Jump to content

trojan Sirefef.N


Recommended Posts

I found the trojan Sirefef.N at

file:C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

but I cannot delete the folder and mb doesn't detect it

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_24

Run by Dilys Yuen at 20:09:13 on 2013-01-05

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3486.794 [GMT -8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Microsoft SQL Server\MSSQL$ADMINDB\Binn\sqlservr.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Users\Dilys Yuen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\DllHost.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

c:\PROGRA~1\MI8079~1\msseces.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k PPTVServiceGroup

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople

uProxyOverride = local;*.local

uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: {ecce0073-a837-45a2-95b9-600420505f7e} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: {06433BFE-4946-4E89-823D-CD359C81CD06} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe

uRun: [Google Update] "c:\users\dilys yuen\appdata\local\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET CLR 3.0.04506; InfoPath.2; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; SLCC1; Tablet PC 2.0)" -"http://ippex.pppl.gov/interactive/energy/boilwater.html"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [uSB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe" 60

mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey

StartupFolder: c:\users\dilysy~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dilys yuen\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\dilysy~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:95

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{1464FBE0-B75C-47EB-AD32-86AE427378E3} : DHCPNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

TCP: Interfaces\{147ED1C3-38F7-44DE-A72D-A036B05EB6E2} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{18724F4C-74DA-40C3-8CB4-DA45DDDC1588} : DHCPNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

TCP: Interfaces\{18724F4C-74DA-40C3-8CB4-DA45DDDC1588}\9635D6162747 : DHCPNameServer = 192.168.0.1 0.0.0.0 0.0.0.0

TCP: Interfaces\{5DF86E61-47A5-44AF-9FB4-68D69267E484} : DHCPNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

TCP: Interfaces\{79301C7C-9AAC-40A0-A866-F1E87273BA24} : DHCPNameServer = 71.9.127.107 68.190.192.35 0.0.0.0

TCP: Interfaces\{949B6B5E-19F0-4E33-A7EF-5A9C6F9D3C2D} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

TCP: Interfaces\{94A3244A-C973-474A-965C-6680D53FEC74} : DHCPNameServer = 66.215.64.14 24.205.1.14 0.0.0.0

TCP: Interfaces\{BBDB1B81-5368-41A6-9320-2034FCE1F534} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - LocalServer32 - <no file>

Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - LocalServer32 - <no file>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\dilys yuen\appdata\roaming\mozilla\firefox\profiles\xmpmee2y.default\

FF - prefs.js: browser.search.defaulturl - Bing

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110907&q=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll

FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll

FF - plugin: c:\program files\internet explorer\pplite\plugin\1.0.1.1717\npplugin2.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\dilys yuen\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-12-30 532536]

R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-12-30 25656]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-6-30 13592]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-5-17 19056]

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2011-2-21 15784]

R1 MpKslb7419732;MpKslb7419732;c:\programdata\microsoft\microsoft antimalware\definition updates\{65e97108-3701-4490-b933-1ad11c09e2be}\MpKslb7419732.sys [2013-1-5 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/21 20:01:00];c:\program files\cyberlink\powerdvd9\000.fcl [2010-1-19 87536]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2011-2-21 163368]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-4 12672]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-9-12 20072]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-12-30 14904]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2011-12-8 423136]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-6-30 161560]

R2 MSSQL$ADMINDB;MSSQL$ADMINDB;c:\program files\microsoft sql server\mssql$admindb\binn\sqlservr.exe -sadmindb --> c:\program files\microsoft sql server\mssql$admindb\binn\sqlservr.exe -sADMINDB [?]

R2 PPTVService;PPTVService;c:\windows\system32\svchost.exe -k PPTVServiceGroup [2009-7-13 20992]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-10-5 237056]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-6 280576]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-6-30 347928]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-6-30 789272]

R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-6-30 46080]

R3 RAMDiskVE;RAMDiskVE;c:\windows\system32\drivers\RamDiskVE.sys [2012-9-6 56320]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-9-15 394856]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-21 31104]

S2 CLKMSVC10_E92D8507;CyberLink Product - 2011/09/17 21:01:17;c:\program files\cyberlink\powerdvd9\navfilter\kmsvc.exe [2010-11-18 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-1-5 1500160]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 CM1023264;C-Media CM102 Like Sound UDAX Interface;c:\windows\system32\drivers\CM102.sys [2007-3-16 1308160]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-5-25 41600]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-3-7 64896]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-10 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2010-2-12 57840]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-1-5 31560]

S3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-5 138864]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-11-23 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-11-23 79104]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

S3 PCAlertDriver;PCAlertDriver;c:\progra~1\msi\msiwdev\NTGLM7X.sys [2006-6-7 27648]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-1 15872]

S3 SQLAgent$ADMINDB;SQLAgent$ADMINDB;c:\program files\microsoft sql server\mssql$admindb\binn\sqlagent.exe -i admindb --> c:\program files\microsoft sql server\mssql$admindb\binn\sqlagent.EXE -i ADMINDB [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-1 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]

S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [2008-4-14 17920]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== File Associations ===============

.

ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"

.

=============== Created Last 30 ================

.

2013-01-06 04:06:38 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{65e97108-3701-4490-b933-1ad11c09e2be}\offreg.dll

2013-01-06 04:03:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{65e97108-3701-4490-b933-1ad11c09e2be}\MpKslb7419732.sys

2013-01-06 03:58:50 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-01-06 03:58:50 138864 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-05 23:16:47 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{65e97108-3701-4490-b933-1ad11c09e2be}\mpengine.dll

2013-01-05 19:15:03 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-05 01:04:26 -------- d-----w- c:\users\dilys yuen\appdata\local\{4BCC7B1B-4558-415B-9CF7-B13430FDD2D9}

2013-01-02 01:31:27 -------- d-----w- c:\users\dilys yuen\appdata\local\Paraken Technology Co., Ltd

2013-01-02 01:31:18 -------- d-----w- c:\program files\Musemage

2012-12-30 19:04:28 -------- d-----w- c:\program files\common files\Intel Corporation

2012-12-30 19:03:05 -------- d-----w- c:\users\dilys yuen\appdata\roaming\Intel Corporation

2012-12-30 18:58:35 532536 ----a-w- c:\windows\system32\drivers\iaStorA.sys

2012-12-30 18:58:35 25656 ----a-w- c:\windows\system32\drivers\iaStorF.sys

2012-12-27 17:55:51 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-23 02:36:24 -------- d-----w- c:\users\dilys yuen\appdata\local\{50D56C07-90B5-4C00-B2E6-A2CD503CC790}

2012-12-22 00:43:58 -------- d-----w- c:\users\dilys yuen\appdata\local\{439EA8AA-8846-4D4A-8178-883BB055E063}

2012-12-21 17:57:10 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 17:57:10 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-19 18:06:10 -------- d-----w- c:\users\dilys yuen\appdata\local\{7A550B5E-6442-4DAA-BA70-1E01D27F77C9}

2012-12-14 00:33:01 -------- d-----w- c:\users\dilys yuen\appdata\local\{6E1FE297-3324-4121-8955-AD207271A9D2}

2012-12-12 18:08:51 -------- d-----w- c:\users\dilys yuen\appdata\local\{255F00CC-72C2-4755-BC73-09210173E4D8}

2012-12-10 18:20:13 -------- d-----w- c:\users\dilys yuen\appdata\roaming\ConverterLite

2012-12-10 18:20:13 -------- d-----w- c:\program files\ConverterLite

2012-12-09 01:41:53 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-09 01:41:53 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-09 01:41:53 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-09 01:41:35 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-09 01:41:34 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-09 01:41:34 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-09 01:41:34 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-09 01:41:34 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-09 01:41:34 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-09 01:41:34 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-09 00:03:55 8192 ----a-w- c:\windows\system32\iisrstap.dll

.

==================== Find3M ====================

.

2012-12-30 02:15:39 338944 ----a-w- c:\windows\system32\drivers\AFD.SYS

2012-12-12 02:57:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 02:57:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-22 02:56:02 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-25 11:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-18 17:30:44 60304 ----a-w- c:\users\dilys yuen\g2mdlhlpx.exe

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

.

============= FINISH: 20:09:27.15 ===============

attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 10/15/2009 8:03:51 PM

System Uptime: 1/5/2013 8:03:35 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | B75M-D3H

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 231 GiB total, 144.586 GiB free.

D: is CDROM ()

E: is FIXED (FAT32) - 1 GiB total, 0.975 GiB free.

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

@BIOS

µTorrent

32 Bit HP CIO Components Installer

7-Zip 4.65

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

Advertising Center

Air Video Server 2.4.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bass Audio Decoder (remove only)

Bing Bar

Bing Maps 3D

Bing Rewards Client Installer

Bonjour

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 1.0

Canon MX700 series

CCleaner

CD Audio Reader Filter (remove only)

Cisco Connect

ConverterLite 1.6.2

CPUID CPU-Z 1.62

CPUID HWMonitor 1.16

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink InstantBurn

CyberLink LabelPrint

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerBackup

CyberLink PowerDVD 9

CyberLink PowerProducer

D3DX10

DCoder Image Source (remove only)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectVobSub (remove only)

DolbyFiles

Dropbox

DScaler 5 Mpeg Decoders

Etron USB3.0 Host Controller

FFMPEG Core Files (remove only)

Google Chrome

GoToMeeting 5.1.0.880

HandBrake 0.9.6

HP USB Disk Storage Format Tool

iCloud

ImagXpress

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® PRO Network Adapters and Drivers

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

LocationFree Player

Logitech SetPoint 5.20

MapleStory

Menu Templates - Starter Kit

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Suite 2006

Microsoft Digital Image Suite 2006 Editor

Microsoft Digital Image Suite 2006 Library

Microsoft Image Composite Editor

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MobileMe Control Panel

Movie Templates - Starter Kit

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSDE for AdminDB

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Musemage

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

NVIDIA 3D Vision Driver 266.58

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

ON_OFF Charge B11.1102.1

OpenMG Limited Patch 4.7-07-13-24-01

OpenMG Secure Module 4.7.00

PDF Settings CS5

PenpowerJR

PPLite 1.0.0.106

PPTV V3.1.8.0039

QuickBooks Product Listing Service

QuickTime

RAMDisk

RealMedia (remove only)

Realtek Ethernet Controller Driver

redist

Remote Mouse version 1.09

Rhapsody Player Engine

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SHOUTcast Source (remove only)

Simple Start Entice

Skype Toolbars

Skype™ 5.10

Spelling Dictionaries Support For Adobe Reader 9

Steam

StreetSmart Edge

StreetSmart Pro

SUPERAntiSpyware

SupportSoft Assisted Service

System Requirements Lab

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Viewpoint Media Player

WD SmartWare Drive Manager

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Windows XP Mode

WinRAR archiver

WinX Bluray DVD iPad Ripper 4.5.0

Xvid 1.2.2 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

12/29/2012 6:18:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80004005 Error description: Unspecified error Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/29/2012 5:31:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/29/2012 5:31:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/29/2012 5:31:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/29/2012 5:28:11 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

12/29/2012 5:28:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

12/29/2012 5:22:10 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

12/29/2012 5:22:10 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

12/29/2012 5:22:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/29/2012 5:21:42 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/29/2012 11:00:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/29/2012 10:50:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

12/29/2012 10:48:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2718.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

12/29/2012 10:39:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/5/2013 8:47:24 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 8:06:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 8:06:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 8:04:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2834687602/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

1/5/2013 8:04:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

1/5/2013 8:04:09 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

1/5/2013 8:03:37 PM, Error: volmgr [46] - Crash dump initialization failed!

1/5/2013 6:21:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: C:\Windows\explorer.exe Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 5:53:23 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Dilys Yuen\AppData\Roaming\Dropbox\bin\Dropbox.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 5:48:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 5:48:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 4:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 4:34:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 3:52:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 3:52:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3235.0, AS: 1.141.3235.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 2:59:37 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3230.0, AS: 1.141.3230.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 12:02:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3230.0, AS: 1.141.3230.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/5/2013 12:02:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3230.0, AS: 1.141.3230.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 9:25:08 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3065.0, AS: 1.141.3065.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 2:01:30 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 12:14:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 11:49:25 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 11:49:25 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: THOMASYUEN\Dilys Yuen Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 11:10:26 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Action: Remove Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 11:10:26 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: THOMASYUEN\Dilys Yuen Process Name: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/4/2013 10:27:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3155.0, AS: 1.141.3155.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/3/2013 7:58:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3065.0, AS: 1.141.3065.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/3/2013 2:03:28 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3065.0, AS: 1.141.3065.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

1/3/2013 1:00:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.N&threatid=2147657114 Name: Trojan:WinNT/Sirefef.N ID: 2147657114 Severity: Severe Category: Trojan Path: file:_C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.141.3065.0, AS: 1.141.3065.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9002.0, NIS: 2.1.8904.0

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using the Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt.

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select Computer, find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to the disclaimer.

    [*]Press the Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.