x8C657000 \SystemRoot\System32\drivers\pcw.sys
0x8C665000 \SystemRoot\system32\drivers\eufs.sys
0x8C66E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C677000 \SystemRoot\system32\drivers\ndis.sys
0x8C72E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C76C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C83F000 \SystemRoot\System32\drivers\tcpip.sys
0x8C989000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C9BA000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C9C3000 \SystemRoot\system32\drivers\volsnap.sys
0x8CA02000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA0A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA37000 \SystemRoot\System32\Drivers\mup.sys
0x8CA47000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CA4F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CA81000 \SystemRoot\system32\drivers\eubakup.sys
0x8CA8B000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CA9C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CAF3000 \SystemRoot\system32\DRIVERS\c2scsi.sys
0x8CB30000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CB56000 \SystemRoot\system32\drivers\cdrom.sys
0x8CB75000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CB9C000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBA3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CBAA000 \SystemRoot\System32\drivers\vga.sys
0x8CBB6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBD7000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBE4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBEC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBF4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C80B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C819000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C830000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C791000 \SystemRoot\system32\drivers\afd.sys
0x93017000 \SystemRoot\System32\DRIVERS\netbt.sys
0x93049000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x93052000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x93059000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93078000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x93088000 \SystemRoot\system32\DRIVERS\netbios.sys
0x93096000 \SystemRoot\system32\DRIVERS\serial.sys
0x930B0000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x930EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x930FE000 \SystemRoot\system32\drivers\vpcvmm.sys
0x93145000 \SystemRoot\system32\drivers\termdd.sys
0x93156000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x93178000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9317E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x931BF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x931C9000 \SystemRoot\system32\drivers\mssmbios.sys
0x931D3000 \SystemRoot\System32\drivers\discache.sys
0x931DF000 \SystemRoot\system32\drivers\csc.sys
0x93243000 \SystemRoot\System32\Drivers\dfsc.sys
0x9325B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x93269000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9328A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96021000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x96A4E000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x96A52000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96B09000 \SystemRoot\System32\drivers\dxgmms1.sys
0x96B42000 \SystemRoot\system32\drivers\HDAudBus.sys
0x96B61000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x96BC3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9329C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x96BCE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96BDD000 \SystemRoot\system32\DRIVERS\fdc.sys
0x96BE8000 \SystemRoot\system32\DRIVERS\parport.sys
0x96000000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9600A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x96010000 \SystemRoot\system32\drivers\CompositeBus.sys
0x932E7000 \SystemRoot\System32\Drivers\KUSBusByTCPMasterBus.sys
0x932F5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93307000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9331F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9332A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9334C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93364000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9337B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93392000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9339C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x933A9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9601D000 \SystemRoot\system32\drivers\swenum.sys
0x933B6000 \SystemRoot\system32\drivers\ks.sys
0x8C400000 \SystemRoot\system32\DRIVERS\EuDisk.sys
0x933EA000 \SystemRoot\system32\drivers\umbus.sys
0x8C3CF000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x93000000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x9601F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9300D000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x93010000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x98C0E000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x98C44000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98C88000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x98C92000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98CA3000 \SystemRoot\system32\drivers\HdAudio.sys
0x98CF3000 \SystemRoot\system32\drivers\portcls.sys
0x98D22000 \SystemRoot\system32\drivers\drmk.sys
0x98D3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x98D52000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98D5D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x98D70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x98D77000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x98D85000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x98D90000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x98D9C000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x98DA1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x825B0000 \SystemRoot\System32\win32k.sys
0x98DAC000 \SystemRoot\System32\drivers\Dxapi.sys
0x98DB6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98DC3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x98DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98DD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98DE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82410000 \SystemRoot\System32\TSDDD.dll
0x82440000 \SystemRoot\System32\cdd.dll
0x82460000 \SystemRoot\System32\ATMFD.DLL
0x98DF3000 \SystemRoot\system32\drivers\luafv.sys
0x98E0E000 \SystemRoot\system32\drivers\WudfPf.sys
0x98E28000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x98E36000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x98E46000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98E59000 \SystemRoot\system32\drivers\HTTP.sys
0x98EDE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x98EF7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98F09000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98F2C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98F67000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98F82000 \??\C:\Windows\system32\drivers\hcmon.sys
0x98F8C000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x98F93000 \??\C:\Windows\system32\Drivers\vmci.sys
0x98FA3000 \??\C:\Windows\system32\Drivers\VMparport.sys
0xA4826000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xA48F5000 \SystemRoot\system32\drivers\peauth.sys
0xA498C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4996000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA49B7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA49C4000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xA49C9000 \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
0xA49CD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A1D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4A75000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA4AEE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA4AF7000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA4B01000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A41549B8-4F3B-4A43-A9F7-1D176C0FC14B}\MpKsle6c0334e.sys
0xA4B1F000 \??\C:\Windows\system32\drivers\rootrepeal.sys
0xA4B42000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4B58000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76DA0000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0x76FE0000 \Windows\System32\apisetschema.dll
0x002C0000 \Windows\System32\autochk.exe
0x76FC0000 \Windows\System32\normaliz.dll
0x76FA0000 \Windows\System32\imm32.dll
0x76C90000 \Windows\System32\urlmon.dll
0x76F40000 \Windows\System32\shlwapi.dll
0x76040000 \Windows\System32\shell32.dll
0x76EF0000 \Windows\System32\gdi32.dll
0x76EE0000 \Windows\System32\psapi.dll
0x76030000 \Windows\System32\lpk.dll
0x75F60000 \Windows\System32\msctf.dll
0x75EC0000 \Windows\System32\advapi32.dll
0x75E80000 \Windows\System32\ws2_32.dll
0x75DB0000 \Windows\System32\user32.dll
0x75D80000 \Windows\System32\imagehlp.dll
0x75CF0000 \Windows\System32\clbcatq.dll
0x75C90000 \Windows\System32\difxapi.dll
0x75BB0000 \Windows\System32\kernel32.dll
0x75B20000 \Windows\System32\oleaut32.dll
0x75A00000 \Windows\System32\wininet.dll
0x759F0000 \Windows\System32\nsi.dll
0x75950000 \Windows\System32\usp10.dll
0x757B0000 \Windows\System32\setupapi.dll
0x755F0000 \Windows\System32\iertutil.dll
0x75540000 \Windows\System32\rpcrt4.dll
0x753E0000 \Windows\System32\ole32.dll
0x75360000 \Windows\System32\comdlg32.dll
0x75310000 \Windows\System32\Wldap32.dll
0x75260000 \Windows\System32\msvcrt.dll
0x75240000 \Windows\System32\sechost.dll
0x751B0000 \Windows\System32\comctl32.dll
0x75190000 \Windows\System32\devobj.dll
0x75160000 \Windows\System32\wintrust.dll
0x75110000 \Windows\System32\KernelBase.dll
0x750E0000 \Windows\System32\cfgmgr32.dll
0x74FC0000 \Windows\System32\crypt32.dll
0x74FB0000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
392 csrss.exe
452 C:\Windows\System32\wininit.exe
464 csrss.exe
500 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\nvvsvc.exe
792 C:\Windows\System32\svchost.exe
856 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
932 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1308 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1324 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1736 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
1948 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
312 C:\Program Files\Bonjour\mDNSResponder.exe
336 C:\Windows\System32\svchost.exe
340 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
1592 C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
1852 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1848 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
808 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
2060 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
2164 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2204 C:\Program Files\VMware\VMware Player\vmware-authd.exe
2332 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2404 unsecapp.exe
2592 WmiPrvSE.exe
2628 WmiPrvSE.exe
2908 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3536 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3656 C:\Windows\System32\SearchIndexer.exe
3044 C:\Windows\System32\dwm.exe
1732 C:\Windows\explorer.exe
3652 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
2752 C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
3200 C:\Program Files\VMware\VMware Player\hqtray.exe
3180 C:\Program Files\HawkingTech\Multifunction Print Server\Control Center.exe
3756 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1988 C:\Program Files\iTunes\iTunesHelper.exe
1436 C:\Program Files\Microsoft Security Client\msseces.exe
1088 C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
1560 C:\Program Files\DAEMON Tools Lite\DTLite.exe
800 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2284 C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
3508 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
2532 C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
3380 C:\Program Files\iPod\bin\iPodService.exe
2280 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
728 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3876 C:\Users\Kevin\Downloads\RootRepeal.exe
3768 C:\Windows\System32\svchost.exe
2252 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
2876 C:\Windows\System32\audiodg.exe
2964 C:\Program Files\Mozilla Firefox\firefox.exe
2072 C:\Windows\System32\SearchProtocolHost.exe
2836 C:\Windows\System32\SearchFilterHost.exe
1144 C:\Users\Kevin\Downloads\MBRCheck.exe
3424 C:\Windows\System32\conhost.exe
2036 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HitachiHDE721010SLA330, Rev: ST6OA3AA
PhysicalDrive0 Model Number: HitachiHDS722020ALA330, Rev: JKAOA3EA

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 7:46 pm

By the way.... Symptoms still occurring......

Just to verify; are the symptoms the same as what you outlined in your opening thread?

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:23 am

Yes, exact same symptoms - have you ever seen that before?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:27 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:28 am

Maybe I should mount my C drive in my 64 bit windows 7 laptop and scan it?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc14th December 2011, 11:40 pm

Good news. The alert is legit. Many only detect Java 6 Update 29 as the latest, but the latest is actually Java 7 Update 1.
The user has the "latest version", or so you think. The Java update alert is real, but Sun/Oracle isn't pushing this update out for some weird reason.
You can get more information and download the latest update here.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 1:20 am

I know the alert is legit - that is why I downloaded it. However a previous alert was also legit but when I attempt to allow these legit alerts apparently I am redirected to a false path and get hit with the "download failed" fake alert and minutes later my MS Security Essentials goes off - then weird stuff ensues.

Apparently the update engine is redirecting the download path and using it to deliver a payload.

Is there a way to clean out this code? I thought by removing it last time and reinstalling java I had achieved this, but apparently its a reg hack or something redirecting me.

In any case I am infected with something that runs about every 5 minutes, apparently scans my personal folders and then quits or goes dormant.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 4:47 am

ok,

So I scanned my c drive for files created on 11/29/2011 - the day it all happened.

Java Update was lats run at 7:35 PM on 11/29/11. Per Java Aplet

I have a file under the following path:
c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

I cannot view contents, delete, copy, or anything to this file.
Open with notepad = access is denied etc. shutting down security essentials has no effect. The file is 4,812,800k

The containing folder seems to be tied to MSSecurity Essentials - but I am not sure if it is legit?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:14 am

Just hunting around and found that I no longer had ownership of folders like c:\users\Kevin\local settings

& certainly not:
c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

I attempted to take ownership of the entire C drive but guess what files I could not take ownership of?

c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:16 am

This was followed of course by:

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:21 am

The attempt to take ownership of everything seemed to work except that it didn't seem to change my effective permissions at all.

Still cannot access local settings - access denied - "unable to display current owner" and I have NO effective permissions at all.....

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 8:28 pm

c:\ program data\miscrost\microsoft antimalware\scans\history\cachemanager\MpScanCache-1.bin

This is a file added by MSE.
I'm checking with a colleague about this problem and I'll be back as soon as I have something.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 3:55 am

ok, I read an article about a bug with similar symptoms and they recommended stopzilla - I looked it up and it looked legit so I installed it - reboot and it "found" catchme.dll and related files in my local settings folder - that I cannot get into - it deleted it then I ran a full scan - here is a list of the results: Vundo.A7 c:\windows\nircmd.exe
vundo.A7 c:\windows\swsc.exe
Google Redirector C:\windows\swreg.exe
Google Redirector C:\windows\swxcacls.exe
lpv4mons hklm\software\microsoft\windows\current version\control panel\load
digital protections d:\kevin's documents\gateway\hcc-145 medical terminology for health care workers\application\cd\content\audio\virus.mp3 (false positive?)
Winexec32 c:\avenger.txt (false positive in log)
Gain.Gator autocad drawing file? (false positive?)
Trojan.Win32.Cognac!a c:\windows\pev.exe

I manually put everything in the recycle bin. now I find that my IE icon is gone and - well I use firefox with nosript anyway but when I opened your site as usual the page does not display correctly - this text window it 3/4 of an inch square! and so I changed my default browser to get to IE and it displayed your site correctly but then I got a popup as follows:Caution! Your computer contains a variety of suspicious programs. Your System requires immediate checking! The system will perform a fast and free check your PC for malicious programs. only an OK button of course. I killed it with task manager.
I just finished another of many scans with antimalware bytes - 000000 infections! This is so fun!

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:07 am

Well I updated antimalware and superantispyware and and running simultaneous scans - I opened up firefox again and now your site looks normal.

Before this I ran CC cleaner to kill anything I might have picked up by running IE and of course it deleted everything in my recycle bin - so hopefully the listed files in the previous stopzilla log are not important!

Here is a screen capture of the "Message from webpage"

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:16 am

Its reaaaaalllly hard to post images!!!!

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:26 am

my computer says that IExporer.exe does not exist - yet something that looks like it runs if I click a web link......

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:43 am

OK downloaded MS Safety Scanner and am running a full scan....

MS Security Essentials was not running for some reason - ran it - updated it - quick scan revealed to infections:

Trojan:JS/redirector.HQ Removed
VirTool:JS/Obfuscator.CA Quarantined

I will run a full scan next

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 7:13 pm

Did I not ask you to not run any scans unless I asked you to run them?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 1:19 am

No you said not to remove anything and just report results.
The removals were automatic, and my intent was to keep everything in my recycle bin.

In any case we were not exactly getting anywhere.

I now have the drive in question hooked up to my laptop as a slave and have scanned it with antimalware - clean - it always runs clean - which really surprises me.

I am currently scanning with ms security essentials. Do you have any specific suggestions now that we are not running the os on that drive?

Whatever this bug is it sure hides reeeaaaalllly well.

Thanks for your help

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 2:50 pm

Well, even external scans of the drive with both AntiMalware Bytes and MS Security Essentials come up clean.

Do you have anything you want me to try?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:23 pm

FYI,

I recreated the IE icon - iexplore.exe is located exactly were it should be.

When I use IE to go to GeekPolice.net I still get the popup:

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:24 pm

Here is the message

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:27 pm

Why is this so hard?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:46 pm

So I tried using IE to go to another site - Wallbase.net

Worked fine - after a few seconds I got the popup:

Internet Explorer has stopped working

A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available.

Close program button

I of course CTRL-ALT-DEL and END these

After doing so IE continued to run and was not locked up at all. Just to be safe I killed it as well.

The only real difference is I have add ons for firefox - NOSCRIPT as recommended by you guys - works great! also running Addblock plus, and WOT.

I found a site indicating the "message from website" is a add based attach but this seems to be active on any page and comes with different bait messages - so I think it is local to this system.

I have been watching to see if the original issue of the personal folders - access denied and weird rename is still occurring - not seen it yet. Maybe we killed that one?!!

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:53 pm

Oh well - strike that last; it just did the access denied trick again.

So far we have found nothing and removed nothing associated with this.

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 6:35 pm

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

c:\windows\system32\deployJava1.dll

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
******************************************************

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:17 am

Jotti's found nothing

TDSSKiller found nothing..

18:14:01.0820 0344 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:14:02.0350 0344 ============================================================
18:14:02.0350 0344 Current date / time: 2011/12/19 18:14:02.0350
18:14:02.0350 0344 SystemInfo:
18:14:02.0350 0344
18:14:02.0350 0344 OS Version: 6.1.7601 ServicePack: 1.0
18:14:02.0350 0344 Product type: Workstation
18:14:02.0350 0344 ComputerName: KEVINSDESKTOP
18:14:02.0350 0344 UserName: Kevin
18:14:02.0350 0344 Windows directory: C:\Windows
18:14:02.0350 0344 System windows directory: C:\Windows
18:14:02.0350 0344 Processor architecture: Intel x86
18:14:02.0350 0344 Number of processors: 2
18:14:02.0350 0344 Page size: 0x1000
18:14:02.0350 0344 Boot type: Normal boot
18:14:02.0350 0344 ============================================================
18:14:03.0520 0344 Initialize success
18:14:37.0934 3492 ============================================================
18:14:37.0934 3492 Scan started
18:14:37.0934 3492 Mode: Manual;
18:14:37.0934 3492 ============================================================
18:14:38.0355 3492 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:14:38.0355 3492 1394ohci - ok
18:14:38.0387 3492 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:14:38.0387 3492 ACPI - ok
18:14:38.0402 3492 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:14:38.0402 3492 AcpiPmi - ok
18:14:38.0433 3492 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:14:38.0433 3492 adp94xx - ok
18:14:38.0449 3492 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:14:38.0449 3492 adpahci - ok
18:14:38.0465 3492 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:14:38.0465 3492 adpu320 - ok
18:14:38.0511 3492 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:14:38.0511 3492 AFD - ok
18:14:38.0527 3492 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:14:38.0527 3492 agp440 - ok
18:14:38.0543 3492 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:14:38.0543 3492 aic78xx - ok
18:14:38.0636 3492 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:14:38.0636 3492 aliide - ok
18:14:38.0652 3492 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:14:38.0652 3492 amdagp - ok
18:14:38.0667 3492 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:14:38.0667 3492 amdide - ok
18:14:38.0699 3492 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:14:38.0699 3492 AmdK8 - ok
18:14:38.0714 3492 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:14:38.0714 3492 AmdPPM - ok
18:14:38.0730 3492 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:14:38.0730 3492 amdsata - ok
18:14:38.0745 3492 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:14:38.0745 3492 amdsbs - ok
18:14:38.0761 3492 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:14:38.0761 3492 amdxata - ok
18:14:38.0808 3492 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:14:38.0823 3492 AppID - ok
18:14:38.0855 3492 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:14:38.0855 3492 arc - ok
18:14:38.0870 3492 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:14:38.0870 3492 arcsas - ok
18:14:38.0917 3492 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:14:38.0917 3492 AsyncMac - ok
18:14:38.0948 3492 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:14:38.0948 3492 atapi - ok
18:14:38.0995 3492 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:14:38.0995 3492 b06bdrv - ok
18:14:39.0011 3492 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:14:39.0011 3492 b57nd60x - ok
18:14:39.0026 3492 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:14:39.0026 3492 Beep - ok
18:14:39.0057 3492 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:14:39.0057 3492 blbdrive - ok
18:14:39.0089 3492 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:14:39.0089 3492 bowser - ok
18:14:39.0104 3492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:14:39.0104 3492 BrFiltLo - ok
18:14:39.0120 3492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:14:39.0120 3492 BrFiltUp - ok
18:14:39.0151 3492 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:14:39.0151 3492 Brserid - ok
18:14:39.0182 3492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:39.0182 3492 BrSerWdm - ok
18:14:39.0198 3492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:39.0198 3492 BrUsbMdm - ok
18:14:39.0198 3492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:39.0213 3492 BrUsbSer - ok
18:14:39.0229 3492 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:14:39.0229 3492 BTHMODEM - ok
18:14:39.0260 3492 c2scsi (35e02592f9d3b6f8133e55862c81f50e) C:\Windows\system32\DRIVERS\c2scsi.sys
18:14:39.0260 3492 c2scsi - ok
18:14:39.0307 3492 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\Windows\system32\Drivers\SPCA561.SYS
18:14:39.0307 3492 CA561 - ok
18:14:39.0323 3492 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:14:39.0338 3492 cdfs - ok
18:14:39.0369 3492 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:14:39.0369 3492 cdrom - ok
18:14:39.0401 3492 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:14:39.0401 3492 circlass - ok
18:14:39.0432 3492 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:14:39.0432 3492 CLFS - ok
18:14:39.0463 3492 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:39.0463 3492 CmBatt - ok
18:14:39.0494 3492 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:14:39.0494 3492 cmdide - ok
18:14:39.0510 3492 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:14:39.0525 3492 CNG - ok
18:14:39.0541 3492 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:14:39.0541 3492 Compbatt - ok
18:14:39.0572 3492 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:14:39.0572 3492 CompositeBus - ok
18:14:39.0588 3492 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:14:39.0588 3492 crcdisk - ok
18:14:39.0635 3492 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:14:39.0635 3492 CSC - ok
18:14:39.0666 3492 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:14:39.0666 3492 DfsC - ok
18:14:39.0697 3492 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:14:39.0697 3492 discache - ok
18:14:39.0728 3492 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:14:39.0728 3492 Disk - ok
18:14:39.0775 3492 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:14:39.0775 3492 drmkaud - ok
18:14:39.0806 3492 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:14:39.0822 3492 dtsoftbus01 - ok
18:14:39.0853 3492 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:14:39.0869 3492 DXGKrnl - ok
18:14:39.0947 3492 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:14:39.0978 3492 ebdrv - ok
18:14:40.0025 3492 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:14:40.0025 3492 elxstor - ok
18:14:40.0040 3492 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:14:40.0040 3492 ErrDev - ok
18:14:40.0165 3492 EUBAKUP (f79bcfe089804b6c2994f80bc343373a) C:\Windows\system32\drivers\eubakup.sys
18:14:40.0181 3492 EUBAKUP - ok
18:14:40.0196 3492 EuDisk (c4bc617b3608624cdb7cdd1606691066) C:\Windows\system32\DRIVERS\EuDisk.sys
18:14:40.0212 3492 EuDisk - ok
18:14:40.0243 3492 EUDSKACS (1436f419be2486cb5f004b2ad3abc6e7) C:\Windows\system32\drivers\eudskacs.sys
18:14:40.0259 3492 EUDSKACS - ok
18:14:40.0274 3492 EUFS (fcfe5df3dbd650d6dd0d1e1aa6832e2d) C:\Windows\system32\drivers\eufs.sys
18:14:40.0290 3492 EUFS - ok
18:14:40.0321 3492 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:14:40.0321 3492 exfat - ok
18:14:40.0337 3492 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:14:40.0337 3492 fastfat - ok
18:14:40.0383 3492 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:14:40.0383 3492 fdc - ok
18:14:40.0399 3492 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:14:40.0399 3492 FileInfo - ok
18:14:40.0415 3492 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:14:40.0415 3492 Filetrace - ok
18:14:40.0446 3492 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:40.0446 3492 flpydisk - ok
18:14:40.0461 3492 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:14:40.0461 3492 FltMgr - ok
18:14:40.0477 3492 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:14:40.0477 3492 FsDepends - ok
18:14:40.0524 3492 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:14:40.0524 3492 fssfltr - ok
18:14:40.0555 3492 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:14:40.0555 3492 Fs_Rec - ok
18:14:40.0586 3492 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:14:40.0586 3492 fvevol - ok
18:14:40.0602 3492 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:14:40.0602 3492 gagp30kx - ok
18:14:40.0617 3492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:14:40.0617 3492 GEARAspiWDM - ok
18:14:40.0664 3492 hcmon (6934d249d27aab3a0d86e4da9c3ae006) C:\Windows\system32\drivers\hcmon.sys
18:14:40.0664 3492 hcmon - ok
18:14:40.0711 3492 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:14:40.0711 3492 hcw85cir - ok
18:14:40.0742 3492 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:14:40.0758 3492 HdAudAddService - ok
18:14:40.0773 3492 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:14:40.0773 3492 HDAudBus - ok
18:14:40.0789 3492 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:14:40.0789 3492 HidBatt - ok
18:14:40.0805 3492 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:14:40.0805 3492 HidBth - ok
18:14:40.0805 3492 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:14:40.0820 3492 HidIr - ok
18:14:40.0851 3492 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:14:40.0851 3492 HidUsb - ok
18:14:40.0867 3492 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:14:40.0883 3492 HpSAMD - ok
18:14:40.0914 3492 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:14:40.0914 3492 HTTP - ok
18:14:40.0945 3492 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:14:40.0945 3492 hwpolicy - ok
18:14:40.0961 3492 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:14:40.0961 3492 i8042prt - ok
18:14:40.0976 3492 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:14:40.0992 3492 iaStorV - ok
18:14:41.0054 3492 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:14:41.0054 3492 iirsp - ok
18:14:41.0070 3492 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:14:41.0070 3492 intelide - ok
18:14:41.0101 3492 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:14:41.0101 3492 intelppm - ok
18:14:41.0117 3492 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:41.0117 3492 IpFilterDriver - ok
18:14:41.0132 3492 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:14:41.0132 3492 IPMIDRV - ok
18:14:41.0148 3492 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:14:41.0148 3492 IPNAT - ok
18:14:41.0195 3492 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:14:41.0195 3492 IRENUM - ok
18:14:41.0210 3492 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:14:41.0210 3492 isapnp - ok
18:14:41.0226 3492 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:14:41.0226 3492 iScsiPrt - ok
18:14:41.0241 3492 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:41.0241 3492 kbdclass - ok
18:14:41.0257 3492 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:14:41.0257 3492 kbdhid - ok
18:14:41.0288 3492 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:14:41.0288 3492 KSecDD - ok
18:14:41.0304 3492 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:14:41.0304 3492 KSecPkg - ok
18:14:41.0335 3492 KUSBusByTCP (42c6e99f58dd9dea6911f0803109a21a) C:\Windows\system32\Drivers\KUSBusByTCP.sys
18:14:41.0382 3492 KUSBusByTCP - ok
18:14:41.0429 3492 KUSBusByTCPMasterBus (3411b9bbad2d937205ebb72d00f63435) C:\Windows\system32\Drivers\KUSBusByTCPMasterBus.sys
18:14:41.0460 3492 KUSBusByTCPMasterBus - ok
18:14:41.0507 3492 Lavasoft Kernexplorer - ok
18:14:41.0522 3492 Lbd - ok
18:14:41.0553 3492 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:14:41.0553 3492 lltdio - ok
18:14:41.0569 3492 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:14:41.0569 3492 LSI_FC - ok
18:14:41.0585 3492 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:14:41.0585 3492 LSI_SAS - ok
18:14:41.0600 3492 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:14:41.0600 3492 LSI_SAS2 - ok
18:14:41.0631 3492 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:14:41.0631 3492 LSI_SCSI - ok
18:14:41.0663 3492 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:14:41.0663 3492 luafv - ok
18:14:41.0678 3492 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:14:41.0678 3492 megasas - ok
18:14:41.0694 3492 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:41.0694 3492 MegaSR - ok
18:14:41.0694 3492 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:14:41.0709 3492 Modem - ok
18:14:41.0725 3492 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:14:41.0725 3492 monitor - ok
18:14:41.0756 3492 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:14:41.0756 3492 mouclass - ok
18:14:41.0772 3492 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:14:41.0772 3492 mouhid - ok
18:14:41.0819 3492 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:14:41.0819 3492 mountmgr - ok
18:14:41.0865 3492 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:14:41.0865 3492 MpFilter - ok
18:14:41.0881 3492 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:14:41.0897 3492 mpio - ok
18:14:41.0975 3492 MpKsl63a20a54 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08EBCFE9-36CB-43B2-AE5E-90D1111F9B46}\MpKsl63a20a54.sys
18:14:41.0975 3492 MpKsl63a20a54 - ok
18:14:42.0006 3492 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:14:42.0006 3492 MpNWMon - ok
18:14:42.0037 3492 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:14:42.0037 3492 mpsdrv - ok
18:14:42.0068 3492 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:14:42.0068 3492 MRxDAV - ok
18:14:42.0099 3492 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:42.0099 3492 mrxsmb - ok
18:14:42.0146 3492 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:42.0146 3492 mrxsmb10 - ok
18:14:42.0193 3492 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:42.0193 3492 mrxsmb20 - ok
18:14:42.0224 3492 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:14:42.0224 3492 msahci - ok
18:14:42.0240 3492 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:14:42.0255 3492 msdsm - ok
18:14:42.0287 3492 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:14:42.0287 3492 Msfs - ok
18:14:42.0349 3492 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:14:42.0349 3492 mshidkmdf - ok
18:14:42.0349 3492 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:14:42.0349 3492 msisadrv - ok
18:14:42.0380 3492 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:14:42.0380 3492 MSKSSRV - ok
18:14:42.0427 3492 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:42.0427 3492 MSPCLOCK - ok
18:14:42.0443 3492 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:14:42.0458 3492 MSPQM - ok
18:14:42.0474 3492 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:14:42.0474 3492 MsRPC - ok
18:14:42.0474 3492 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:14:42.0489 3492 mssmbios - ok
18:14:42.0489 3492 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:14:42.0489 3492 MSTEE - ok
18:14:42.0505 3492 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:42.0505 3492 MTConfig - ok
18:14:42.0521 3492 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:14:42.0521 3492 Mup - ok
18:14:42.0552 3492 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:14:42.0552 3492 NativeWifiP - ok
18:14:42.0583 3492 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:14:42.0599 3492 NDIS - ok
18:14:42.0630 3492 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:42.0630 3492 NdisCap - ok
18:14:42.0645 3492 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:42.0645 3492 NdisTapi - ok
18:14:42.0677 3492 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:42.0677 3492 Ndisuio - ok
18:14:42.0708 3492 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:42.0708 3492 NdisWan - ok
18:14:42.0723 3492 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:14:42.0723 3492 NDProxy - ok
18:14:42.0755 3492 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:14:42.0755 3492 NetBIOS - ok
18:14:42.0786 3492 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:14:42.0786 3492 NetBT - ok
18:14:42.0833 3492 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:42.0833 3492 nfrd960 - ok
18:14:42.0879 3492 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:14:42.0879 3492 NisDrv - ok
18:14:42.0911 3492 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:14:42.0911 3492 Npfs - ok
18:14:42.0926 3492 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:14:42.0926 3492 nsiproxy - ok
18:14:42.0973 3492 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:14:42.0989 3492 Ntfs - ok
18:14:43.0004 3492 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:14:43.0004 3492 Null - ok
18:14:43.0207 3492 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:14:43.0285 3492 nvlddmkm - ok
18:14:43.0347 3492 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:14:43.0347 3492 nvraid - ok
18:14:43.0363 3492 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:14:43.0363 3492 nvstor - ok
18:14:43.0394 3492 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:14:43.0394 3492 nv_agp - ok
18:14:43.0425 3492 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:14:43.0425 3492 ohci1394 - ok
18:14:43.0457 3492 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:14:43.0457 3492 Parport - ok
18:14:43.0488 3492 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:14:43.0488 3492 partmgr - ok
18:14:43.0503 3492 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:14:43.0503 3492 Parvdm - ok
18:14:43.0519 3492 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:14:43.0519 3492 pci - ok
18:14:43.0535 3492 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:14:43.0535 3492 pciide - ok
18:14:43.0550 3492 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:43.0566 3492 pcmcia - ok
18:14:43.0566 3492 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:14:43.0566 3492 pcw - ok
18:14:43.0597 3492 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:14:43.0597 3492 PEAUTH - ok
18:14:43.0644 3492 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:14:43.0644 3492 PptpMiniport - ok
18:14:43.0659 3492 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:14:43.0659 3492 Processor - ok
18:14:43.0737 3492 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:14:43.0737 3492 Psched - ok
18:14:43.0769 3492 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:14:43.0769 3492 PxHelp20 - ok
18:14:43.0800 3492 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:14:43.0815 3492 ql2300 - ok
18:14:43.0847 3492 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:43.0847 3492 ql40xx - ok
18:14:43.0862 3492 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:14:43.0862 3492 QWAVEdrv - ok
18:14:43.0878 3492 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:14:43.0878 3492 RasAcd - ok
18:14:43.0893 3492 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:43.0893 3492 RasAgileVpn - ok
18:14:43.0909 3492 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:43.0909 3492 Rasl2tp - ok
18:14:43.0940 3492 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:43.0940 3492 RasPppoe - ok
18:14:43.0956 3492 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:14:43.0956 3492 RasSstp - ok
18:14:43.0987 3492 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:14:43.0987 3492 rdbss - ok
18:14:44.0018 3492 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:44.0018 3492 rdpbus - ok
18:14:44.0049 3492 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:44.0049 3492 RDPCDD - ok
18:14:44.0096 3492 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:14:44.0096 3492 RDPDR - ok
18:14:44.0127 3492 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:14:44.0127 3492 RDPENCDD - ok
18:14:44.0143 3492 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:14:44.0143 3492 RDPREFMP - ok
18:14:44.0174 3492 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:14:44.0174 3492 RDPWD - ok
18:14:44.0205 3492 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:14:44.0205 3492 rdyboost - ok
18:14:44.0252 3492 rootrepeal - ok
18:14:44.0283 3492 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:14:44.0283 3492 rspndr - ok
18:14:44.0330 3492 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:14:44.0330 3492 RTL8167 - ok
18:14:44.0361 3492 RxFilter (c3f676bfb12292ffbc5b5fe4c8daf2d4) C:\Windows\system32\DRIVERS\RxFilter.sys
18:14:44.0361 3492 RxFilter - ok
18:14:44.0393 3492 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:14:44.0393 3492 s3cap - ok
18:14:44.0439 3492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:14:44.0455 3492 SASDIFSV - ok
18:14:44.0455 3492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:14:44.0455 3492 SASKUTIL - ok
18:14:44.0517 3492 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:14:44.0517 3492 scfilter - ok
18:14:44.0564 3492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:14:44.0564 3492 secdrv - ok
18:14:44.0595 3492 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:14:44.0595 3492 Serenum - ok
18:14:44.0611 3492 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:14:44.0611 3492 Serial - ok
18:14:44.0627 3492 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:14:44.0627 3492 sermouse - ok
18:14:44.0658 3492 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:14:44.0658 3492 sffdisk - ok
18:14:44.0673 3492 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:14:44.0673 3492 sffp_mmc - ok
18:14:44.0689 3492 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:14:44.0689 3492 sffp_sd - ok
18:14:44.0705 3492 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:44.0705 3492 sfloppy - ok
18:14:44.0720 3492 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:14:44.0720 3492 sisagp - ok
18:14:44.0751 3492 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:44.0751 3492 SiSRaid2 - ok
18:14:44.0767 3492 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:44.0767 3492 SiSRaid4 - ok
18:14:44.0783 3492 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:14:44.0783 3492 Smb - ok
18:14:44.0814 3492 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:14:44.0829 3492 spldr - ok
18:14:44.0861 3492 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:14:44.0861 3492 srv - ok
18:14:44.0923 3492 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:14:44.0923 3492 srv2 - ok
18:14:44.0939 3492 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:14:44.0939 3492 srvnet - ok
18:14:44.0970 3492 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:14:44.0970 3492 stexstor - ok
18:14:45.0001 3492 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:14:45.0001 3492 storflt - ok
18:14:45.0032 3492 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:14:45.0032 3492 storvsc - ok
18:14:45.0048 3492 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:14:45.0048 3492 swenum - ok
18:14:45.0110 3492 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:14:45.0110 3492 Tcpip - ok
18:14:45.0141 3492 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:14:45.0157 3492 TCPIP6 - ok
18:14:45.0188 3492 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:14:45.0188 3492 tcpipreg - ok
18:14:45.0204 3492 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:14:45.0204 3492 TDPIPE - ok
18:14:45.0219 3492 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:14:45.0219 3492 TDTCP - ok
18:14:45.0235 3492 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:14:45.0235 3492 tdx - ok
18:14:45.0251 3492 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:14:45.0251 3492 TermDD - ok
18:14:45.0282 3492 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:45.0297 3492 tssecsrv - ok
18:14:45.0313 3492 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:14:45.0313 3492 TsUsbFlt - ok
18:14:45.0375 3492 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:14:45.0375 3492 tunnel - ok
18:14:45.0407 3492 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:14:45.0407 3492 uagp35 - ok
18:14:45.0438 3492 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:14:45.0438 3492 udfs - ok
18:14:45.0500 3492 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:14:45.0500 3492 uliagpkx - ok
18:14:45.0516 3492 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:14:45.0516 3492 umbus - ok
18:14:45.0516 3492 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:14:45.0516 3492 UmPass - ok
18:14:45.0563 3492 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:45.0563 3492 usbccgp - ok
18:14:45.0578 3492 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:14:45.0578 3492 usbcir - ok
18:14:45.0594 3492 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:14:45.0594 3492 usbehci - ok
18:14:45.0609 3492 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:14:45.0625 3492 usbhub - ok
18:14:45.0641 3492 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:14:45.0641 3492 usbohci - ok
18:14:45.0656 3492 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:14:45.0656 3492 usbprint - ok
18:14:45.0687 3492 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:14:45.0687 3492 usbscan - ok
18:14:45.0734 3492 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
18:14:45.0734 3492 USBSTOR - ok
18:14:45.0750 3492 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:45.0750 3492 usbuhci - ok
18:14:45.0765 3492 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:14:45.0765 3492 vdrvroot - ok
18:14:45.0797 3492 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:45.0797 3492 vga - ok
18:14:45.0812 3492 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:14:45.0812 3492 VgaSave - ok
18:14:45.0828 3492 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:14:45.0828 3492 vhdmp - ok
18:14:45.0859 3492 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:14:45.0859 3492 viaagp - ok
18:14:45.0875 3492 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:14:45.0875 3492 ViaC7 - ok
18:14:45.0890 3492 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:14:45.0890 3492 viaide - ok
18:14:45.0921 3492 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:14:45.0921 3492 vmbus - ok
18:14:45.0921 3492 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:14:45.0921 3492 VMBusHID - ok
18:14:45.0953 3492 vmci (c560b5363ad494541deda5da539fb870) C:\Windows\system32\Drivers\vmci.sys
18:14:45.0953 3492 vmci - ok
18:14:46.0046 3492 vmkbd (45e341e59f14cd88a64fdbe74ed0dd13) C:\Windows\system32\drivers\VMkbd.sys
18:14:46.0062 3492 vmkbd - ok
18:14:46.0077 3492 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:14:46.0077 3492 VMnetAdapter - ok
18:14:46.0093 3492 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:14:46.0093 3492 VMnetBridge - ok
18:14:46.0109 3492 VMnetuserif (c4172c1661789d50f27e222288132a72) C:\Windows\system32\drivers\vmnetuserif.sys
18:14:46.0109 3492 VMnetuserif - ok
18:14:46.0124 3492 VMparport (c8f7ad7ad7785a4bc59bf4dfce5df13a) C:\Windows\system32\Drivers\VMparport.sys
18:14:46.0124 3492 VMparport - ok
18:14:46.0155 3492 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
18:14:46.0155 3492 vmusb - ok
18:14:46.0265 3492 vmx86 (2177f7269c6cc6a5657f1779eaa6c460) C:\Windows\system32\Drivers\vmx86.sys
18:14:46.0265 3492 vmx86 - ok
18:14:46.0280 3492 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:14:46.0280 3492 volmgr - ok
18:14:46.0311 3492 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:14:46.0311 3492 volmgrx - ok
18:14:46.0327 3492 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:14:46.0327 3492 volsnap - ok
18:14:46.0358 3492 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
18:14:46.0358 3492 vpcbus - ok
18:14:46.0389 3492 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:14:46.0389 3492 vpcnfltr - ok
18:14:46.0405 3492 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
18:14:46.0405 3492 vpcusb - ok
18:14:46.0421 3492 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
18:14:46.0421 3492 vpcvmm - ok
18:14:46.0452 3492 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:46.0452 3492 vsmraid - ok
18:14:46.0499 3492 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
18:14:46.0499 3492 vstor2-ws60 - ok
18:14:46.0514 3492 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:14:46.0514 3492 vwifibus - ok
18:14:46.0545 3492 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:14:46.0545 3492 WacomPen - ok
18:14:46.0592 3492 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0592 3492 WANARP - ok
18:14:46.0608 3492 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:46.0608 3492 Wanarpv6 - ok
18:14:46.0655 3492 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:14:46.0655 3492 Wd - ok
18:14:46.0670 3492 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:14:46.0670 3492 Wdf01000 - ok
18:14:46.0717 3492 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:46.0717 3492 WfpLwf - ok
18:14:46.0733 3492 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:14:46.0733 3492 WIMMount - ok
18:14:46.0795 3492 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:14:46.0795 3492 WmiAcpi - ok
18:14:46.0826 3492 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:14:46.0826 3492 ws2ifsl - ok
18:14:46.0857 3492 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:14:46.0857 3492 WudfPf - ok
18:14:46.0873 3492 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:46.0873 3492 WUDFRd - ok
18:14:46.0904 3492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:14:46.0904 3492 \Device\Harddisk0\DR0 - ok
18:14:46.0920 3492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:14:46.0920 3492 \Device\Harddisk1\DR1 - ok
18:14:46.0935 3492 Boot (0x1200) (adeadb6ca2f04926b3738c27da7d5ec0) \Device\Harddisk1\DR1\Partition0
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition0 - ok
18:14:46.0935 3492 Boot (0x1200) (edeb3fd0a5db3183f3965b37982b277c) \Device\Harddisk1\DR1\Partition1
18:14:46.0935 3492 \Device\Harddisk1\DR1\Partition1 - ok
18:14:46.0935 3492 ============================================================
18:14:46.0935 3492 Scan finished
18:14:46.0935 3492 ============================================================
18:14:46.0951 3136 Detected object count: 0
18:14:46.0951 3136 Actual detected object count: 0
18:15:05.0967 3700 Deinitialize success

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:20 am

I did do my best to completely uninstall and delete all vestiges of the old Java install, then downloaded directly from sun and reinstalled.

So the entry point should have been eliminated. I have also disabled the update wizard for good measure.

Next?

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 7:23 pm

Please give me an update on your computer.

False Java Update notification - MS Antispyware - de-activated windows 7 etc

descriptionFalse Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:37 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:57 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 4:08 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 5:13 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 7:08 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 3:33 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:16 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:34 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:35 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:38 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 1:49 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 7:18 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 5:13 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 7:24 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc10th December 2011, 9:05 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 2:10 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:56 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:57 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 2:24 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 4:20 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 7:46 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:23 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:27 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:28 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc14th December 2011, 11:40 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 1:20 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 4:47 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:14 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:16 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:21 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 8:28 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 3:55 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:07 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:16 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:26 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:43 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 7:13 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 1:19 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 2:50 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:23 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:24 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:27 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:46 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:53 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 6:35 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:17 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:20 am

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 7:23 pm

descriptionRe: False Java Update notification - MS Antispyware - de-activated windows 7 etc

False Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:37 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc1st December 2011, 2:57 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 3:32 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 4:08 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 5:13 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc2nd December 2011, 7:08 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 3:33 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:16 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:34 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:35 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 4:38 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 1:49 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc7th December 2011, 7:18 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 5:13 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc8th December 2011, 7:24 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc10th December 2011, 9:05 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 2:10 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:56 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc11th December 2011, 10:57 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 2:24 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 4:20 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc12th December 2011, 7:46 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:23 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:27 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc13th December 2011, 2:28 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc14th December 2011, 11:40 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 1:20 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 4:47 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:14 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:16 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 5:21 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc15th December 2011, 8:28 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 3:55 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:07 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:16 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:26 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 4:43 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc16th December 2011, 7:13 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 1:19 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 2:50 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:23 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:24 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:27 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:46 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 3:53 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc17th December 2011, 6:35 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:17 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 1:20 am

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc20th December 2011, 7:23 pm

Re: False Java Update notification - MS Antispyware - de-activated windows 7 etc