Jump to content


Photo

Computer running rediculously slow


  • This topic is locked This topic is locked
22 replies to this topic

#1 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 23 November 2011 - 06:47 PM

well, at a loss. xp vista, 2gb ram, Ive run malware bytes, no issues found, running avast, have done a bootime scan, no issues, ran spybot too, and have just finished running advanced system care. It appears i am using all of my cpu and memory... thanks in advance. here is my hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:38:34 PM, on 11/23/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\IObit\Advanced SystemCare 5\DiskScan.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6019 bytes

#2 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 27 November 2011 - 04:12 PM

Hello steverino and :wp:

My name is JonTom
  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets take a closer look at your system with the following scans:
  • Please perform the following scan
  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • Please scan your system with GMER


    Posted Image
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Right click on GMER.exe and select "Run as Administrator" to run the program. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please post the DDS logs and the GMER log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#3 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 28 November 2011 - 06:13 PM

DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Steve at 16:51:52 on 2011-11-28 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.830 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Program FilesIObitAdvanced SystemCare 5ASCService.exe C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k secsvcs C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32SLsvc.exe C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32Dwm.exe C:Windowssystem32WLANExt.exe C:Program FilesAlwil SoftwareAvast5AvastSvc.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesWindows DefenderMSASCui.exe C:Program FilesAlwil SoftwareAvast5AvastUI.exe C:WINDOWSSystem32hkcmd.exe C:WINDOWSSystem32igfxpers.exe C:Program FilesCommon FilesJavaJava Updatejusched.exe C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe C:UsersSteveAppDataRoamingDropboxbinDropbox.exe C:Windowssystem32igfxsrvc.exe C:Program FilesGoogleChromeApplicationchrome.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Windowssystem32taskeng.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Windowssystem32SearchIndexer.exe C:Windowssystem32DRIVERSxaudio.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program FilesSpybot - Search & DestroySDWinSec.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program FilesWindows Media Playerwmpnetwk.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesCommon FilesJavaJava Updatejucheck.exe C:Program FilesIObitAdvanced SystemCare 5ASC.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesMozilla Firefoxfirefox.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:program filesalwil softwareavast5aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:program filesalwil softwareavast5aswWebRepIE.dll uRun: [Advanced SystemCare 5] "c:program filesiobitadvanced systemcare 5ASCTray.exe" /AutoStart mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide mRun: [avast] "c:program filesalwil softwareavast5avastUI.exe" /nogui mRun: [IgfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Persistence] c:windowssystem32igfxpers.exe mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe" mRun: [IJNetworkScanUtility] c:program filescanoncanon ij network scan utilityCNMNSUT.exe StartupFolder: c:userssteveappdataroamingmicros~1windowsstartm~1programsstartupdropbox.lnk - c:userssteveappdataroamingdropboxbinDropbox.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:progra~1micros~3office10EXCEL.EXE/3000 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces{080D02E3-EF52-44E6-8F92-AECC44CDD57C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:userssteveappdataroamingmozillafirefoxprofilesboipdrpz.default FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesgooglepicasa3npPicasa3.dll FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2011-4-2 442200] R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-3-22 320856] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program filesiobitadvanced systemcare 5ASCService.exe [2011-11-23 490840] R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-3-22 20568] R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-3-22 54616] R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-3-22 44768] R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2010-3-22 1153368] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2008-6-30 112128] R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2008-1-20 16896] R3 WSDScan;WSD Scan Support via UMB;c:windowssystem32driversWSDScan.sys [2010-3-22 19968] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504] S4 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2011-6-6 64952] S4 Com4QLBEx;Com4QLBEx;c:program fileshewlett-packardhp quick launch buttonsCom4QLBEx.exe [2008-7-26 193840] S4 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-3-22 133104] S4 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2010-3-22 133104] S4 Recovery Service for Windows;Recovery Service for Windows;c:windowssminstBLService.exe [2008-7-26 361808] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2010-3-22 24652] S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2011-11-25 15:25:37 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{c1772321-549e-4321-9143-7e645c33495e}offreg.dll 2011-11-25 15:25:36 6668624 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{c1772321-549e-4321-9143-7e645c33495e}mpengine.dll 2011-11-24 00:12:42 20312 ----a-w- c:windowssystem32RegistryDefragBootTime.exe 2011-11-23 23:31:50 388096 ----a-r- c:userssteveappdataroamingmicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe 2011-11-23 23:31:44 -------- d-----w- c:program filesTrend Micro 2011-11-09 14:03:07 905088 ----a-w- c:windowssystem32driverstcpip.sys 2011-11-09 14:03:03 2409784 ----a-w- c:program fileswindows mailOESpamFilter.dat 2011-11-09 14:03:00 707584 ----a-w- c:program filescommon filessystemwab32.dll . ==================== Find3M ==================== . 2011-10-24 19:29:02 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:windowssystem32QuickTime.qts 2011-10-22 20:52:43 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-09-06 20:45:29 41184 ----a-w- c:windowsavastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:windowssystem32driversaswSnx.sys 2011-09-06 20:36:26 54616 ----a-w- c:windowssystem32driversaswMonFlt.sys 2011-09-06 13:30:12 2043392 ----a-w- c:windowssystem32win32k.sys 2011-09-01 02:35:59 1798144 ----a-w- c:windowssystem32jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:windowssystem32wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:windowssystem32mshtml.tlb 2011-08-31 22:00:50 22216 ----a-w- c:windowssystem32driversmbam.sys . ============= FINISH: 16:53:04.12 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Basic Boot Device: DeviceHarddiskVolume1 Install Date: 3/22/2010 8:23:09 PM System Uptime: 11/28/2011 3:08:20 AM (13 hours ago) . Motherboard: Wistron | | 360B Processor: Genuine Intel® CPU 575 @ 2.00GHz | CPU | 1995/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 140 GiB total, 87.453 GiB free. E: is FIXED (NTFS) - 9 GiB total, 1.641 GiB free. F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP412: 10/22/2011 4:43:57 PM - IObit Uninstaller restore point RP414: 10/22/2011 4:48:22 PM - IObit Uninstaller restore point RP415: 10/22/2011 4:49:52 PM - Removed Google Earth Plug-in. RP416: 10/22/2011 4:50:46 PM - Windows Update RP418: 10/22/2011 5:00:34 PM - Removed NetWaiting RP420: 10/22/2011 5:01:06 PM - Removed NetWaiting RP422: 10/22/2011 5:02:11 PM - Removed muvee autoProducer 6.1 RP424: 10/22/2011 5:05:40 PM - Configured PowerDirector RP425: 10/26/2011 8:08:25 PM - Windows Update RP426: 10/29/2011 5:42:40 PM - Windows Update RP427: 11/2/2011 10:27:38 AM - Windows Update RP428: 11/3/2011 2:39:46 PM - Scheduled Checkpoint RP429: 11/5/2011 1:38:42 PM - Windows Update RP430: 11/9/2011 8:59:00 AM - Windows Update RP431: 11/10/2011 3:00:25 AM - Windows Update RP432: 11/11/2011 12:00:06 AM - Scheduled Checkpoint RP433: 11/11/2011 1:07:25 AM - Windows Update RP434: 11/11/2011 3:00:11 AM - Windows Update RP435: 11/15/2011 5:10:00 PM - Windows Update RP436: 11/17/2011 6:18:44 PM - Scheduled Checkpoint RP437: 11/19/2011 9:09:33 AM - Windows Update RP438: 11/22/2011 6:31:05 PM - Windows Update RP439: 11/23/2011 6:29:39 PM - Installed HiJackThis RP440: 11/25/2011 10:24:35 AM - Windows Update . ==== Installed Programs ====================== . Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Adobe Shockwave Player Adobe Shockwave Player 11.6 Advanced SystemCare 5 Apple Application Support Apple Software Update Atheros Driver Installation Program avast! Free Antivirus BatteryBar (remove only) Canon IJ Network Scan Utility Canon IJ Network Tool Canon MX320 series MP Drivers Canon MX320 series User Registration Canon MX350 series MP Drivers Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Conexant HD Audio D3DX10 Dropbox ESU for Microsoft Vista Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Help and Support HP Quick Launch Buttons 6.40 F1 HP QuickPlay 3.7 HP Total Care Advisor HP Update HP User Guides 0121 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPTCSSetup Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 26 Malwarebytes' Anti-Malware version 1.51.2.1300 Mesh Runtime Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office XP Professional with FrontPage Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 6.0.2 (x86 en-US) Mozilla Thunderbird (6.0) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My HP Games Paint.NET v3.5.8 Picasa 3 QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Segoe UI SmartMusic 2011a Spybot - Search & Destroy SpywareBlaster 4.4 swMSM Synaptics Pointing Device Driver Tux Paint 0.9.21c Tux Paint Stamps 2009-06-28 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) VLC media player 1.0.5 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 11/26/2011 3:52:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 11/25/2011 7:24:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 11/25/2011 10:18:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/25/2011 10:18:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/25/2011 10:17:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/25/2011 10:17:35 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MX320 series Printer with shared resource name Canon MX320 series Printer. Error 2114. The printer cannot be used by others on the network. 11/25/2011 10:17:35 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MX320 series FAX with shared resource name Canon MX320 series FAX. Error 2114. The printer cannot be used by others on the network. 11/25/2011 10:17:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:15:56 AM on 11/25/2011 was unexpected. 11/24/2011 9:42:23 PM, Error: EventLog [6008] - The previous system shutdown at 1:58:14 PM on 11/24/2011 was unexpected. 11/23/2011 6:21:09 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/23/2011 6:11:47 PM, Error: Server [2505] - The server could not bind to the transport DeviceNetBT_Tcpip_{080D02E3-EF52-44E6-8F92-AECC44CDD57C} because another computer on the network has the same name. The server could not start. 11/23/2011 6:08:23 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.107 with the system having network hardware address 00-24-21-8B-B8-D7. Network operations on this system may be disrupted as a result. 11/23/2011 6:07:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. 11/23/2011 6:07:30 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/23/2011 2:58:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 11/23/2011 2:54:37 PM, Error: EventLog [6008] - The previous system shutdown at 9:58:37 PM on 11/22/2011 was unexpected. . ==== End Of File =========================== GMER: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-28 18:13:10 Windows 6.0.6002 Service Pack 2 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 WDC_WD1600BEVT-60ZCT0 rev.12.01A12 Running: gmer.exe; Driver: C:UsersSteveAppDataLocalTempugloypob.sys ---- System - GMER 1.0.15 ---- SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D96E374] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D970996] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D9709EE] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D970B04] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D9708EC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D970A3E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D970940] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D970AB2] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D96E398] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D96E162] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D96E3BC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D970EFC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D96EE54] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D9709C6] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D970A16] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D970B2E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D970918] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D970A7E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D97096E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D970ADC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D96ED1A] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D96E3E0] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D96E404] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D96E1BC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D96E2F8] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D96E2D4] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D96E31C] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D96E428] Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E1C59A6] Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 822C4890 4 Bytes [74, E3, 96, 8D] .text ntkrnlpa.exe!KeSetEvent + 1D1 822C4954 8 Bytes [96, 09, 97, 8D, EE, 09, 97, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 822C4960 4 Bytes [04, 0B, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 1F5 822C4978 4 Bytes [EC, 08, 97, 8D] .text ntkrnlpa.exe!KeSetEvent + 215 822C4998 8 Bytes [3E, 0A, 97, 8D, 40, 09, 97, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823EF62F 5 Bytes JMP 8E1C13DE SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82448543 5 Bytes JMP 8E1C2E84 SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82451E68 4 Bytes CALL 8D96F4C5 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82455ADC 4 Bytes CALL 8D96F4DB SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 824A9DCA 7 Bytes JMP 8E1C59AA SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 4537 968FFC90 5 Bytes JMP 8D9715E6 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 96918EC9 5 Bytes JMP 8D971FB2 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 96919CB5 5 Bytes JMP 8D972118 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 96922417 5 Bytes JMP 8D970F32 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9692336E 5 Bytes JMP 8D971D7E SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F6 9692EAA7 5 Bytes JMP 8D9714BC SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4569 9692FF1A 5 Bytes JMP 8D9710DA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119BE 96949A45 5 Bytes JMP 8D971326 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A12 96949A99 5 Bytes JMP 8D9714CC SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 96970A7E 5 Bytes JMP 8D971D0A SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 969733DD 5 Bytes JMP 8D970FFE SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 96979D2E 5 Bytes JMP 8D97114A SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B42 969841CC 5 Bytes JMP 8D9721BA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 969870B4 5 Bytes JMP 8D971016 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 81C 969A54D5 5 Bytes JMP 8D971EFA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6EC2 969ABB7B 5 Bytes JMP 8D971D54 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 969AF2EA 5 Bytes JMP 8D971E48 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 969B6C09 5 Bytes JMP 8D971096 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 969D51A4 5 Bytes JMP 8D971254 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 969DAA22 5 Bytes JMP 8D9711AE SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 969DE55A 5 Bytes JMP 8D972070 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 969FCA67 5 Bytes JMP 8D9711E4 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D229 96A09281 5 Bytes JMP 8D97128E SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:UsersSteveAppDataLocalTempmbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:Program FilesWindows DefenderMSASCui.exe[204] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8 .text C:Program FilesWindows DefenderMSASCui.exe[204] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC .text C:Program FilesWindows DefenderMSASCui.exe[204] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000703FC .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00070600 .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00071014 .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00070804 .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00070A08 .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00070C0C .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00070E10 .text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000701F8 .text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00080600 .text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00080804 .text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00080A08 .text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 000801F8 .text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 000803FC .text C:Program FilesAlwil SoftwareAvast5AvastUI.exe[212] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:WINDOWSSystem32hkcmd.exe[308] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8 .text C:WINDOWSSystem32hkcmd.exe[308] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC .text C:WINDOWSSystem32hkcmd.exe[308] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00280600 .text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00280804 .text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00280A08 .text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 002801F8 .text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 002803FC .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 002903FC .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00290600 .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00291014 .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00290804 .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00290A08 .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00290C0C .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00290E10 .text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 002901F8 .text C:WINDOWSSystem32igfxpers.exe[432] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8 .text C:WINDOWSSystem32igfxpers.exe[432] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC .text C:WINDOWSSystem32igfxpers.exe[432] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600 .text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804 .text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08 .text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8 .text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001903FC .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00190600 .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00191014 .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00190804 .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00190A08 .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00190C0C .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00190E10 .text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001901F8 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001601F8 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001603FC .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001703FC .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00170600 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00171014 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00170804 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00170A08 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00170C0C .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00170E10 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001701F8 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8 .text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] kernel32.dll!CreateThread + 1A 763FCB48 4 Bytes CALL 004553F1 C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe (Advanced SystemCare 5 Tray/IObit) .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001A03FC .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 001A0600 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 001A1014 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 001A0804 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 001A0A08 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 001A0C0C .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 001A0E10 .text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001A01F8 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00170600 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00170804 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00170A08 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001701F8 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001703FC .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001803FC .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00180600 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00181014 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00180804 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00180A08 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00180C0C .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00180E10 .text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001801F8 .text C:Windowssystem32csrss.exe[508] KERNEL32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32wininit.exe[552] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000301F8 .text C:Windowssystem32wininit.exe[552] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000303FC .text C:Windowssystem32wininit.exe[552] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001503FC .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00150600 .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00151014 .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00150804 .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00150A08 .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00150C0C .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00150E10 .text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001501F8 .text C:Windowssystem32wininit.exe[552] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00160600 .text C:Windowssystem32wininit.exe[552] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00160804 .text C:Windowssystem32wininit.exe[552] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00160A08 .text C:Windowssystem32wininit.exe[552] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001601F8 .text C:Windowssystem32wininit.exe[552] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001603FC .text C:Windowssystem32csrss.exe[560] KERNEL32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32winlogon.exe[592] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000301F8 .text C:Windowssystem32winlogon.exe[592] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000303FC .text C:Windowssystem32winlogon.exe[592] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000503FC .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00050600 .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00051014 .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00050804 .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00050A08 .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00050C0C .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00050E10 .text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000501F8 .text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00060600 .text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00060804 .text C:Windowssystem32winlogon.exe[592] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00060A08 .text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 000601F8 .text C:Windowssystem32winlogon.exe[592] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 000603FC .text C:Windowssystem32services.exe[640] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8 .text C:Windowssystem32services.exe[640] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC .text C:Windowssystem32services.exe[640] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32services.exe[640] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 005303FC .text C:Windowssystem32services.exe[640] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00530600 .text C:Windowssystem32services.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00531014 .text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00530804 .text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00530A08 .text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00530C0C .text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00530E10 .text C:Windowssystem32services.exe[640] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 005301F8 .text C:Windowssystem32services.exe[640] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00540600 .text C:Windowssystem32services.exe[640] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00540804 .text C:Windowssystem32services.exe[640] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00540A08 .text C:Windowssystem32services.exe[640] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 005401F8 .text C:Windowssystem32services.exe[640] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 005403FC .text C:Windowssystem32lsass.exe[652] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8 .text C:Windowssystem32lsass.exe[652] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC .text C:Windowssystem32lsass.exe[652] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62] .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000703FC .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00070600 .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00071014 .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00070804 .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00070A08 .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00070C0C .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00070E10 .text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000701F8 .text C:Windowss

#4 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 28 November 2011 - 07:10 PM

Hello steverino

Thank you for the logs.

Lets proceed as follows:
  • IOBIT Products
  • We note you are using one or more products from IOBit (Advanced SystemCare 5).
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Windows Orb" and then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • Combofix
  • Download ComboFix from one of the following locations:

    Link 1
    Link 2
  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the ComboFix log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#5 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 29 November 2011 - 04:53 PM

Hello steverino

You mentioned in your PM to me that you are having problems posting on the forums. If you have access to another machine you can use it to post the required information into this thread (if you can use another machine, please let me know, and what operating system it is running on XP, Vista etc).

Please make sure that Combofix.exe is placed directly onto your desktop (at the moment the executable is located in your downloads folder).

You also mentioned that it looked as though all of your CPU and memory were being used. Please open Task Manager by right clicking on your system tray and let me know the names of the process (or processes) that are taking up all of the CPU.
  • aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.

Posted Image

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

Please post the aswMBR log in your next reply, along with the process information.

Also, please let me know if you are experiencing any other symptoms besides the ones you have described (for example, browser redirects).
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#6 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 29 November 2011 - 08:34 PM

hey i got in, here is the aswmbr aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-29 18:22:45 ----------------------------- 18:22:45.151 OS Version: Windows 6.0.6002 Service Pack 2 18:22:45.151 Number of processors: 1 586 0xF0D 18:22:45.170 ComputerName: STEVE-PC UserName: Steve 18:23:02.612 Initialize success 18:23:04.273 AVAST engine defs: 11112902 18:24:00.198 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 18:24:00.200 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT0 12.01A12 Size: 152627MB BusType: 3 18:24:02.586 Disk 0 MBR read successfully 18:24:02.589 Disk 0 MBR scan 18:24:02.600 Disk 0 unknown MBR code 18:24:02.861 Disk 0 scanning sectors +312573952 18:24:03.499 Disk 0 scanning C:Windowssystem32drivers 18:26:18.623 Service scanning 18:26:27.266 Modules scanning 18:29:39.158 Disk 0 trace - called modules: 18:29:39.325 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys usbehci.sys HSX_CNXT.sys dxgkrnl.sys igdkmd32.sys ndis.sys athr.sys 18:29:39.329 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x85b36ac8] 18:29:39.334 3 CLASSPNP.SYS[880128b3] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0x84a0e030] 18:29:41.258 AVAST engine scan C:Windows 18:31:01.500 AVAST engine scan C:Windowssystem32 18:47:09.521 AVAST engine scan C:Windowssystem32drivers 18:47:48.737 AVAST engine scan C:UsersSteve 19:48:56.728 AVAST engine scan C:ProgramData 20:10:53.710 Scan finished successfully 20:28:49.828 Disk 0 MBR has been saved successfully to "C:UsersSteveDesktopMBR.dat" 20:28:49.851 The log file has been saved successfully to "C:UsersSteveDesktopaswMBR.txt"

#7 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 29 November 2011 - 08:36 PM

here is the combofix info ComboFix 11-11-28.02 - Steve 11/28/2011 19:37:12.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.708 [GMT -5:00] Running from: c:usersSteveDownloadsComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:programdatantuser.dat c:usersSteveDocuments~WRL0011.tmp c:usersSteveDocuments~WRL0887.tmp c:usersSteveDocuments~WRL2284.tmp c:usersSteveDocuments~WRL3258.tmp c:usersSteveDocuments~WRL3450.tmp c:usersSteveDocuments~WRL3930.tmp . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 ))))))))))))))))))))))))))))))) . . 2011-11-25 15:25 . 2011-11-25 15:25 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{C1772321-549E-4321-9143-7E645C33495E}offreg.dll 2011-11-25 15:25 . 2011-10-07 03:48 6668624 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{C1772321-549E-4321-9143-7E645C33495E}mpengine.dll 2011-11-24 00:12 . 2011-10-20 03:16 20312 ----a-w- c:windowssystem32RegistryDefragBootTime.exe 2011-11-23 23:31 . 2011-11-23 23:31 388096 ----a-r- c:usersSteveAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2011-11-23 23:31 . 2011-11-23 23:31 -------- d-----w- c:program filesTrend Micro 2011-11-09 14:03 . 2011-09-20 21:02 905088 ----a-w- c:windowssystem32driverstcpip.sys 2011-11-09 14:03 . 2011-10-17 11:41 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat 2011-11-09 14:03 . 2011-09-30 15:57 707584 ----a-w- c:program filesCommon FilesSystemwab32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:windowssystem32QuickTime.qts 2011-10-22 20:52 . 2011-05-29 00:16 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-09-06 20:45 . 2010-06-30 02:47 41184 ----a-w- c:windowsavastSS.scr 2011-09-06 20:45 . 2010-03-22 23:37 199304 ----a-w- c:windowssystem32aswBoot.exe 2011-09-06 20:38 . 2011-04-02 14:10 442200 ----a-w- c:windowssystem32driversaswSnx.sys 2011-09-06 20:37 . 2010-03-22 23:38 320856 ----a-w- c:windowssystem32driversaswSP.sys 2011-09-06 20:36 . 2010-03-22 23:38 34392 ----a-w- c:windowssystem32driversaswRdr.sys 2011-09-06 20:36 . 2010-03-22 23:38 52568 ----a-w- c:windowssystem32driversaswTdi.sys 2011-09-06 20:36 . 2010-03-22 23:38 54616 ----a-w- c:windowssystem32driversaswMonFlt.sys 2011-09-06 20:36 . 2010-03-22 23:38 20568 ----a-w- c:windowssystem32driversaswFsBlk.sys 2011-09-06 13:30 . 2011-10-12 00:31 2043392 ----a-w- c:windowssystem32win32k.sys 2011-09-01 02:35 . 2011-10-12 00:53 1798144 ----a-w- c:windowssystem32jscript9.dll 2011-09-01 02:28 . 2011-10-12 00:53 1126912 ----a-w- c:windowssystem32wininet.dll 2011-09-01 02:22 . 2011-10-12 00:53 2382848 ----a-w- c:windowssystem32mshtml.tlb 2011-08-31 22:00 . 2010-03-22 23:38 22216 ----a-w- c:windowssystem32driversmbam.sys 2011-09-11 18:47 . 2011-04-08 00:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:program filesAlwil SoftwareAvast5ashShell.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Advanced SystemCare 5"="c:program filesIObitAdvanced SystemCare 5ASCTray.exe" [2011-11-12 1647448] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1049896] "avast"="c:program filesAlwil SoftwareAvast5avastUI.exe" [2011-09-06 3722416] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-11 171032] "Persistence"="c:windowssystem32igfxpers.exe" [2011-02-11 172568] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-04-08 254696] "IJNetworkScanUtility"="c:program filesCanonCanon IJ Network Scan UtilityCNMNSUT.exe" [2010-08-23 206240] . c:usersSteveAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Dropbox.lnk - c:usersSteveAppDataRoamingDropboxbinDropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:programdataMicrosoftWindowsStart MenuProgramsStartupMicrosoft Office.lnk backup=c:windowspssMicrosoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM~startupfolderC:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DeskNotes.lnk] path=c:usersSteveAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDeskNotes.lnk backup=c:windowspssDeskNotes.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM] 2011-06-06 16:55 937920 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon] 2011-09-27 12:22 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Health Check Scheduler] 2008-10-09 11:58 75008 ----a-w- c:program filesHewlett-PackardHP Health CheckHPHC_Scheduler.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update] 2007-05-08 23:24 54840 ----a-w- c:program filesHPHP Software UpdatehpwuSchd2.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpWirelessAssistant] 2008-04-15 21:51 488752 ----a-w- c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl.exe] 2008-05-12 22:10 202032 ----a-w- c:program filesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQPService] 2008-06-12 05:17 468264 ----a-w- c:program filesHPQuickPlayQPService.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregShowBatteryBar] 2009-05-28 21:02 90624 ----a-w- c:program filesBatteryBarShowBatteryBar.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:program filesWindows Media Playerwmpnscfg.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3817289807-4157103151-2040133039-1000] "EnableNotificationsRef"=dword:00000002 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [2010-03-18 753504] R4 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2011-06-06 64952] R4 Com4QLBEx;Com4QLBEx;c:program filesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2008-04-03 193840] R4 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 133104] R4 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 133104] R4 Recovery Service for Windows;Recovery Service for Windows;c:windowsSMINSTBLService.exe [2008-04-26 361808] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesViewpointCommonViewpointService.exe [2007-01-04 24652] R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program filesIObitAdvanced SystemCare 5ASCService.exe [2011-11-11 490840] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2011-09-06 54616] S2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2008-06-30 112128] S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2008-01-21 16896] S3 WSDScan;WSD Scan Support via UMB;c:windowssystem32DRIVERSWSDScan.sys [2009-04-11 19968] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UGLOYPOB *Deregistered* - ugloypob . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-11-28 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 23:39] . 2011-11-29 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 23:39] . 2011-11-27 c:windowsTasksHPCeeScheduleForSteve.job - c:program fileshewlett-packardsdpceementHPCEE.exe [2008-07-26 03:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office10EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:usersSteveAppDataRoamingMozillaFirefoxProfilesboipdrpz.default FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:program filesAdobeReader 8.0ReaderReader_sl.exe MSConfigStartUp-Advanced SystemCare 4 - c:program filesIObitAdvanced SystemCare 4ASCTray.exe MSConfigStartUp-ccApp - c:program filesCommon FilesSymantec SharedccApp.exe MSConfigStartUp-hpqSRMon - c:program filesHPDigital ImagingbinhpqSRMon.exe MSConfigStartUp-isCfgWiz - c:program filesCommon FilesSymantec SharedOPC{C86EA115-FACD-4aa8-BFA2-398C677D0936}SYMCUW.exe MSConfigStartUp-Messenger (Yahoo!) - c:progra~1Yahoo!MessengerYahooMessenger.exe MSConfigStartUp-PocketCloud Location - c:program filesWysePocketCloud Windows CompanionWyseBrowser.exe MSConfigStartUp-tvncontrol - c:program filesTightVNCtvnserver.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-11-28 19:52:56 ComboFix-quarantined-files.txt 2011-11-29 00:52 . Pre-Run: 93,808,500,736 bytes free Post-Run: 93,656,817,664 bytes free . - - End Of File - - F5B095AE03FA02F80C7386CED767104D

#8 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 01 December 2011 - 08:30 PM

TDSS: 20:27:22.0660 4256 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 20:27:22.0837 4256 ============================================================ 20:27:22.0837 4256 Current date / time: 2011/12/01 20:27:22.0837 20:27:22.0837 4256 SystemInfo: 20:27:22.0837 4256 20:27:22.0837 4256 OS Version: 6.0.6002 ServicePack: 2.0 20:27:22.0837 4256 Product type: Workstation 20:27:22.0838 4256 ComputerName: STEVE-PC 20:27:22.0838 4256 UserName: Steve 20:27:22.0838 4256 Windows directory: C:Windows 20:27:22.0838 4256 System windows directory: C:Windows 20:27:22.0838 4256 Processor architecture: Intel x86 20:27:22.0838 4256 Number of processors: 1 20:27:22.0838 4256 Page size: 0x1000 20:27:22.0838 4256 Boot type: Normal boot 20:27:22.0838 4256 ============================================================ 20:27:24.0268 4256 Initialize success 20:27:37.0256 4736 ============================================================ 20:27:37.0256 4736 Scan started 20:27:37.0256 4736 Mode: Manual; 20:27:37.0256 4736 ============================================================ 20:27:39.0084 4736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:Windowssystem32driversacpi.sys 20:27:39.0091 4736 ACPI - ok 20:27:39.0139 4736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:Windowssystem32driversadp94xx.sys 20:27:39.0150 4736 adp94xx - ok 20:27:39.0175 4736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:Windowssystem32driversadpahci.sys 20:27:39.0185 4736 adpahci - ok 20:27:39.0200 4736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:Windowssystem32driversadpu160m.sys 20:27:39.0203 4736 adpu160m - ok 20:27:39.0220 4736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:Windowssystem32driversadpu320.sys 20:27:39.0223 4736 adpu320 - ok 20:27:39.0311 4736 AFD (3911b972b55fea0478476b2e777b29fa) C:Windowssystem32driversafd.sys 20:27:39.0317 4736 AFD - ok 20:27:39.0343 4736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:Windowssystem32driversagp440.sys 20:27:39.0346 4736 agp440 - ok 20:27:39.0358 4736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:Windowssystem32driversdjsvs.sys 20:27:39.0361 4736 aic78xx - ok 20:27:39.0380 4736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:Windowssystem32driversaliide.sys 20:27:39.0384 4736 aliide - ok 20:27:39.0404 4736 amdagp (c47344bc706e5f0b9dce369516661578) C:Windowssystem32driversamdagp.sys 20:27:39.0407 4736 amdagp - ok 20:27:39.0422 4736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:Windowssystem32driversamdide.sys 20:27:39.0423 4736 amdide - ok 20:27:39.0445 4736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:Windowssystem32driversamdk7.sys 20:27:39.0447 4736 AmdK7 - ok 20:27:39.0468 4736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:Windowssystem32DRIVERSamdk8.sys 20:27:39.0471 4736 AmdK8 - ok 20:27:39.0497 4736 arc (5d2888182fb46632511acee92fdad522) C:Windowssystem32driversarc.sys 20:27:39.0502 4736 arc - ok 20:27:39.0531 4736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:Windowssystem32driversarcsas.sys 20:27:39.0537 4736 arcsas - ok 20:27:39.0586 4736 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:Windowssystem32driversaswFsBlk.sys 20:27:39.0588 4736 aswFsBlk - ok 20:27:39.0607 4736 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:Windowssystem32driversaswMonFlt.sys 20:27:39.0609 4736 aswMonFlt - ok 20:27:39.0636 4736 aswRdr (36239e24470a3dd81fae37510953cc6c) C:Windowssystem32driversaswRdr.sys 20:27:39.0638 4736 aswRdr - ok 20:27:39.0664 4736 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:Windowssystem32driversaswSnx.sys 20:27:39.0686 4736 aswSnx - ok 20:27:39.0716 4736 aswSP (748ae7f2d7da33adb063fe05704a9969) C:Windowssystem32driversaswSP.sys 20:27:39.0726 4736 aswSP - ok 20:27:39.0744 4736 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:Windowssystem32driversaswTdi.sys 20:27:39.0746 4736 aswTdi - ok 20:27:39.0776 4736 AsyncMac (53b202abee6455406254444303e87be1) C:Windowssystem32DRIVERSasyncmac.sys 20:27:39.0777 4736 AsyncMac - ok 20:27:39.0817 4736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:Windowssystem32driversatapi.sys 20:27:39.0820 4736 atapi - ok 20:27:39.0889 4736 athr (600efe56f37adbd65a0fb076b50d1b8d) C:Windowssystem32DRIVERSathr.sys 20:27:39.0910 4736 athr - ok 20:27:39.0960 4736 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:Windowssystem32DRIVERSbcmwl6.sys 20:27:39.0980 4736 BCM43XV - ok 20:27:40.0005 4736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:Windowssystem32driversBeep.sys 20:27:40.0006 4736 Beep - ok 20:27:40.0056 4736 blbdrive (d4df28447741fd3d953526e33a617397) C:Windowssystem32driversblbdrive.sys 20:27:40.0058 4736 blbdrive - ok 20:27:40.0121 4736 bowser (35f376253f687bde63976ccb3f2108ca) C:Windowssystem32DRIVERSbowser.sys 20:27:40.0124 4736 bowser - ok 20:27:40.0144 4736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:Windowssystem32driversbrfiltlo.sys 20:27:40.0146 4736 BrFiltLo - ok 20:27:40.0173 4736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:Windowssystem32driversbrfiltup.sys 20:27:40.0174 4736 BrFiltUp - ok 20:27:40.0207 4736 Brserid (b304e75cff293029eddf094246747113) C:Windowssystem32driversbrserid.sys 20:27:40.0209 4736 Brserid - ok 20:27:40.0230 4736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:Windowssystem32driversbrserwdm.sys 20:27:40.0233 4736 BrSerWdm - ok 20:27:40.0258 4736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:Windowssystem32driversbrusbmdm.sys 20:27:40.0259 4736 BrUsbMdm - ok 20:27:40.0279 4736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:Windowssystem32driversbrusbser.sys 20:27:40.0281 4736 BrUsbSer - ok 20:27:40.0303 4736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:Windowssystem32driversbthmodem.sys 20:27:40.0308 4736 BTHMODEM - ok 20:27:40.0441 4736 catchme - ok 20:27:40.0473 4736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:Windowssystem32DRIVERScdfs.sys 20:27:40.0476 4736 cdfs - ok 20:27:40.0510 4736 cdrom (6b4bffb9becd728097024276430db314) C:Windowssystem32DRIVERScdrom.sys 20:27:40.0513 4736 cdrom - ok 20:27:40.0548 4736 circlass (e5d4133f37219dbcfe102bc61072589d) C:Windowssystem32driverscirclass.sys 20:27:40.0550 4736 circlass - ok 20:27:40.0588 4736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:Windowssystem32CLFS.sys 20:27:40.0596 4736 CLFS - ok 20:27:40.0627 4736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:Windowssystem32DRIVERSCmBatt.sys 20:27:40.0628 4736 CmBatt - ok 20:27:40.0651 4736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:Windowssystem32driverscmdide.sys 20:27:40.0653 4736 cmdide - ok 20:27:40.0683 4736 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:Windowssystem32driversCHDRT32.sys 20:27:40.0688 4736 CnxtHdAudService - ok 20:27:40.0721 4736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:Windowssystem32DRIVERScompbatt.sys 20:27:40.0723 4736 Compbatt - ok 20:27:40.0744 4736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:Windowssystem32driverscrcdisk.sys 20:27:40.0746 4736 crcdisk - ok 20:27:40.0777 4736 Crusoe (1f07becdca750766a96cda811ba86410) C:Windowssystem32driverscrusoe.sys 20:27:40.0779 4736 Crusoe - ok 20:27:40.0867 4736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:Windowssystem32Driversdfsc.sys 20:27:40.0869 4736 DfsC - ok 20:27:40.0933 4736 disk (5d4aefc3386920236a548271f8f1af6a) C:Windowssystem32driversdisk.sys 20:27:40.0935 4736 disk - ok 20:27:40.0968 4736 drmkaud (97fef831ab90bee128c9af390e243f80) C:Windowssystem32driversdrmkaud.sys 20:27:40.0969 4736 drmkaud - ok 20:27:41.0035 4736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:WindowsSystem32driversdxgkrnl.sys 20:27:41.0058 4736 DXGKrnl - ok 20:27:41.0082 4736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:Windowssystem32DRIVERSE1G60I32.sys 20:27:41.0086 4736 E1G60 - ok 20:27:41.0149 4736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:Windowssystem32driversecache.sys 20:27:41.0153 4736 Ecache - ok 20:27:41.0173 4736 elxstor (23b62471681a124889978f6295b3f4c6) C:Windowssystem32driverselxstor.sys 20:27:41.0183 4736 elxstor - ok 20:27:41.0230 4736 ErrDev (3db974f3935483555d7148663f726c61) C:Windowssystem32driverserrdev.sys 20:27:41.0231 4736 ErrDev - ok 20:27:41.0275 4736 exfat (22b408651f9123527bcee54b4f6c5cae) C:Windowssystem32driversexfat.sys 20:27:41.0281 4736 exfat - ok 20:27:41.0320 4736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:Windowssystem32driversfastfat.sys 20:27:41.0324 4736 fastfat - ok 20:27:41.0349 4736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:Windowssystem32DRIVERSfdc.sys 20:27:41.0351 4736 fdc - ok 20:27:41.0386 4736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:Windowssystem32driversfileinfo.sys 20:27:41.0388 4736 FileInfo - ok 20:27:41.0408 4736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:Windowssystem32driversfiletrace.sys 20:27:41.0410 4736 Filetrace - ok 20:27:41.0440 4736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:Windowssystem32DRIVERSflpydisk.sys 20:27:41.0441 4736 flpydisk - ok 20:27:41.0477 4736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:Windowssystem32driversfltmgr.sys 20:27:41.0483 4736 FltMgr - ok 20:27:41.0515 4736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:Windowssystem32driversFs_Rec.sys 20:27:41.0516 4736 Fs_Rec - ok 20:27:41.0548 4736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:Windowssystem32driversgagp30kx.sys 20:27:41.0551 4736 gagp30kx - ok 20:27:41.0617 4736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:Windowssystem32driversHdAudio.sys 20:27:41.0622 4736 HdAudAddService - ok 20:27:41.0695 4736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:Windowssystem32DRIVERSHDAudBus.sys 20:27:41.0816 4736 HDAudBus - ok 20:27:41.0950 4736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:Windowssystem32drivershidbth.sys 20:27:41.0952 4736 HidBth - ok 20:27:41.0978 4736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:Windowssystem32drivershidir.sys 20:27:41.0980 4736 HidIr - ok 20:27:42.0019 4736 HidUsb (854ca287ab7faf949617a788306d967e) C:Windowssystem32DRIVERShidusb.sys 20:27:42.0020 4736 HidUsb - ok 20:27:42.0047 4736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:Windowssystem32drivershpcisss.sys 20:27:42.0049 4736 HpCISSs - ok 20:27:42.0084 4736 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:Windowssystem32DRIVERSHpqKbFiltr.sys 20:27:42.0093 4736 HpqKbFiltr - ok 20:27:42.0171 4736 HSFHWAZL (46d67209550973257601a533e2ac5785) C:Windowssystem32DRIVERSVSTAZL3.SYS 20:27:42.0176 4736 HSFHWAZL - ok 20:27:42.0275 4736 HSF_DPV (cc267848cb3508e72762be65734e764d) C:Windowssystem32DRIVERSHSX_DPV.sys 20:27:42.0309 4736 HSF_DPV - ok 20:27:42.0341 4736 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:Windowssystem32DRIVERSHSXHWAZL.sys 20:27:42.0346 4736 HSXHWAZL - ok 20:27:42.0393 4736 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:Windowssystem32driversHTTP.sys 20:27:42.0405 4736 HTTP - ok 20:27:42.0434 4736 i2omp (c6b032d69650985468160fc9937cf5b4) C:Windowssystem32driversi2omp.sys 20:27:42.0439 4736 i2omp - ok 20:27:42.0457 4736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:Windowssystem32DRIVERSi8042prt.sys 20:27:42.0460 4736 i8042prt - ok 20:27:42.0490 4736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:Windowssystem32driversiastorv.sys 20:27:42.0496 4736 iaStorV - ok 20:27:42.0771 4736 igfx (dce0b53570703cce580d066f89ef58cd) C:Windowssystem32DRIVERSigdkmd32.sys 20:27:42.0982 4736 igfx - ok 20:27:43.0028 4736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:Windowssystem32driversiirsp.sys 20:27:43.0030 4736 iirsp - ok 20:27:43.0088 4736 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:Windowssystem32driversIntcHdmi.sys 20:27:43.0095 4736 IntcHdmiAddService - ok 20:27:43.0125 4736 intelide (83aa759f3189e6370c30de5dc5590718) C:Windowssystem32driversintelide.sys 20:27:43.0127 4736 intelide - ok 20:27:43.0152 4736 intelppm (224191001e78c89dfa78924c3ea595ff) C:Windowssystem32DRIVERSintelppm.sys 20:27:43.0155 4736 intelppm - ok 20:27:43.0208 4736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:Windowssystem32DRIVERSipfltdrv.sys 20:27:43.0211 4736 IpFilterDriver - ok 20:27:43.0238 4736 IpInIp - ok 20:27:43.0270 4736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:Windowssystem32driversipmidrv.sys 20:27:43.0272 4736 IPMIDRV - ok 20:27:43.0312 4736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:Windowssystem32DRIVERSipnat.sys 20:27:43.0315 4736 IPNAT - ok 20:27:43.0356 4736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:Windowssystem32driversirenum.sys 20:27:43.0360 4736 IRENUM - ok 20:27:43.0404 4736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:Windowssystem32driversisapnp.sys 20:27:43.0406 4736 isapnp - ok 20:27:43.0473 4736 iScsiPrt (232fa340531d940aac623b121a595034) C:Windowssystem32DRIVERSmsiscsi.sys 20:27:43.0479 4736 iScsiPrt - ok 20:27:43.0513 4736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:Windowssystem32driversiteatapi.sys 20:27:43.0515 4736 iteatapi - ok 20:27:43.0545 4736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:Windowssystem32driversiteraid.sys 20:27:43.0547 4736 iteraid - ok 20:27:43.0582 4736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:Windowssystem32DRIVERSkbdclass.sys 20:27:43.0584 4736 kbdclass - ok 20:27:43.0614 4736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:Windowssystem32DRIVERSkbdhid.sys 20:27:43.0615 4736 kbdhid - ok 20:27:43.0669 4736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:Windowssystem32Driversksecdd.sys 20:27:43.0677 4736 KSecDD - ok 20:27:43.0733 4736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:Windowssystem32DRIVERSlltdio.sys 20:27:43.0735 4736 lltdio - ok 20:27:43.0781 4736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:Windowssystem32driverslsi_fc.sys 20:27:43.0784 4736 LSI_FC - ok 20:27:43.0819 4736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:Windowssystem32driverslsi_sas.sys 20:27:43.0822 4736 LSI_SAS - ok 20:27:43.0849 4736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:Windowssystem32driverslsi_scsi.sys 20:27:43.0852 4736 LSI_SCSI - ok 20:27:43.0876 4736 luafv (8f5c7426567798e62a3b3614965d62cc) C:Windowssystem32driversluafv.sys 20:27:43.0882 4736 luafv - ok 20:27:43.0939 4736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:Windowssystem32DRIVERSmdmxsdk.sys 20:27:43.0940 4736 mdmxsdk - ok 20:27:43.0978 4736 megasas (0001ce609d66632fa17b84705f658879) C:Windowssystem32driversmegasas.sys 20:27:43.0986 4736 megasas - ok 20:27:44.0035 4736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:Windowssystem32driversmegasr.sys 20:27:44.0056 4736 MegaSR - ok 20:27:44.0104 4736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:Windowssystem32driversmodem.sys 20:27:44.0106 4736 Modem - ok 20:27:44.0152 4736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:Windowssystem32DRIVERSmonitor.sys 20:27:44.0153 4736 monitor - ok 20:27:44.0184 4736 mouclass (5bf6a1326a335c5298477754a506d263) C:Windowssystem32DRIVERSmouclass.sys 20:27:44.0186 4736 mouclass - ok 20:27:44.0220 4736 mouhid (93b8d4869e12cfbe663915502900876f) C:Windowssystem32DRIVERSmouhid.sys 20:27:44.0221 4736 mouhid - ok 20:27:44.0251 4736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:Windowssystem32driversmountmgr.sys 20:27:44.0253 4736 MountMgr - ok 20:27:44.0276 4736 mpio (511d011289755dd9f9a7579fb0b064e6) C:Windowssystem32driversmpio.sys 20:27:44.0279 4736 mpio - ok 20:27:44.0309 4736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:Windowssystem32driversmpsdrv.sys 20:27:44.0312 4736 mpsdrv - ok 20:27:44.0347 4736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:Windowssystem32driversmraid35x.sys 20:27:44.0352 4736 Mraid35x - ok 20:27:44.0392 4736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:Windowssystem32driversmrxdav.sys 20:27:44.0396 4736 MRxDAV - ok 20:27:44.0463 4736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:Windowssystem32DRIVERSmrxsmb.sys 20:27:44.0466 4736 mrxsmb - ok 20:27:44.0537 4736 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:Windowssystem32DRIVERSmrxsmb10.sys 20:27:44.0547 4736 mrxsmb10 - ok 20:27:44.0592 4736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:Windowssystem32DRIVERSmrxsmb20.sys 20:27:44.0595 4736 mrxsmb20 - ok 20:27:44.0652 4736 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:Windowssystem32driversmsahci.sys 20:27:44.0653 4736 msahci - ok 20:27:44.0696 4736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:Windowssystem32driversmsdsm.sys 20:27:44.0699 4736 msdsm - ok 20:27:44.0759 4736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:Windowssystem32driversMsfs.sys 20:27:44.0761 4736 Msfs - ok 20:27:44.0791 4736 msisadrv (0f400e306f385c56317357d6dea56f62) C:Windowssystem32driversmsisadrv.sys 20:27:44.0793 4736 msisadrv - ok 20:27:44.0878 4736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:Windowssystem32driversMSKSSRV.sys 20:27:44.0879 4736 MSKSSRV - ok 20:27:44.0912 4736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:Windowssystem32driversMSPCLOCK.sys 20:27:44.0913 4736 MSPCLOCK - ok 20:27:44.0945 4736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:Windowssystem32driversMSPQM.sys 20:27:44.0947 4736 MSPQM - ok 20:27:44.0989 4736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:Windowssystem32driversMsRPC.sys 20:27:44.0993 4736 MsRPC - ok 20:27:45.0034 4736 mssmbios (e384487cb84be41d09711c30ca79646c) C:Windowssystem32DRIVERSmssmbios.sys 20:27:45.0039 4736 mssmbios - ok 20:27:45.0074 4736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:Windowssystem32driversMSTEE.sys 20:27:45.0076 4736 MSTEE - ok 20:27:45.0131 4736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:Windowssystem32Driversmup.sys 20:27:45.0133 4736 Mup - ok 20:27:45.0185 4736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:Windowssystem32DRIVERSnwifi.sys 20:27:45.0192 4736 NativeWifiP - ok 20:27:45.0241 4736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:Windowssystem32driversndis.sys 20:27:45.0259 4736 NDIS - ok 20:27:45.0290 4736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:Windowssystem32DRIVERSndistapi.sys 20:27:45.0292 4736 NdisTapi - ok 20:27:45.0317 4736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:Windowssystem32DRIVERSndisuio.sys 20:27:45.0318 4736 Ndisuio - ok 20:27:45.0352 4736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:Windowssystem32DRIVERSndiswan.sys 20:27:45.0359 4736 NdisWan - ok 20:27:45.0391 4736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:Windowssystem32driversNDProxy.sys 20:27:45.0394 4736 NDProxy - ok 20:27:45.0418 4736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:Windowssystem32DRIVERSnetbios.sys 20:27:45.0424 4736 NetBIOS - ok 20:27:45.0481 4736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:Windowssystem32DRIVERSnetbt.sys 20:27:45.0486 4736 netbt - ok 20:27:45.0558 4736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:Windowssystem32driversnfrd960.sys 20:27:45.0561 4736 nfrd960 - ok 20:27:45.0602 4736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:Windowssystem32driversNpfs.sys 20:27:45.0604 4736 Npfs - ok 20:27:45.0634 4736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:Windowssystem32driversnsiproxy.sys 20:27:45.0636 4736 nsiproxy - ok 20:27:45.0712 4736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:Windowssystem32driversNtfs.sys 20:27:45.0748 4736 Ntfs - ok 20:27:45.0776 4736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:Windowssystem32driversntrigdigi.sys 20:27:45.0778 4736 ntrigdigi - ok 20:27:45.0818 4736 Null (c5dbbcda07d780bda9b685df333bb41e) C:Windowssystem32driversNull.sys 20:27:45.0820 4736 Null - ok 20:27:45.0870 4736 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:Windowssystem32DRIVERSnvm60x32.sys 20:27:45.0879 4736 NVENETFD - ok 20:27:45.0903 4736 nvraid (2edf9e7751554b42cbb60116de727101) C:Windowssystem32driversnvraid.sys 20:27:45.0906 4736 nvraid - ok 20:27:45.0947 4736 nvstor (abed0c09758d1d97db0042dbb2688177) C:Windowssystem32driversnvstor.sys 20:27:45.0949 4736 nvstor - ok 20:27:45.0984 4736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:Windowssystem32driversnv_agp.sys 20:27:45.0988 4736 nv_agp - ok 20:27:46.0005 4736 NwlnkFlt - ok 20:27:46.0029 4736 NwlnkFwd - ok 20:27:46.0062 4736 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:Windowssystem32driversohci1394.sys 20:27:46.0065 4736 ohci1394 - ok 20:27:46.0121 4736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:Windowssystem32driversparport.sys 20:27:46.0124 4736 Parport - ok 20:27:46.0156 4736 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:Windowssystem32driverspartmgr.sys 20:27:46.0162 4736 partmgr - ok 20:27:46.0200 4736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:Windowssystem32driversparvdm.sys 20:27:46.0202 4736 Parvdm - ok 20:27:46.0257 4736 pci (941dc1d19e7e8620f40bbc206981efdb) C:Windowssystem32driverspci.sys 20:27:46.0265 4736 pci - ok 20:27:46.0292 4736 pciide (fc175f5ddab666d7f4d17449a547626f) C:Windowssystem32driverspciide.sys 20:27:46.0298 4736 pciide - ok 20:27:46.0336 4736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:Windowssystem32driverspcmcia.sys 20:27:46.0340 4736 pcmcia - ok 20:27:46.0393 4736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:Windowssystem32driverspeauth.sys 20:27:46.0414 4736 PEAUTH - ok 20:27:46.0533 4736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:Windowssystem32DRIVERSraspptp.sys 20:27:46.0535 4736 PptpMiniport - ok 20:27:46.0569 4736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:Windowssystem32driversprocessr.sys 20:27:46.0571 4736 Processor - ok 20:27:46.0640 4736 PSched (99514faa8df93d34b5589187db3aa0ba) C:Windowssystem32DRIVERSpacer.sys 20:27:46.0643 4736 PSched - ok 20:27:46.0703 4736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:Windowssystem32driversql2300.sys 20:27:46.0752 4736 ql2300 - ok 20:27:46.0776 4736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:Windowssystem32driversql40xx.sys 20:27:46.0778 4736 ql40xx - ok 20:27:46.0851 4736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:Windowssystem32driversqwavedrv.sys 20:27:46.0852 4736 QWAVEdrv - ok 20:27:46.0904 4736 RasAcd (147d7f9c556d259924351feb0de606c3) C:Windowssystem32DRIVERSrasacd.sys 20:27:46.0906 4736 RasAcd - ok 20:27:46.0957 4736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:Windowssystem32DRIVERSrasl2tp.sys 20:27:46.0960 4736 Rasl2tp - ok 20:27:47.0078 4736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:Windowssystem32DRIVERSraspppoe.sys 20:27:47.0119 4736 RasPppoe - ok 20:27:47.0225 4736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:Windowssystem32DRIVERSrassstp.sys 20:27:47.0227 4736 RasSstp - ok 20:27:47.0275 4736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:Windowssystem32DRIVERSrdbss.sys 20:27:47.0280 4736 rdbss - ok 20:27:47.0308 4736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:Windowssystem32DRIVERSRDPCDD.sys 20:27:47.0310 4736 RDPCDD - ok 20:27:47.0360 4736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:Windowssystem32driversrdpdr.sys 20:27:47.0365 4736 rdpdr - ok 20:27:47.0387 4736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:Windowssystem32driversrdpencdd.sys 20:27:47.0389 4736 RDPENCDD - ok 20:27:47.0429 4736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:Windowssystem32driversRDPWD.sys 20:27:47.0433 4736 RDPWD - ok 20:27:47.0503 4736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:Windowssystem32DRIVERSrspndr.sys 20:27:47.0507 4736 rspndr - ok 20:27:47.0556 4736 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:Windowssystem32DRIVERSRtlh86.sys 20:27:47.0558 4736 RTL8169 - ok 20:27:47.0601 4736 sbp2port (3ce8f073a557e172b330109436984e30) C:Windowssystem32driverssbp2port.sys 20:27:47.0607 4736 sbp2port - ok 20:27:47.0663 4736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:Windowssystem32driverssecdrv.sys 20:27:47.0665 4736 secdrv - ok 20:27:47.0713 4736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:Windowssystem32driversserenum.sys 20:27:47.0715 4736 Serenum - ok 20:27:47.0748 4736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:Windowssystem32driversserial.sys 20:27:47.0751 4736 Serial - ok 20:27:47.0781 4736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:Windowssystem32driverssermouse.sys 20:27:47.0783 4736 sermouse - ok 20:27:47.0840 4736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:Windowssystem32driverssffdisk.sys 20:27:47.0842 4736 sffdisk - ok 20:27:47.0908 4736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:Windowssystem32driverssffp_mmc.sys 20:27:47.0910 4736 sffp_mmc - ok 20:27:47.0940 4736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:Windowssystem32driverssffp_sd.sys 20:27:47.0942 4736 sffp_sd - ok 20:27:47.0977 4736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:Windowssystem32driverssfloppy.sys 20:27:47.0978 4736 sfloppy - ok 20:27:48.0043 4736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:Windowssystem32driverssisagp.sys 20:27:48.0049 4736 sisagp - ok 20:27:48.0094 4736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:Windowssystem32driverssisraid2.sys 20:27:48.0099 4736 SiSRaid2 - ok 20:27:48.0130 4736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:Windowssystem32driverssisraid4.sys 20:27:48.0133 4736 SiSRaid4 - ok 20:27:48.0208 4736 Smb (7b75299a4d201d6a6533603d6914ab04) C:Windowssystem32DRIVERSsmb.sys 20:27:48.0211 4736 Smb - ok 20:27:48.0267 4736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:Windowssystem32driversspldr.sys 20:27:48.0269 4736 spldr - ok 20:27:48.0342 4736 srv (41987f9fc0e61adf54f581e15029ad91) C:Windowssystem32DRIVERSsrv.sys 20:27:48.0352 4736 srv - ok 20:27:48.0394 4736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:Windowssystem32DRIVERSsrv2.sys 20:27:48.0398 4736 srv2 - ok 20:27:48.0450 4736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:Windowssystem32DRIVERSsrvnet.sys 20:27:48.0453 4736 srvnet - ok 20:27:48.0511 4736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:Windowssystem32DRIVERSswenum.sys 20:27:48.0514 4736 swenum - ok 20:27:48.0555 4736 Symc8xx (192aa3ac01df071b541094f251deed10) C:Windowssystem32driverssymc8xx.sys 20:27:48.0557 4736 Symc8xx - ok 20:27:48.0594 4736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:Windowssystem32driverssym_hi.sys 20:27:48.0596 4736 Sym_hi - ok 20:27:48.0629 4736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:Windowssystem32driverssym_u3.sys 20:27:48.0631 4736 Sym_u3 - ok 20:27:48.0664 4736 SynTP (00b19f27858f56181edb58b71a7c67a0) C:Windowssystem32DRIVERSSynTP.sys 20:27:48.0669 4736 SynTP - ok 20:27:48.0763 4736 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:Windowssystem32driverstcpip.sys 20:27:48.0784 4736 Tcpip - ok 20:27:48.0823 4736 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:Windowssystem32DRIVERStcpip.sys 20:27:48.0832 4736 Tcpip6 - ok 20:27:48.0891 4736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:Windowssystem32driverstcpipreg.sys 20:27:48.0896 4736 tcpipreg - ok 20:27:48.0924 4736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:Windowssystem32driverstdpipe.sys 20:27:48.0926 4736 TDPIPE - ok 20:27:48.0969 4736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:Windowssystem32driverstdtcp.sys 20:27:48.0971 4736 TDTCP - ok 20:27:49.0015 4736 tdx (76b06eb8a01fc8624d699e7045303e54) C:Windowssystem32DRIVERStdx.sys 20:27:49.0017 4736 tdx - ok 20:27:49.0060 4736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:Windowssystem32DRIVERStermdd.sys 20:27:49.0066 4736 TermDD - ok 20:27:49.0159 4736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:Windowssystem32DRIVERStssecsrv.sys 20:27:49.0161 4736 tssecsrv - ok 20:27:49.0198 4736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:Windowssystem32DRIVERStunmp.sys 20:27:49.0200 4736 tunmp - ok 20:27:49.0241 4736 tunnel (300db877ac094feab0be7688c3454a9c) C:Windowssystem32DRIVERStunnel.sys 20:27:49.0242 4736 tunnel - ok 20:27:49.0275 4736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:Windowssystem32driversuagp35.sys 20:27:49.0278 4736 uagp35 - ok 20:27:49.0325 4736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:Windowssystem32DRIVERSudfs.sys 20:27:49.0330 4736 udfs - ok 20:27:49.0383 4736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:Windowssystem32driversuliagpkx.sys 20:27:49.0386 4736 uliagpkx - ok 20:27:49.0426 4736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:Windowssystem32driversuliahci.sys 20:27:49.0431 4736 uliahci - ok 20:27:49.0453 4736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:Windowssystem32driversulsata.sys 20:27:49.0456 4736 UlSata - ok 20:27:49.0479 4736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:Windowssystem32driversulsata2.sys 20:27:49.0485 4736 ulsata2 - ok 20:27:49.0513 4736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:Windowssystem32DRIVERSumbus.sys 20:27:49.0518 4736 umbus - ok 20:27:49.0562 4736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:Windowssystem32DRIVERSusbccgp.sys 20:27:49.0567 4736 usbccgp - ok 20:27:49.0603 4736 usbcir (e9476e6c486e76bc4898074768fb7131) C:Windowssystem32driversusbcir.sys 20:27:49.0606 4736 usbcir - ok 20:27:49.0654 4736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:Windowssystem32DRIVERSusbehci.sys 20:27:49.0656 4736 usbehci - ok 20:27:49.0685 4736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:Windowssystem32DRIVERSusbhub.sys 20:27:49.0689 4736 usbhub - ok 20:27:49.0719 4736 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:Windowssystem32DRIVERSusbohci.sys 20:27:49.0721 4736 usbohci - ok 20:27:49.0782 4736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:Windowssystem32DRIVERSusbprint.sys 20:27:49.0784 4736 usbprint - ok 20:27:49.0844 4736 usbscan (a508c9bd8724980512136b039bba65e9) C:Windowssystem32DRIVERSusbscan.sys 20:27:49.0846 4736 usbscan - ok 20:27:49.0889 4736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:Windowssystem32DRIVERSUSBSTOR.SYS 20:27:49.0892 4736 USBSTOR - ok 20:27:49.0922 4736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:Windowssystem32DRIVERSusbuhci.sys 20:27:49.0924 4736 usbuhci - ok 20:27:49.0969 4736 vga (87b06e1f30b749a114f74622d013f8d4) C:Windowssystem32DRIVERSvgapnp.sys 20:27:49.0972 4736 vga - ok 20:27:50.0013 4736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:WindowsSystem32driversvga.sys 20:27:50.0015 4736 VgaSave - ok 20:27:50.0057 4736 viaagp (5d7159def58a800d5781ba3a879627bc) C:Windowssystem32driversviaagp.sys 20:27:50.0060 4736 viaagp - ok 20:27:50.0091 4736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:Windowssystem32driversviac7.sys 20:27:50.0093 4736 ViaC7 - ok 20:27:50.0127 4736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:Windowssystem32driversviaide.sys 20:27:50.0130 4736 viaide - ok 20:27:50.0189 4736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:Windowssystem32driversvolmgr.sys 20:27:50.0192 4736 volmgr - ok 20:27:50.0235 4736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:Windowssystem32driversvolmgrx.sys 20:27:50.0244 4736 volmgrx - ok 20:27:50.0280 4736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:Windowssystem32driversvolsnap.sys 20:27:50.0284 4736 volsnap - ok 20:27:50.0311 4736 vsmraid (587253e09325e6bf226b299774b728a9) C:Windowssystem32driversvsmraid.sys 20:27:50.0314 4736 vsmraid - ok 20:27:50.0369 4736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:Windowssystem32driverswacompen.sys 20:27:50.0373 4736 WacomPen - ok 20:27:50.0407 4736 Wanarp (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys 20:27:50.0409 4736 Wanarp - ok 20:27:50.0423 4736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys 20:27:50.0424 4736 Wanarpv6 - ok 20:27:50.0482 4736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:Windowssystem32driverswd.sys 20:27:50.0484 4736 Wd - ok 20:27:50.0527 4736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:Windowssystem32driversWdf01000.sys 20:27:50.0536 4736 Wdf01000 - ok 20:27:50.0625 4736 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:Windowssystem32DRIVERSHSX_CNXT.sys 20:27:50.0652 4736 winachsf - ok 20:27:50.0758 4736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:Windowssystem32DRIVERSwmiacpi.sys 20:27:50.0759 4736 WmiAcpi - ok 20:27:50.0832 4736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:Windowssystem32DRIVERSwpdusb.sys 20:27:50.0834 4736 WpdUsb - ok 20:27:50.0889 4736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:Windowssystem32driversws2ifsl.sys 20:27:50.0891 4736 ws2ifsl - ok 20:27:50.0967 4736 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:Windowssystem32DRIVERSWSDPrint.sys 20:27:50.0968 4736 WSDPrintDevice - ok 20:27:51.0004 4736 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:Windowssystem32DRIVERSWSDScan.sys 20:27:51.0006 4736 WSDScan - ok 20:27:51.0066 4736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:Windowssystem32DRIVERSWUDFRd.sys 20:27:51.0069 4736 WUDFRd - ok 20:27:51.0119 4736 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:Windowssystem32DRIVERSxaudio.sys 20:27:51.0122 4736 XAudio - ok 20:27:51.0179 4736 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) DeviceHarddisk0DR0 20:27:51.0215 4736 DeviceHarddisk0DR0 - ok 20:27:51.0222 4736 Boot (0x1200) (c44599a1acc8b3db00ee03a16321d60e) DeviceHarddisk0DR0Partition0 20:27:51.0224 4736 DeviceHarddisk0DR0Partition0 - ok 20:27:51.0235 4736 Boot (0x1200) (10da46c46b1a2e1b6a086fcfda83b72b) DeviceHarddisk0DR0Partition1 20:27:51.0236 4736 DeviceHarddisk0DR0Partition1 - ok 20:27:51.0239 4736 ============================================================ 20:27:51.0240 4736 Scan finished 20:27:51.0240 4736 ============================================================ 20:27:51.0254 4280 Detected object count: 0 20:27:51.0254 4280 Actual detected object count: 0

#9 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 01 December 2011 - 08:31 PM

Link to MBR.DAT http://www.virustota...7396-1322788470

#10 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 01 December 2011 - 08:34 PM

VEW: Vino's Event Viewer v01c run on Windows Vista in English Report run at 01/12/2011 8:18:01 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 01/12/2011 10:07:48 PM Type: Error Category: 0 Event: 10 Source: Microsoft-Windows-WMI Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Log: 'Application' Date/Time: 28/11/2011 10:02:41 PM Type: Error Category: 0 Event: 1010 Source: Microsoft-Windows-Perflib The Collect Procedure for the "EmdCache" service in DLL "C:Windowssystem32emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code. Log: 'Application' Date/Time: 28/11/2011 9:55:28 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEDOWNLOADSGMER.ZIP.CRDOWNLOAD> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHECB4> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHECB4> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE914> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE914> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHED68> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHED68> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE1A7> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE1A7> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:33 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE36F> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:33 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE36F> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:32 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEE46> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:32 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEE46> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEF94> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEF94> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE2FE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE2FE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM Type: Error Category: 3 Event: 3013 Source: Microsoft-Windows-Search The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE248> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 27/11/2011 5:13:20 PM Type: Warning Category: 7 Event: 508 Source: ESENT Windows (3076) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 45867008 (0x0000000002bbe000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2647 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 25/11/2011 3:49:39 PM Type: Warning Category: 1 Event: 1015 Source: Microsoft-Windows-Search Event ID 3013 for the Windows Search Service has been suppressed 6 time(s) since 10:21:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event. Log: 'Application' Date/Time: 24/11/2011 3:06:24 PM Type: Warning Category: 7 Event: 508 Source: ESENT Windows (3136) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 16596992 (0x0000000000fd4000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (48985 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 23/11/2011 8:03:34 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000_Classes: Process 2896 (DeviceHarddiskVolume1Program FilesGoogleUpdateGoogleUpdate.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000_CLASSES Log: 'Application' Date/Time: 23/11/2011 8:01:37 PM Type: Warning Category: 7 Event: 507 Source: ESENT Windows (3028) Windows: A request to read from the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 69361664 (0x0000000004226000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (92 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 17/11/2011 1:01:11 AM Type: Warning Category: 7 Event: 508 Source: ESENT Windows (3016) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 12386304 (0x0000000000bd0000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (18773 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 15/11/2011 10:58:46 PM Type: Warning Category: 7 Event: 510 Source: ESENT Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 15745024 (0x0000000000f04000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2224 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 3092 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 15/11/2011 10:07:13 PM Type: Warning Category: 7 Event: 510 Source: ESENT Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 1212416 (0x0000000000128000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (6967 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 7003 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 15/11/2011 8:10:30 PM Type: Warning Category: 7 Event: 508 Source: ESENT Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 2621440 (0x0000000000280000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (64803 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 10/11/2011 8:23:24 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000: Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Log: 'Application' Date/Time: 03/11/2011 8:57:49 AM Type: Warning Category: 7 Event: 507 Source: ESENT Windows (2980) Windows: A request to read from the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 28573696 (0x0000000001b40000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (64811 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 02/11/2011 2:20:38 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000: Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Log: 'Application' Date/Time: 29/10/2011 9:34:01 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000: Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Log: 'Application' Date/Time: 21/10/2011 12:22:52 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000_Classes: Process 928 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000_CLASSES Log: 'Application' Date/Time: 21/10/2011 12:22:49 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000: Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 928 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Log: 'Application' Date/Time: 19/10/2011 7:54:31 PM Type: Warning Category: 7 Event: 510 Source: ESENT Windows (2952) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 28508160 (0x0000000001b30000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (4671 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 159556 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 17/10/2011 11:35:15 PM Type: Warning Category: 7 Event: 508 Source: ESENT Windows (2952) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 23191552 (0x000000000161e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (3243 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 12/10/2011 12:48:07 PM Type: Warning Category: 7 Event: 507 Source: ESENT wuaueng.dll (1056) SUS20ClientDataStore: A request to read from the file "C:WindowsSoftwareDistributionDataStoreDataStore.edb" at offset 143007744 (0x0000000008862000) for 647168 (0x0009e000) bytes succeeded, but took an abnormally long time (41624 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Log: 'Application' Date/Time: 12/10/2011 1:05:17 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000: Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000 Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot Process 5460 (DeviceHarddiskVolume1WINDOWSSystem32msiexec.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftWindowsCurrentVersionExplorer Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA Log: 'Application' Date/Time: 12/10/2011 12:14:20 AM Type: Warning Category: 7 Event: 510 Source: ESENT Windows (3168) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 50864128 (0x0000000003082000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (2883 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 95855 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 01/12/2011 10:06:59 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 23/11/2011 7:54:29 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 16/11/2011 1:51:22 AM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 19/10/2011 10:16:17 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 13/10/2011 11:34:36 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 05/10/2011 11:11:23 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 21/09/2011 1:07:13 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 20/09/2011 8:48:04 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 15/09/2011 10:39:27 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 02/09/2011 12:42:58 AM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 29/08/2011 10:28:07 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 27/08/2011 2:40:46 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 26/08/2011 4:44:45 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 24/08/2011 10:03:47 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 24/08/2011 12:00:07 AM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 21/08/2011 5:44:07 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 18/08/2011 10:43:21 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 16/08/2011 10:24:13 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 14/08/2011 1:52:07 AM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. Log: 'System' Date/Time: 12/08/2011 9:09:47 PM Type: Critical Category: 0 Event: 41 Source: Microsoft-Windows-Kernel-Power The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 01/12/2011 10:08:45 PM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Log: 'System' Date/Time: 01/12/2011 10:08:41 PM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Log: 'System' Date/Time: 01/12/2011 10:07:49 PM Type: Error Category: 0 Event: 7000 Source: Service Control Manager The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Log: 'System' Date/Time: 01/12/2011 10:07:08 PM Type: Error Category: 0 Event: 6008 Source: EventLog The previous system shutdown at 5:05:52 PM on 12/1/2011 was unexpected. Log: 'System' Date/Time: 29/11/2011 12:47:24 AM Type: Error Category: 0 Event: 7030 Source: Service Control Manager The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Log: 'System' Date/Time: 29/11/2011 12:42:51 AM Type: Error Category: 0 Event: 7030 Source: Service Control Manager The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Log: 'System' Date/Time: 29/11/2011 12:36:26 AM Type: Error Category: 0 Event: 7030 Source: Service Control Manager The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Log: 'System' Date/Time: 29/11/2011 12:35:05 AM Type: Error Category: 0 Event: 7034 Source: Service Control Manager The XAudioService service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 27/11/2011 4:22:18 PM Type: Error Category: 0 Event: 10010 Source: Microsoft-Windows-DistributedCOM The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout. Log: 'System' Date/Time: 26/11/2011 8:52:44 PM Type: Error Category: 0 Event: 7011 Source: Service Control Manager A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. Log: 'System' Date/Time: 26/11/2011 8:52:03 PM Type: Error Category: 0 Event: 7011 Source: Service Control Manager A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. Log: 'System' Date/Time: 26/11/2011 12:24:47 AM Type: Error Category: 0 Event: 7011 Source: Service Control Manager A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Log: 'System' Date/Time: 25/11/2011 3:18:45 PM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Log: 'System' Date/Time: 25/11/2011 3:18:35 PM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Log: 'System' Date/Time: 25/11/2011 3:17:48 PM Type: Error Category: 0 Event: 7000 Source: Service Control Manager The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Log: 'System' Date/Time: 25/11/2011 3:17:35 PM Type: Error Category: 0 Event: 19 Source: Microsoft-Windows-PrintSpooler The print spooler failed to share printer Canon MX320 series FAX with shared resource name Canon MX320 series FAX. Error 2114. The printer cannot be used by others on the network. Log: 'System' Date/Time: 25/11/2011 3:17:35 PM Type: Error Category: 0 Event: 19 Source: Microsoft-Windows-PrintSpooler The print spooler failed to share printer Canon MX320 series Printer with shared resource name Canon MX320 series Printer. Error 2114. The printer cannot be used by others on the network. Log: 'System' Date/Time: 25/11/2011 3:17:00 PM Type: Error Category: 0 Event: 6008 Source: EventLog The previous system shutdown at 10:15:56 AM on 11/25/2011 was unexpected. Log: 'System' Date/Time: 25/11/2011 2:44:13 AM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Log: 'System' Date/Time: 25/11/2011 2:44:04 AM Type: Error Category: 0 Event: 10016 Source: Microsoft-Windows-DistributedCOM The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 02/12/2011 1:13:19 AM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 02/12/2011 12:29:22 AM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 11:37:14 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 10:53:00 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 10:52:58 PM Type: Warning Category: 0 Event: 134 Source: Microsoft-Windows-Time-Service NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) Log: 'System' Date/Time: 01/12/2011 10:07:49 PM Type: Warning Category: 0 Event: 134 Source: Microsoft-Windows-Time-Service NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) Log: 'System' Date/Time: 01/12/2011 10:07:47 PM Type: Warning Category: 0 Event: 134 Source: Microsoft-Windows-Time-Service NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) Log: 'System' Date/Time: 01/12/2011 10:06:57 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 10:04:50 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 10:02:09 PM Type: Warning Category: 0 Event: 134 Source: Microsoft-Windows-Time-Service NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) Log: 'System' Date/Time: 01/12/2011 10:02:07 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 01/12/2011 10:01:56 PM Type: Warning Category: 0 Event: 36 Source: Microsoft-Windows-Time-Service The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization. Log: 'System' Date/Time: 30/11/2011 8:46:16 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 30/11/2011 2:05:55 AM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 30/11/2011 1:59:40 AM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 30/11/2011 1:44:58 AM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 29/11/2011 11:23:14 PM Type: Warning Category: 0 Event: 3004 Source: Microsoft-Windows-Windows Defender Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {727BDEFE-664A-48A9-89BF-423575A855B0} User: Steve-PCSteve Name: Unknown ID: Severity ID: Category ID: Path Found: driver:aswMBR Alert Type: Unclassified software Detection Type: Log: 'System' Date/Time: 29/11/2011 11:09:24 PM Type: Warning Category: 0 Event: 1 Source: RTL8169 Realtek PCIe FE Family Controller is disconnected from network. Log: 'System' Date/Time: 29/11/2011 11:09:21 PM Type: Warning Category: 0 Event: 1003 Source: Microsoft-Windows-Dhcp-Client Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 002269819BF2. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Log: 'System' Date/Time: 29/11/2011 9:14:16 PM Type: Warning Category: 0 Event: 3004 Source: Microsoft-Windows-Windows Defender Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {AB45D62F-1D9F-435A-9914-78DE04F28DEF} User: Steve-PCSteve Name: Unknown ID: Severity ID: Category ID: Path Found: service:avastTestService Alert Type: Unclassified software Detection Type:

#11 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 02 December 2011 - 11:24 AM

Hello steverino

The VT link you provided is not to the scan results page but to the VT home page. Were you able to scan the file with Virus Total?

Your TDSSKiller log is clean. To be honest, there is not a great deal jumping out from your logs in terms of malware, but there are still quite a few things we can try.

A couple of questions for you:

Is this a business machine?

Are your machines connecting through a server?

Please let me know in your next reply.

  • GetPartitions
  • Please download GetPartitions from the following link. You must Right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop.
  • Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
  • It will produce a log on your C drive called C:\DiskReport.txt
  • Please post the log in your next reply.

Along with the log please let me know about my questions above.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#12 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 02 December 2011 - 02:09 PM

it is not a business machine and the computers are not connected through a server. not sure why the VT link was to the main page.
Here is a copy/paste of its results:
File name: MBR.dat

Submission date: 2011-12-02 18:58:38 (UTC)

Current status: finished


Result: 0/ 43 (0.0%)
VT Community Posted Image
not reviewed
Safety score: -


Compact

Print results

Antivirus Version Last Update Result AhnLab-V3 2011.12.01.02 2011.12.01 - AntiVir 7.11.18.204 2011.12.02 - Antiy-AVL 2.0.3.7 2011.12.02 - Avast 6.0.1289.0 2011.12.02 - AVG 10.0.0.1190 2011.12.02 - BitDefender 7.2 2011.12.02 - ByteHero 1.0.0.1 2011.11.29 - CAT-QuickHeal 12.00 2011.12.02 - ClamAV 0.97.3.0 2011.12.02 - Commtouch 5.3.2.6 2011.12.02 - Comodo 10815 2011.12.02 - DrWeb 5.0.2.03300 2011.12.02 - Emsisoft 5.1.0.11 2011.12.02 - eSafe 7.0.17.0 2011.12.01 - eTrust-Vet 37.0.9599 2011.12.02 - F-Prot 4.6.5.141 2011.11.29 - F-Secure 9.0.16440.0 2011.12.02 - Fortinet 4.3.388.0 2011.12.02 - GData 22 2011.12.02 - Ikarus T3.1.1.109.0 2011.12.02 - Jiangmin 13.0.900 2011.12.02 - K7AntiVirus 9.119.5586 2011.12.02 - Kaspersky 9.0.0.837 2011.12.02 - McAfee 5.400.0.1158 2011.12.02 - McAfee-GW-Edition 2010.1D 2011.12.02 - Microsoft 1.7903 2011.12.02 - NOD32 6668 2011.12.01 - Norman 6.07.13 2011.12.02 - nProtect 2011-12-02.01 2011.12.02 - Panda 10.0.3.5 2011.12.02 - PCTools 8.0.0.5 2011.12.02 - Prevx 3.0 2011.12.02 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.02 - SUPERAntiSpyware 4.40.0.1006 2011.12.02 - Symantec 20111.2.0.82 2011.12.02 - TheHacker 6.7.0.1.352 2011.12.01 - TrendMicro 9.500.0.1008 2011.12.02 - TrendMicro-HouseCall 9.500.0.1008 2011.12.02 - VBA32 3.12.16.4 2011.12.01 - VIPRE 11192 2011.12.02 - ViRobot 2011.12.2.4805 2011.12.02 - VirusBuster 14.1.96.0 2011.12.02 -
Additional information
MD5 : 21903a2b5014892ced92aa9833a8e1e7 SHA1 : 7b8966a000d371372c91b4731595cf6fc375a673 SHA256: 7c7a5991c39cf93de4bf87c9e7368f42beccdf71169a20d334bc97cd33507396

#13 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 02 December 2011 - 02:39 PM

Microsoft DiskPart version 6.0.6002 Copyright © 1999-2007 Microsoft Corporation. On computer: STEVE-PC Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volume 0 F Audio CD CDFS DVD-ROM 42 MB Healthy Volume 1 C NTFS Partition 140 GB Healthy System Volume 2 E PRESARIO_RP NTFS Partition 9 GB Healthy

#14 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 02 December 2011 - 04:26 PM

Hello steverino

Lets see what the following can tell us:
  • Please run the following scan
  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post the ESET log in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#15 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 03 December 2011 - 03:16 PM

<p>&nbsp;</p> <div>ESET</div> <div>&nbsp;</div> <div>C:UsersSteveDownloadscnet_aura-free-video-converter_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>C:UsersSteveDownloadscnet_avc-free_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>C:UsersSteveDownloadscnet_BatteryBarSetup-3_5_2_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div> <div>&nbsp;</div>

#16 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 04 December 2011 - 06:52 AM

Hello sterevino

I am not seeing anything in your logs that would explain the problems you are describing.

Lets see of the following can help us:
  • StartupLight
  • You may wish to try StartupLite. Simply download this tool to your desktop and run it.
  • It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup.
  • This will result in fewer programs running when you boot your system, and should improve performance.
  • You can find it here: http://www.malwareby...startuplite.php
More information can be found in the link below:

http://www.bleepingc...ndpost&p=487112

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#17 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 04 December 2011 - 12:35 PM

thanks for all the assistance. will try those suggestions too

#18 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 04 December 2011 - 03:33 PM

Hello steverino

Let me know if there is any improvement :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#19 steverino

steverino

    Member

  • Members
  • 91 posts

Posted 06 December 2011 - 06:55 PM

well, though we didnt do too much, it does seem better, at least at the moment. though the cpu usage still hits 100% when doing something as opening a new web page, its clears quickly

#20 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 08 December 2011 - 06:45 AM

Hello steverino

Lets try one more thing to be safe:
  • MBRCheck
  • Please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
  • Please post the contents of that file in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users