Jump to content
Sign in to follow this  
steverino

Computer running rediculously slow

Recommended Posts

well, at a loss. xp vista, 2gb ram,

Ive run malware bytes, no issues found, running avast, have done a bootime scan, no issues, ran spybot too, and have just finished running advanced system care. It appears i am using all of my cpu and memory... thanks in advance. here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:38:34 PM, on 11/23/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\IObit\Advanced SystemCare 5\DiskScan.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6019 bytes

Share this post


Link to post
Share on other sites

Hello steverino and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets take a closer look at your system with the following scans:

  • Please perform the following scan

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Right click on GMER.exe and select "Run as Administrator" to run the program. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Please post the DDS logs and the GMER log in your next reply.

 

Share this post


Link to post
Share on other sites

DDS:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Steve at 16:51:52 on 2011-11-28

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.830 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Program FilesIObitAdvanced SystemCare 5ASCService.exe

C:Windowssystem32svchost.exe -k rpcss

C:WindowsSystem32svchost.exe -k secsvcs

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32Dwm.exe

C:Windowssystem32WLANExt.exe

C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

C:WindowsExplorer.EXE

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesWindows DefenderMSASCui.exe

C:Program FilesAlwil SoftwareAvast5AvastUI.exe

C:WINDOWSSystem32hkcmd.exe

C:WINDOWSSystem32igfxpers.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe

C:UsersSteveAppDataRoamingDropboxbinDropbox.exe

C:Windowssystem32igfxsrvc.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Windowssystem32taskeng.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32DRIVERSxaudio.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program FilesSpybot - Search & DestroySDWinSec.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesCommon FilesJavaJava Updatejucheck.exe

C:Program FilesIObitAdvanced SystemCare 5ASC.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesGoogleChromeApplicationchrome.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:program filesalwil softwareavast5aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:program filesalwil softwareavast5aswWebRepIE.dll

uRun: [Advanced SystemCare 5] "c:program filesiobitadvanced systemcare 5ASCTray.exe" /AutoStart

mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe

mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

mRun: [avast] "c:program filesalwil softwareavast5avastUI.exe" /nogui

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [iJNetworkScanUtility] c:program filescanoncanon ij network scan utilityCNMNSUT.exe

StartupFolder: c:userssteveappdataroamingmicros~1windowsstartm~1programsstartupdropbox.lnk - c:userssteveappdataroamingdropboxbinDropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~1micros~3office10EXCEL.EXE/3000

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces{080D02E3-EF52-44E6-8F92-AECC44CDD57C} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:userssteveappdataroamingmozillafirefoxprofilesboipdrpz.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll

FF - plugin: c:program filesgooglepicasa3npPicasa3.dll

FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2011-4-2 442200]

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-3-22 320856]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program filesiobitadvanced systemcare 5ASCService.exe [2011-11-23 490840]

R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2010-3-22 20568]

R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-3-22 54616]

R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2010-3-22 44768]

R2 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2010-3-22 1153368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2008-6-30 112128]

R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2008-1-20 16896]

R3 WSDScan;WSD Scan Support via UMB;c:windowssystem32driversWSDScan.sys [2010-3-22 19968]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504]

S4 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2011-6-6 64952]

S4 Com4QLBEx;Com4QLBEx;c:program fileshewlett-packardhp quick launch buttonsCom4QLBEx.exe [2008-7-26 193840]

S4 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-3-22 133104]

S4 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2010-3-22 133104]

S4 Recovery Service for Windows;Recovery Service for Windows;c:windowssminstBLService.exe [2008-7-26 361808]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2010-3-22 24652]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-11-25 15:25:37 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{c1772321-549e-4321-9143-7e645c33495e}offreg.dll

2011-11-25 15:25:36 6668624 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{c1772321-549e-4321-9143-7e645c33495e}mpengine.dll

2011-11-24 00:12:42 20312 ----a-w- c:windowssystem32RegistryDefragBootTime.exe

2011-11-23 23:31:50 388096 ----a-r- c:userssteveappdataroamingmicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe

2011-11-23 23:31:44 -------- d-----w- c:program filesTrend Micro

2011-11-09 14:03:07 905088 ----a-w- c:windowssystem32driverstcpip.sys

2011-11-09 14:03:03 2409784 ----a-w- c:program fileswindows mailOESpamFilter.dat

2011-11-09 14:03:00 707584 ----a-w- c:program filescommon filessystemwab32.dll

.

==================== Find3M ====================

.

2011-10-24 19:29:02 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:windowssystem32QuickTime.qts

2011-10-22 20:52:43 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-09-06 20:45:29 41184 ----a-w- c:windowsavastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:windowssystem32driversaswSnx.sys

2011-09-06 20:36:26 54616 ----a-w- c:windowssystem32driversaswMonFlt.sys

2011-09-06 13:30:12 2043392 ----a-w- c:windowssystem32win32k.sys

2011-09-01 02:35:59 1798144 ----a-w- c:windowssystem32jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:windowssystem32wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:windowssystem32mshtml.tlb

2011-08-31 22:00:50 22216 ----a-w- c:windowssystem32driversmbam.sys

.

============= FINISH: 16:53:04.12 ===============

 

 

Attach:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: DeviceHarddiskVolume1

Install Date: 3/22/2010 8:23:09 PM

System Uptime: 11/28/2011 3:08:20 AM (13 hours ago)

.

Motherboard: Wistron | | 360B

Processor: Genuine Intel® CPU 575 @ 2.00GHz | CPU | 1995/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 140 GiB total, 87.453 GiB free.

E: is FIXED (NTFS) - 9 GiB total, 1.641 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP412: 10/22/2011 4:43:57 PM - IObit Uninstaller restore point

RP414: 10/22/2011 4:48:22 PM - IObit Uninstaller restore point

RP415: 10/22/2011 4:49:52 PM - Removed Google Earth Plug-in.

RP416: 10/22/2011 4:50:46 PM - Windows Update

RP418: 10/22/2011 5:00:34 PM - Removed NetWaiting

RP420: 10/22/2011 5:01:06 PM - Removed NetWaiting

RP422: 10/22/2011 5:02:11 PM - Removed muvee autoProducer 6.1

RP424: 10/22/2011 5:05:40 PM - Configured PowerDirector

RP425: 10/26/2011 8:08:25 PM - Windows Update

RP426: 10/29/2011 5:42:40 PM - Windows Update

RP427: 11/2/2011 10:27:38 AM - Windows Update

RP428: 11/3/2011 2:39:46 PM - Scheduled Checkpoint

RP429: 11/5/2011 1:38:42 PM - Windows Update

RP430: 11/9/2011 8:59:00 AM - Windows Update

RP431: 11/10/2011 3:00:25 AM - Windows Update

RP432: 11/11/2011 12:00:06 AM - Scheduled Checkpoint

RP433: 11/11/2011 1:07:25 AM - Windows Update

RP434: 11/11/2011 3:00:11 AM - Windows Update

RP435: 11/15/2011 5:10:00 PM - Windows Update

RP436: 11/17/2011 6:18:44 PM - Scheduled Checkpoint

RP437: 11/19/2011 9:09:33 AM - Windows Update

RP438: 11/22/2011 6:31:05 PM - Windows Update

RP439: 11/23/2011 6:29:39 PM - Installed HiJackThis

RP440: 11/25/2011 10:24:35 AM - Windows Update

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

Adobe Shockwave Player

Adobe Shockwave Player 11.6

Advanced SystemCare 5

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

avast! Free Antivirus

BatteryBar (remove only)

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MX320 series MP Drivers

Canon MX320 series User Registration

Canon MX350 series MP Drivers

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conexant HD Audio

D3DX10

Dropbox

ESU for Microsoft Vista

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP Help and Support

HP Quick Launch Buttons 6.40 F1

HP QuickPlay 3.7

HP Total Care Advisor

HP Update

HP User Guides 0121

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPTCSSetup

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 26

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office XP Professional with FrontPage

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 6.0.2 (x86 en-US)

Mozilla Thunderbird (6.0)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My HP Games

Paint.NET v3.5.8

Picasa 3

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Segoe UI

SmartMusic 2011a

Spybot - Search & Destroy

SpywareBlaster 4.4

swMSM

Synaptics Pointing Device Driver

Tux Paint 0.9.21c

Tux Paint Stamps 2009-06-28

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VLC media player 1.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

11/26/2011 3:52:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

11/25/2011 7:24:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

11/25/2011 10:18:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/25/2011 10:18:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/25/2011 10:17:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/25/2011 10:17:35 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MX320 series Printer with shared resource name Canon MX320 series Printer. Error 2114. The printer cannot be used by others on the network.

11/25/2011 10:17:35 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MX320 series FAX with shared resource name Canon MX320 series FAX. Error 2114. The printer cannot be used by others on the network.

11/25/2011 10:17:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:15:56 AM on 11/25/2011 was unexpected.

11/24/2011 9:42:23 PM, Error: EventLog [6008] - The previous system shutdown at 1:58:14 PM on 11/24/2011 was unexpected.

11/23/2011 6:21:09 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/23/2011 6:11:47 PM, Error: Server [2505] - The server could not bind to the transport DeviceNetBT_Tcpip_{080D02E3-EF52-44E6-8F92-AECC44CDD57C} because another computer on the network has the same name. The server could not start.

11/23/2011 6:08:23 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.107 with the system having network hardware address 00-24-21-8B-B8-D7. Network operations on this system may be disrupted as a result.

11/23/2011 6:07:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

11/23/2011 6:07:30 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/23/2011 2:58:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

11/23/2011 2:54:37 PM, Error: EventLog [6008] - The previous system shutdown at 9:58:37 PM on 11/22/2011 was unexpected.

.

==== End Of File ===========================

GMER:

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-11-28 18:13:10

Windows 6.0.6002 Service Pack 2 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 WDC_WD1600BEVT-60ZCT0 rev.12.01A12

Running: gmer.exe; Driver: C:UsersSteveAppDataLocalTempugloypob.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D96E374]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D970996]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D9709EE]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D970B04]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D9708EC]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D970A3E]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D970940]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D970AB2]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D96E398]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D96E162]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D96E3BC]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D970EFC]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D96EE54]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D9709C6]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D970A16]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D970B2E]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D970918]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D970A7E]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D97096E]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D970ADC]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D96ED1A]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D96E3E0]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D96E404]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D96E1BC]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D96E2F8]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D96E2D4]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D96E31C]

SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D96E428]

 

Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E1C59A6]

Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!KeSetEvent + 10D 822C4890 4 Bytes [74, E3, 96, 8D]

.text ntkrnlpa.exe!KeSetEvent + 1D1 822C4954 8 Bytes [96, 09, 97, 8D, EE, 09, 97, ...]

.text ntkrnlpa.exe!KeSetEvent + 1DD 822C4960 4 Bytes [04, 0B, 97, 8D]

.text ntkrnlpa.exe!KeSetEvent + 1F5 822C4978 4 Bytes [EC, 08, 97, 8D]

.text ntkrnlpa.exe!KeSetEvent + 215 822C4998 8 Bytes [3E, 0A, 97, 8D, 40, 09, 97, ...]

.text ...

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823EF62F 5 Bytes JMP 8E1C13DE SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject 82448543 5 Bytes JMP 8E1C2E84 SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82451E68 4 Bytes CALL 8D96F4C5 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82455ADC 4 Bytes CALL 8D96F4DB SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 824A9DCA 7 Bytes JMP 8E1C59AA SystemRootSystem32DriversaswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngCreateRectRgn + 4537 968FFC90 5 Bytes JMP 8D9715E6 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + C20 96918EC9 5 Bytes JMP 8D971FB2 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTransparentBlt + 4A1 96919CB5 5 Bytes JMP 8D972118 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTransparentBlt + 8C03 96922417 5 Bytes JMP 8D970F32 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 616 9692336E 5 Bytes JMP 8D971D7E SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 30F6 9692EAA7 5 Bytes JMP 8D9714BC SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 4569 9692FF1A 5 Bytes JMP 8D9710DA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 119BE 96949A45 5 Bytes JMP 8D971326 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMapFontFileFD + 11A12 96949A99 5 Bytes JMP 8D9714CC SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 377F 96970A7E 5 Bytes JMP 8D971D0A SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 60DE 969733DD 5 Bytes JMP 8D970FFE SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMulDiv + 4D3F 96979D2E 5 Bytes JMP 8D97114A SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBlt + 2B42 969841CC 5 Bytes JMP 8D9721BA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStrokePath + 5FF 969870B4 5 Bytes JMP 8D971016 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngNineGrid + 81C 969A54D5 5 Bytes JMP 8D971EFA SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngNineGrid + 6EC2 969ABB7B 5 Bytes JMP 8D971D54 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + B0F 969AF2EA 5 Bytes JMP 8D971E48 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!STROBJ_vEnumStart + 4728 969B6C09 5 Bytes JMP 8D971096 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + E80 969D51A4 5 Bytes JMP 8D971254 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!CLIPOBJ_bEnum + 248 969DAA22 5 Bytes JMP 8D9711AE SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 26D9 969DE55A 5 Bytes JMP 8D972070 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngLineTo + A0F 969FCA67 5 Bytes JMP 8D9711E4 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngLineTo + D229 96A09281 5 Bytes JMP 8D97128E SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization Driver/AVAST Software)

? C:UsersSteveAppDataLocalTempmbr.sys The system cannot find the file specified. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:Program FilesWindows DefenderMSASCui.exe[204] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8

.text C:Program FilesWindows DefenderMSASCui.exe[204] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC

.text C:Program FilesWindows DefenderMSASCui.exe[204] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000703FC

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00070600

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00071014

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00070804

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00070A08

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00070C0C

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00070E10

.text C:Program FilesWindows DefenderMSASCui.exe[204] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000701F8

.text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00080600

.text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00080804

.text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00080A08

.text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 000801F8

.text C:Program FilesWindows DefenderMSASCui.exe[204] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 000803FC

.text C:Program FilesAlwil SoftwareAvast5AvastUI.exe[212] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:WINDOWSSystem32hkcmd.exe[308] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8

.text C:WINDOWSSystem32hkcmd.exe[308] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC

.text C:WINDOWSSystem32hkcmd.exe[308] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00280600

.text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00280804

.text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00280A08

.text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 002801F8

.text C:WINDOWSSystem32hkcmd.exe[308] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 002803FC

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 002903FC

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00290600

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00291014

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00290804

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00290A08

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00290C0C

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00290E10

.text C:WINDOWSSystem32hkcmd.exe[308] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 002901F8

.text C:WINDOWSSystem32igfxpers.exe[432] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8

.text C:WINDOWSSystem32igfxpers.exe[432] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC

.text C:WINDOWSSystem32igfxpers.exe[432] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600

.text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804

.text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08

.text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8

.text C:WINDOWSSystem32igfxpers.exe[432] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001903FC

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00190600

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00191014

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00190804

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00190A08

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00190C0C

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00190E10

.text C:WINDOWSSystem32igfxpers.exe[432] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001901F8

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001601F8

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001603FC

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001703FC

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00170600

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00171014

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00170804

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00170A08

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00170C0C

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00170E10

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001701F8

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8

.text C:Program FilesCommon FilesJavaJava Updatejusched.exe[460] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] kernel32.dll!CreateThread + 1A 763FCB48 4 Bytes CALL 004553F1 C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe (Advanced SystemCare 5 Tray/IObit)

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00180600

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00180804

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00180A08

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001801F8

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001803FC

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001A03FC

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 001A0600

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 001A1014

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 001A0804

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 001A0A08

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 001A0C0C

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 001A0E10

.text C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe[476] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001A01F8

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 001501F8

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 001503FC

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00170600

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00170804

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00170A08

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001701F8

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001703FC

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001803FC

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00180600

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00181014

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00180804

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00180A08

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00180C0C

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00180E10

.text C:UsersSteveAppDataRoamingDropboxbinDropbox.exe[480] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001801F8

.text C:Windowssystem32csrss.exe[508] KERNEL32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32wininit.exe[552] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000301F8

.text C:Windowssystem32wininit.exe[552] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000303FC

.text C:Windowssystem32wininit.exe[552] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 001503FC

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00150600

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00151014

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00150804

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00150A08

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00150C0C

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00150E10

.text C:Windowssystem32wininit.exe[552] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 001501F8

.text C:Windowssystem32wininit.exe[552] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00160600

.text C:Windowssystem32wininit.exe[552] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00160804

.text C:Windowssystem32wininit.exe[552] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00160A08

.text C:Windowssystem32wininit.exe[552] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 001601F8

.text C:Windowssystem32wininit.exe[552] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 001603FC

.text C:Windowssystem32csrss.exe[560] KERNEL32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32winlogon.exe[592] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000301F8

.text C:Windowssystem32winlogon.exe[592] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000303FC

.text C:Windowssystem32winlogon.exe[592] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000503FC

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00050600

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00051014

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00050804

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00050A08

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00050C0C

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00050E10

.text C:Windowssystem32winlogon.exe[592] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000501F8

.text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00060600

.text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00060804

.text C:Windowssystem32winlogon.exe[592] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00060A08

.text C:Windowssystem32winlogon.exe[592] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 000601F8

.text C:Windowssystem32winlogon.exe[592] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 000603FC

.text C:Windowssystem32services.exe[640] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8

.text C:Windowssystem32services.exe[640] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC

.text C:Windowssystem32services.exe[640] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 005303FC

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00530600

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00531014

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00530804

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00530A08

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00530C0C

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00530E10

.text C:Windowssystem32services.exe[640] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 005301F8

.text C:Windowssystem32services.exe[640] USER32.dll!SetWindowsHookExA 764A6322 5 Bytes JMP 00540600

.text C:Windowssystem32services.exe[640] USER32.dll!SetWindowsHookExW 764A87AD 5 Bytes JMP 00540804

.text C:Windowssystem32services.exe[640] USER32.dll!UnhookWindowsHookEx 764A98DB 5 Bytes JMP 00540A08

.text C:Windowssystem32services.exe[640] USER32.dll!SetWinEventHook 764A9F3A 5 Bytes JMP 005401F8

.text C:Windowssystem32services.exe[640] USER32.dll!UnhookWinEvent 764AC06F 5 Bytes JMP 005403FC

.text C:Windowssystem32lsass.exe[652] ntdll.dll!LdrLoadDll 770893A8 5 Bytes JMP 000501F8

.text C:Windowssystem32lsass.exe[652] ntdll.dll!LdrUnloadDll 7709B740 5 Bytes JMP 000503FC

.text C:Windowssystem32lsass.exe[652] kernel32.dll!GetBinaryTypeW + 70 76402467 1 Byte [62]

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!CreateServiceW 76309EB4 5 Bytes JMP 000703FC

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!DeleteService 7630A07E 5 Bytes JMP 00070600

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 76346CD9 5 Bytes JMP 00071014

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigA 76346DD9 5 Bytes JMP 00070804

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigW 76346F81 5 Bytes JMP 00070A08

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 76347099 5 Bytes JMP 00070C0C

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 763471E1 5 Bytes JMP 00070E10

.text C:Windowssystem32lsass.exe[652] ADVAPI32.dll!CreateServiceA 763472A1 5 Bytes JMP 000701F8

.text C:Windowss

Share this post


Link to post
Share on other sites

Hello steverino

 

Thank you for the logs.

 

Lets proceed as follows:

  • IOBIT Products

  • We note you are using one or more products from IOBit (Advanced SystemCare 5).
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Windows Orb" and then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the ComboFix log in your next reply.

 

Share this post


Link to post
Share on other sites

Hello steverino

 

You mentioned in your PM to me that you are having problems posting on the forums. If you have access to another machine you can use it to post the required information into this thread (if you can use another machine, please let me know, and what operating system it is running on XP, Vista etc).

 

Please make sure that Combofix.exe is placed directly onto your desktop (at the moment the executable is located in your downloads folder).

 

You also mentioned that it looked as though all of your CPU and memory were being used. Please open Task Manager by right clicking on your system tray and let me know the names of the process (or processes) that are taking up all of the CPU.

  • aswMBR

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.

Posted Image

 

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

 

Please post the aswMBR log in your next reply, along with the process information.

 

Also, please let me know if you are experiencing any other symptoms besides the ones you have described (for example, browser redirects).

Share this post


Link to post
Share on other sites

hey i got in, here is the aswmbr

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-29 18:22:45

-----------------------------

18:22:45.151 OS Version: Windows 6.0.6002 Service Pack 2

18:22:45.151 Number of processors: 1 586 0xF0D

18:22:45.170 ComputerName: STEVE-PC UserName: Steve

18:23:02.612 Initialize success

18:23:04.273 AVAST engine defs: 11112902

18:24:00.198 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

18:24:00.200 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT0 12.01A12 Size: 152627MB BusType: 3

18:24:02.586 Disk 0 MBR read successfully

18:24:02.589 Disk 0 MBR scan

18:24:02.600 Disk 0 unknown MBR code

18:24:02.861 Disk 0 scanning sectors +312573952

18:24:03.499 Disk 0 scanning C:Windowssystem32drivers

18:26:18.623 Service scanning

18:26:27.266 Modules scanning

18:29:39.158 Disk 0 trace - called modules:

18:29:39.325 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys usbehci.sys HSX_CNXT.sys dxgkrnl.sys igdkmd32.sys ndis.sys athr.sys

18:29:39.329 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x85b36ac8]

18:29:39.334 3 CLASSPNP.SYS[880128b3] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0x84a0e030]

18:29:41.258 AVAST engine scan C:Windows

18:31:01.500 AVAST engine scan C:Windowssystem32

18:47:09.521 AVAST engine scan C:Windowssystem32drivers

18:47:48.737 AVAST engine scan C:UsersSteve

19:48:56.728 AVAST engine scan C:ProgramData

20:10:53.710 Scan finished successfully

20:28:49.828 Disk 0 MBR has been saved successfully to "C:UsersSteveDesktopMBR.dat"

20:28:49.851 The log file has been saved successfully to "C:UsersSteveDesktopaswMBR.txt"

Share this post


Link to post
Share on other sites

here is the combofix info

ComboFix 11-11-28.02 - Steve 11/28/2011 19:37:12.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.708 [GMT -5:00]

Running from: c:usersSteveDownloadsComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdatantuser.dat

c:usersSteveDocuments~WRL0011.tmp

c:usersSteveDocuments~WRL0887.tmp

c:usersSteveDocuments~WRL2284.tmp

c:usersSteveDocuments~WRL3258.tmp

c:usersSteveDocuments~WRL3450.tmp

c:usersSteveDocuments~WRL3930.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))

.

.

2011-11-25 15:25 . 2011-11-25 15:25 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{C1772321-549E-4321-9143-7E645C33495E}offreg.dll

2011-11-25 15:25 . 2011-10-07 03:48 6668624 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{C1772321-549E-4321-9143-7E645C33495E}mpengine.dll

2011-11-24 00:12 . 2011-10-20 03:16 20312 ----a-w- c:windowssystem32RegistryDefragBootTime.exe

2011-11-23 23:31 . 2011-11-23 23:31 388096 ----a-r- c:usersSteveAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2011-11-23 23:31 . 2011-11-23 23:31 -------- d-----w- c:program filesTrend Micro

2011-11-09 14:03 . 2011-09-20 21:02 905088 ----a-w- c:windowssystem32driverstcpip.sys

2011-11-09 14:03 . 2011-10-17 11:41 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat

2011-11-09 14:03 . 2011-09-30 15:57 707584 ----a-w- c:program filesCommon FilesSystemwab32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:windowssystem32QuickTime.qts

2011-10-22 20:52 . 2011-05-29 00:16 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-09-06 20:45 . 2010-06-30 02:47 41184 ----a-w- c:windowsavastSS.scr

2011-09-06 20:45 . 2010-03-22 23:37 199304 ----a-w- c:windowssystem32aswBoot.exe

2011-09-06 20:38 . 2011-04-02 14:10 442200 ----a-w- c:windowssystem32driversaswSnx.sys

2011-09-06 20:37 . 2010-03-22 23:38 320856 ----a-w- c:windowssystem32driversaswSP.sys

2011-09-06 20:36 . 2010-03-22 23:38 34392 ----a-w- c:windowssystem32driversaswRdr.sys

2011-09-06 20:36 . 2010-03-22 23:38 52568 ----a-w- c:windowssystem32driversaswTdi.sys

2011-09-06 20:36 . 2010-03-22 23:38 54616 ----a-w- c:windowssystem32driversaswMonFlt.sys

2011-09-06 20:36 . 2010-03-22 23:38 20568 ----a-w- c:windowssystem32driversaswFsBlk.sys

2011-09-06 13:30 . 2011-10-12 00:31 2043392 ----a-w- c:windowssystem32win32k.sys

2011-09-01 02:35 . 2011-10-12 00:53 1798144 ----a-w- c:windowssystem32jscript9.dll

2011-09-01 02:28 . 2011-10-12 00:53 1126912 ----a-w- c:windowssystem32wininet.dll

2011-09-01 02:22 . 2011-10-12 00:53 2382848 ----a-w- c:windowssystem32mshtml.tlb

2011-08-31 22:00 . 2010-03-22 23:38 22216 ----a-w- c:windowssystem32driversmbam.sys

2011-09-11 18:47 . 2011-04-08 00:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:program filesAlwil SoftwareAvast5ashShell.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersSteveAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Advanced SystemCare 5"="c:program filesIObitAdvanced SystemCare 5ASCTray.exe" [2011-11-12 1647448]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1049896]

"avast"="c:program filesAlwil SoftwareAvast5avastUI.exe" [2011-09-06 3722416]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-11 137752]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-02-11 171032]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-02-11 172568]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-04-08 254696]

"IJNetworkScanUtility"="c:program filesCanonCanon IJ Network Scan UtilityCNMNSUT.exe" [2010-08-23 206240]

.

c:usersSteveAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dropbox.lnk - c:usersSteveAppDataRoamingDropboxbinDropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:programdataMicrosoftWindowsStart MenuProgramsStartupMicrosoft Office.lnk

backup=c:windowspssMicrosoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM~startupfolderC:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DeskNotes.lnk]

path=c:usersSteveAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDeskNotes.lnk

backup=c:windowspssDeskNotes.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]

2011-06-06 16:55 937920 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2011-09-27 12:22 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Health Check Scheduler]

2008-10-09 11:58 75008 ----a-w- c:program filesHewlett-PackardHP Health CheckHPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHP Software Update]

2007-05-08 23:24 54840 ----a-w- c:program filesHPHP Software UpdatehpwuSchd2.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreghpWirelessAssistant]

2008-04-15 21:51 488752 ----a-w- c:program filesHewlett-PackardHP Wireless AssistantHPWAMain.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQlbCtrl.exe]

2008-05-12 22:10 202032 ----a-w- c:program filesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQPService]

2008-06-12 05:17 468264 ----a-w- c:program filesHPQuickPlayQPService.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2011-10-24 19:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregShowBatteryBar]

2009-05-28 21:02 90624 ----a-w- c:program filesBatteryBarShowBatteryBar.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:program filesWindows Media Playerwmpnscfg.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-3817289807-4157103151-2040133039-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsMicrosoft.NETFrameworkv4.0.30319WPFWPFFontCache_v0400.exe [2010-03-18 753504]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2011-06-06 64952]

R4 Com4QLBEx;Com4QLBEx;c:program filesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2008-04-03 193840]

R4 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 133104]

R4 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 133104]

R4 Recovery Service for Windows;Recovery Service for Windows;c:windowsSMINSTBLService.exe [2008-04-26 361808]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesViewpointCommonViewpointService.exe [2007-01-04 24652]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program filesIObitAdvanced SystemCare 5ASCService.exe [2011-11-11 490840]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2011-09-06 54616]

S2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2008-06-30 112128]

S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2008-01-21 16896]

S3 WSDScan;WSD Scan Support via UMB;c:windowssystem32DRIVERSWSDScan.sys [2009-04-11 19968]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - UGLOYPOB

*Deregistered* - ugloypob

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-28 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 23:39]

.

2011-11-29 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-22 23:39]

.

2011-11-27 c:windowsTasksHPCeeScheduleForSteve.job

- c:program fileshewlett-packardsdpceementHPCEE.exe [2008-07-26 03:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office10EXCEL.EXE/3000

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:usersSteveAppDataRoamingMozillaFirefoxProfilesboipdrpz.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adobe Reader Speed Launcher - c:program filesAdobeReader 8.0ReaderReader_sl.exe

MSConfigStartUp-Advanced SystemCare 4 - c:program filesIObitAdvanced SystemCare 4ASCTray.exe

MSConfigStartUp-ccApp - c:program filesCommon FilesSymantec SharedccApp.exe

MSConfigStartUp-hpqSRMon - c:program filesHPDigital ImagingbinhpqSRMon.exe

MSConfigStartUp-isCfgWiz - c:program filesCommon FilesSymantec SharedOPC{C86EA115-FACD-4aa8-BFA2-398C677D0936}SYMCUW.exe

MSConfigStartUp-Messenger (Yahoo!) - c:progra~1Yahoo!MessengerYahooMessenger.exe

MSConfigStartUp-PocketCloud Location - c:program filesWysePocketCloud Windows CompanionWyseBrowser.exe

MSConfigStartUp-tvncontrol - c:program filesTightVNCtvnserver.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-11-28 19:52:56

ComboFix-quarantined-files.txt 2011-11-29 00:52

.

Pre-Run: 93,808,500,736 bytes free

Post-Run: 93,656,817,664 bytes free

.

- - End Of File - - F5B095AE03FA02F80C7386CED767104D

Share this post


Link to post
Share on other sites

TDSS:

20:27:22.0660 4256 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

20:27:22.0837 4256 ============================================================

20:27:22.0837 4256 Current date / time: 2011/12/01 20:27:22.0837

20:27:22.0837 4256 SystemInfo:

20:27:22.0837 4256

20:27:22.0837 4256 OS Version: 6.0.6002 ServicePack: 2.0

20:27:22.0837 4256 Product type: Workstation

20:27:22.0838 4256 ComputerName: STEVE-PC

20:27:22.0838 4256 UserName: Steve

20:27:22.0838 4256 Windows directory: C:Windows

20:27:22.0838 4256 System windows directory: C:Windows

20:27:22.0838 4256 Processor architecture: Intel x86

20:27:22.0838 4256 Number of processors: 1

20:27:22.0838 4256 Page size: 0x1000

20:27:22.0838 4256 Boot type: Normal boot

20:27:22.0838 4256 ============================================================

20:27:24.0268 4256 Initialize success

20:27:37.0256 4736 ============================================================

20:27:37.0256 4736 Scan started

20:27:37.0256 4736 Mode: Manual;

20:27:37.0256 4736 ============================================================

20:27:39.0084 4736 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:Windowssystem32driversacpi.sys

20:27:39.0091 4736 ACPI - ok

20:27:39.0139 4736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:Windowssystem32driversadp94xx.sys

20:27:39.0150 4736 adp94xx - ok

20:27:39.0175 4736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:Windowssystem32driversadpahci.sys

20:27:39.0185 4736 adpahci - ok

20:27:39.0200 4736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:Windowssystem32driversadpu160m.sys

20:27:39.0203 4736 adpu160m - ok

20:27:39.0220 4736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:Windowssystem32driversadpu320.sys

20:27:39.0223 4736 adpu320 - ok

20:27:39.0311 4736 AFD (3911b972b55fea0478476b2e777b29fa) C:Windowssystem32driversafd.sys

20:27:39.0317 4736 AFD - ok

20:27:39.0343 4736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:Windowssystem32driversagp440.sys

20:27:39.0346 4736 agp440 - ok

20:27:39.0358 4736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:Windowssystem32driversdjsvs.sys

20:27:39.0361 4736 aic78xx - ok

20:27:39.0380 4736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:Windowssystem32driversaliide.sys

20:27:39.0384 4736 aliide - ok

20:27:39.0404 4736 amdagp (c47344bc706e5f0b9dce369516661578) C:Windowssystem32driversamdagp.sys

20:27:39.0407 4736 amdagp - ok

20:27:39.0422 4736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:Windowssystem32driversamdide.sys

20:27:39.0423 4736 amdide - ok

20:27:39.0445 4736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:Windowssystem32driversamdk7.sys

20:27:39.0447 4736 AmdK7 - ok

20:27:39.0468 4736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:Windowssystem32DRIVERSamdk8.sys

20:27:39.0471 4736 AmdK8 - ok

20:27:39.0497 4736 arc (5d2888182fb46632511acee92fdad522) C:Windowssystem32driversarc.sys

20:27:39.0502 4736 arc - ok

20:27:39.0531 4736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:Windowssystem32driversarcsas.sys

20:27:39.0537 4736 arcsas - ok

20:27:39.0586 4736 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:Windowssystem32driversaswFsBlk.sys

20:27:39.0588 4736 aswFsBlk - ok

20:27:39.0607 4736 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:Windowssystem32driversaswMonFlt.sys

20:27:39.0609 4736 aswMonFlt - ok

20:27:39.0636 4736 aswRdr (36239e24470a3dd81fae37510953cc6c) C:Windowssystem32driversaswRdr.sys

20:27:39.0638 4736 aswRdr - ok

20:27:39.0664 4736 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:Windowssystem32driversaswSnx.sys

20:27:39.0686 4736 aswSnx - ok

20:27:39.0716 4736 aswSP (748ae7f2d7da33adb063fe05704a9969) C:Windowssystem32driversaswSP.sys

20:27:39.0726 4736 aswSP - ok

20:27:39.0744 4736 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:Windowssystem32driversaswTdi.sys

20:27:39.0746 4736 aswTdi - ok

20:27:39.0776 4736 AsyncMac (53b202abee6455406254444303e87be1) C:Windowssystem32DRIVERSasyncmac.sys

20:27:39.0777 4736 AsyncMac - ok

20:27:39.0817 4736 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:Windowssystem32driversatapi.sys

20:27:39.0820 4736 atapi - ok

20:27:39.0889 4736 athr (600efe56f37adbd65a0fb076b50d1b8d) C:Windowssystem32DRIVERSathr.sys

20:27:39.0910 4736 athr - ok

20:27:39.0960 4736 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:Windowssystem32DRIVERSbcmwl6.sys

20:27:39.0980 4736 BCM43XV - ok

20:27:40.0005 4736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:Windowssystem32driversBeep.sys

20:27:40.0006 4736 Beep - ok

20:27:40.0056 4736 blbdrive (d4df28447741fd3d953526e33a617397) C:Windowssystem32driversblbdrive.sys

20:27:40.0058 4736 blbdrive - ok

20:27:40.0121 4736 bowser (35f376253f687bde63976ccb3f2108ca) C:Windowssystem32DRIVERSbowser.sys

20:27:40.0124 4736 bowser - ok

20:27:40.0144 4736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:Windowssystem32driversbrfiltlo.sys

20:27:40.0146 4736 BrFiltLo - ok

20:27:40.0173 4736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:Windowssystem32driversbrfiltup.sys

20:27:40.0174 4736 BrFiltUp - ok

20:27:40.0207 4736 Brserid (b304e75cff293029eddf094246747113) C:Windowssystem32driversbrserid.sys

20:27:40.0209 4736 Brserid - ok

20:27:40.0230 4736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:Windowssystem32driversbrserwdm.sys

20:27:40.0233 4736 BrSerWdm - ok

20:27:40.0258 4736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:Windowssystem32driversbrusbmdm.sys

20:27:40.0259 4736 BrUsbMdm - ok

20:27:40.0279 4736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:Windowssystem32driversbrusbser.sys

20:27:40.0281 4736 BrUsbSer - ok

20:27:40.0303 4736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:Windowssystem32driversbthmodem.sys

20:27:40.0308 4736 BTHMODEM - ok

20:27:40.0441 4736 catchme - ok

20:27:40.0473 4736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:Windowssystem32DRIVERScdfs.sys

20:27:40.0476 4736 cdfs - ok

20:27:40.0510 4736 cdrom (6b4bffb9becd728097024276430db314) C:Windowssystem32DRIVERScdrom.sys

20:27:40.0513 4736 cdrom - ok

20:27:40.0548 4736 circlass (e5d4133f37219dbcfe102bc61072589d) C:Windowssystem32driverscirclass.sys

20:27:40.0550 4736 circlass - ok

20:27:40.0588 4736 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:Windowssystem32CLFS.sys

20:27:40.0596 4736 CLFS - ok

20:27:40.0627 4736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:Windowssystem32DRIVERSCmBatt.sys

20:27:40.0628 4736 CmBatt - ok

20:27:40.0651 4736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:Windowssystem32driverscmdide.sys

20:27:40.0653 4736 cmdide - ok

20:27:40.0683 4736 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:Windowssystem32driversCHDRT32.sys

20:27:40.0688 4736 CnxtHdAudService - ok

20:27:40.0721 4736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:Windowssystem32DRIVERScompbatt.sys

20:27:40.0723 4736 Compbatt - ok

20:27:40.0744 4736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:Windowssystem32driverscrcdisk.sys

20:27:40.0746 4736 crcdisk - ok

20:27:40.0777 4736 Crusoe (1f07becdca750766a96cda811ba86410) C:Windowssystem32driverscrusoe.sys

20:27:40.0779 4736 Crusoe - ok

20:27:40.0867 4736 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:Windowssystem32Driversdfsc.sys

20:27:40.0869 4736 DfsC - ok

20:27:40.0933 4736 disk (5d4aefc3386920236a548271f8f1af6a) C:Windowssystem32driversdisk.sys

20:27:40.0935 4736 disk - ok

20:27:40.0968 4736 drmkaud (97fef831ab90bee128c9af390e243f80) C:Windowssystem32driversdrmkaud.sys

20:27:40.0969 4736 drmkaud - ok

20:27:41.0035 4736 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:WindowsSystem32driversdxgkrnl.sys

20:27:41.0058 4736 DXGKrnl - ok

20:27:41.0082 4736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:Windowssystem32DRIVERSE1G60I32.sys

20:27:41.0086 4736 E1G60 - ok

20:27:41.0149 4736 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:Windowssystem32driversecache.sys

20:27:41.0153 4736 Ecache - ok

20:27:41.0173 4736 elxstor (23b62471681a124889978f6295b3f4c6) C:Windowssystem32driverselxstor.sys

20:27:41.0183 4736 elxstor - ok

20:27:41.0230 4736 ErrDev (3db974f3935483555d7148663f726c61) C:Windowssystem32driverserrdev.sys

20:27:41.0231 4736 ErrDev - ok

20:27:41.0275 4736 exfat (22b408651f9123527bcee54b4f6c5cae) C:Windowssystem32driversexfat.sys

20:27:41.0281 4736 exfat - ok

20:27:41.0320 4736 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:Windowssystem32driversfastfat.sys

20:27:41.0324 4736 fastfat - ok

20:27:41.0349 4736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:Windowssystem32DRIVERSfdc.sys

20:27:41.0351 4736 fdc - ok

20:27:41.0386 4736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:Windowssystem32driversfileinfo.sys

20:27:41.0388 4736 FileInfo - ok

20:27:41.0408 4736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:Windowssystem32driversfiletrace.sys

20:27:41.0410 4736 Filetrace - ok

20:27:41.0440 4736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:Windowssystem32DRIVERSflpydisk.sys

20:27:41.0441 4736 flpydisk - ok

20:27:41.0477 4736 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:Windowssystem32driversfltmgr.sys

20:27:41.0483 4736 FltMgr - ok

20:27:41.0515 4736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:Windowssystem32driversFs_Rec.sys

20:27:41.0516 4736 Fs_Rec - ok

20:27:41.0548 4736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:Windowssystem32driversgagp30kx.sys

20:27:41.0551 4736 gagp30kx - ok

20:27:41.0617 4736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:Windowssystem32driversHdAudio.sys

20:27:41.0622 4736 HdAudAddService - ok

20:27:41.0695 4736 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:Windowssystem32DRIVERSHDAudBus.sys

20:27:41.0816 4736 HDAudBus - ok

20:27:41.0950 4736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:Windowssystem32drivershidbth.sys

20:27:41.0952 4736 HidBth - ok

20:27:41.0978 4736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:Windowssystem32drivershidir.sys

20:27:41.0980 4736 HidIr - ok

20:27:42.0019 4736 HidUsb (854ca287ab7faf949617a788306d967e) C:Windowssystem32DRIVERShidusb.sys

20:27:42.0020 4736 HidUsb - ok

20:27:42.0047 4736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:Windowssystem32drivershpcisss.sys

20:27:42.0049 4736 HpCISSs - ok

20:27:42.0084 4736 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:Windowssystem32DRIVERSHpqKbFiltr.sys

20:27:42.0093 4736 HpqKbFiltr - ok

20:27:42.0171 4736 HSFHWAZL (46d67209550973257601a533e2ac5785) C:Windowssystem32DRIVERSVSTAZL3.SYS

20:27:42.0176 4736 HSFHWAZL - ok

20:27:42.0275 4736 HSF_DPV (cc267848cb3508e72762be65734e764d) C:Windowssystem32DRIVERSHSX_DPV.sys

20:27:42.0309 4736 HSF_DPV - ok

20:27:42.0341 4736 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:Windowssystem32DRIVERSHSXHWAZL.sys

20:27:42.0346 4736 HSXHWAZL - ok

20:27:42.0393 4736 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:Windowssystem32driversHTTP.sys

20:27:42.0405 4736 HTTP - ok

20:27:42.0434 4736 i2omp (c6b032d69650985468160fc9937cf5b4) C:Windowssystem32driversi2omp.sys

20:27:42.0439 4736 i2omp - ok

20:27:42.0457 4736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:Windowssystem32DRIVERSi8042prt.sys

20:27:42.0460 4736 i8042prt - ok

20:27:42.0490 4736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:Windowssystem32driversiastorv.sys

20:27:42.0496 4736 iaStorV - ok

20:27:42.0771 4736 igfx (dce0b53570703cce580d066f89ef58cd) C:Windowssystem32DRIVERSigdkmd32.sys

20:27:42.0982 4736 igfx - ok

20:27:43.0028 4736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:Windowssystem32driversiirsp.sys

20:27:43.0030 4736 iirsp - ok

20:27:43.0088 4736 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:Windowssystem32driversIntcHdmi.sys

20:27:43.0095 4736 IntcHdmiAddService - ok

20:27:43.0125 4736 intelide (83aa759f3189e6370c30de5dc5590718) C:Windowssystem32driversintelide.sys

20:27:43.0127 4736 intelide - ok

20:27:43.0152 4736 intelppm (224191001e78c89dfa78924c3ea595ff) C:Windowssystem32DRIVERSintelppm.sys

20:27:43.0155 4736 intelppm - ok

20:27:43.0208 4736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:Windowssystem32DRIVERSipfltdrv.sys

20:27:43.0211 4736 IpFilterDriver - ok

20:27:43.0238 4736 IpInIp - ok

20:27:43.0270 4736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:Windowssystem32driversipmidrv.sys

20:27:43.0272 4736 IPMIDRV - ok

20:27:43.0312 4736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:Windowssystem32DRIVERSipnat.sys

20:27:43.0315 4736 IPNAT - ok

20:27:43.0356 4736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:Windowssystem32driversirenum.sys

20:27:43.0360 4736 IRENUM - ok

20:27:43.0404 4736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:Windowssystem32driversisapnp.sys

20:27:43.0406 4736 isapnp - ok

20:27:43.0473 4736 iScsiPrt (232fa340531d940aac623b121a595034) C:Windowssystem32DRIVERSmsiscsi.sys

20:27:43.0479 4736 iScsiPrt - ok

20:27:43.0513 4736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:Windowssystem32driversiteatapi.sys

20:27:43.0515 4736 iteatapi - ok

20:27:43.0545 4736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:Windowssystem32driversiteraid.sys

20:27:43.0547 4736 iteraid - ok

20:27:43.0582 4736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:Windowssystem32DRIVERSkbdclass.sys

20:27:43.0584 4736 kbdclass - ok

20:27:43.0614 4736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:Windowssystem32DRIVERSkbdhid.sys

20:27:43.0615 4736 kbdhid - ok

20:27:43.0669 4736 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:Windowssystem32Driversksecdd.sys

20:27:43.0677 4736 KSecDD - ok

20:27:43.0733 4736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:Windowssystem32DRIVERSlltdio.sys

20:27:43.0735 4736 lltdio - ok

20:27:43.0781 4736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:Windowssystem32driverslsi_fc.sys

20:27:43.0784 4736 LSI_FC - ok

20:27:43.0819 4736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:Windowssystem32driverslsi_sas.sys

20:27:43.0822 4736 LSI_SAS - ok

20:27:43.0849 4736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:Windowssystem32driverslsi_scsi.sys

20:27:43.0852 4736 LSI_SCSI - ok

20:27:43.0876 4736 luafv (8f5c7426567798e62a3b3614965d62cc) C:Windowssystem32driversluafv.sys

20:27:43.0882 4736 luafv - ok

20:27:43.0939 4736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:Windowssystem32DRIVERSmdmxsdk.sys

20:27:43.0940 4736 mdmxsdk - ok

20:27:43.0978 4736 megasas (0001ce609d66632fa17b84705f658879) C:Windowssystem32driversmegasas.sys

20:27:43.0986 4736 megasas - ok

20:27:44.0035 4736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:Windowssystem32driversmegasr.sys

20:27:44.0056 4736 MegaSR - ok

20:27:44.0104 4736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:Windowssystem32driversmodem.sys

20:27:44.0106 4736 Modem - ok

20:27:44.0152 4736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:Windowssystem32DRIVERSmonitor.sys

20:27:44.0153 4736 monitor - ok

20:27:44.0184 4736 mouclass (5bf6a1326a335c5298477754a506d263) C:Windowssystem32DRIVERSmouclass.sys

20:27:44.0186 4736 mouclass - ok

20:27:44.0220 4736 mouhid (93b8d4869e12cfbe663915502900876f) C:Windowssystem32DRIVERSmouhid.sys

20:27:44.0221 4736 mouhid - ok

20:27:44.0251 4736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:Windowssystem32driversmountmgr.sys

20:27:44.0253 4736 MountMgr - ok

20:27:44.0276 4736 mpio (511d011289755dd9f9a7579fb0b064e6) C:Windowssystem32driversmpio.sys

20:27:44.0279 4736 mpio - ok

20:27:44.0309 4736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:Windowssystem32driversmpsdrv.sys

20:27:44.0312 4736 mpsdrv - ok

20:27:44.0347 4736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:Windowssystem32driversmraid35x.sys

20:27:44.0352 4736 Mraid35x - ok

20:27:44.0392 4736 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:Windowssystem32driversmrxdav.sys

20:27:44.0396 4736 MRxDAV - ok

20:27:44.0463 4736 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:Windowssystem32DRIVERSmrxsmb.sys

20:27:44.0466 4736 mrxsmb - ok

20:27:44.0537 4736 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:Windowssystem32DRIVERSmrxsmb10.sys

20:27:44.0547 4736 mrxsmb10 - ok

20:27:44.0592 4736 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:Windowssystem32DRIVERSmrxsmb20.sys

20:27:44.0595 4736 mrxsmb20 - ok

20:27:44.0652 4736 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:Windowssystem32driversmsahci.sys

20:27:44.0653 4736 msahci - ok

20:27:44.0696 4736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:Windowssystem32driversmsdsm.sys

20:27:44.0699 4736 msdsm - ok

20:27:44.0759 4736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:Windowssystem32driversMsfs.sys

20:27:44.0761 4736 Msfs - ok

20:27:44.0791 4736 msisadrv (0f400e306f385c56317357d6dea56f62) C:Windowssystem32driversmsisadrv.sys

20:27:44.0793 4736 msisadrv - ok

20:27:44.0878 4736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:Windowssystem32driversMSKSSRV.sys

20:27:44.0879 4736 MSKSSRV - ok

20:27:44.0912 4736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:Windowssystem32driversMSPCLOCK.sys

20:27:44.0913 4736 MSPCLOCK - ok

20:27:44.0945 4736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:Windowssystem32driversMSPQM.sys

20:27:44.0947 4736 MSPQM - ok

20:27:44.0989 4736 MsRPC (b49456d70555de905c311bcda6ec6adb) C:Windowssystem32driversMsRPC.sys

20:27:44.0993 4736 MsRPC - ok

20:27:45.0034 4736 mssmbios (e384487cb84be41d09711c30ca79646c) C:Windowssystem32DRIVERSmssmbios.sys

20:27:45.0039 4736 mssmbios - ok

20:27:45.0074 4736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:Windowssystem32driversMSTEE.sys

20:27:45.0076 4736 MSTEE - ok

20:27:45.0131 4736 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:Windowssystem32Driversmup.sys

20:27:45.0133 4736 Mup - ok

20:27:45.0185 4736 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:Windowssystem32DRIVERSnwifi.sys

20:27:45.0192 4736 NativeWifiP - ok

20:27:45.0241 4736 NDIS (1357274d1883f68300aeadd15d7bbb42) C:Windowssystem32driversndis.sys

20:27:45.0259 4736 NDIS - ok

20:27:45.0290 4736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:Windowssystem32DRIVERSndistapi.sys

20:27:45.0292 4736 NdisTapi - ok

20:27:45.0317 4736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:Windowssystem32DRIVERSndisuio.sys

20:27:45.0318 4736 Ndisuio - ok

20:27:45.0352 4736 NdisWan (818f648618ae34f729fdb47ec68345c3) C:Windowssystem32DRIVERSndiswan.sys

20:27:45.0359 4736 NdisWan - ok

20:27:45.0391 4736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:Windowssystem32driversNDProxy.sys

20:27:45.0394 4736 NDProxy - ok

20:27:45.0418 4736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:Windowssystem32DRIVERSnetbios.sys

20:27:45.0424 4736 NetBIOS - ok

20:27:45.0481 4736 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:Windowssystem32DRIVERSnetbt.sys

20:27:45.0486 4736 netbt - ok

20:27:45.0558 4736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:Windowssystem32driversnfrd960.sys

20:27:45.0561 4736 nfrd960 - ok

20:27:45.0602 4736 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:Windowssystem32driversNpfs.sys

20:27:45.0604 4736 Npfs - ok

20:27:45.0634 4736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:Windowssystem32driversnsiproxy.sys

20:27:45.0636 4736 nsiproxy - ok

20:27:45.0712 4736 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:Windowssystem32driversNtfs.sys

20:27:45.0748 4736 Ntfs - ok

20:27:45.0776 4736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:Windowssystem32driversntrigdigi.sys

20:27:45.0778 4736 ntrigdigi - ok

20:27:45.0818 4736 Null (c5dbbcda07d780bda9b685df333bb41e) C:Windowssystem32driversNull.sys

20:27:45.0820 4736 Null - ok

20:27:45.0870 4736 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:Windowssystem32DRIVERSnvm60x32.sys

20:27:45.0879 4736 NVENETFD - ok

20:27:45.0903 4736 nvraid (2edf9e7751554b42cbb60116de727101) C:Windowssystem32driversnvraid.sys

20:27:45.0906 4736 nvraid - ok

20:27:45.0947 4736 nvstor (abed0c09758d1d97db0042dbb2688177) C:Windowssystem32driversnvstor.sys

20:27:45.0949 4736 nvstor - ok

20:27:45.0984 4736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:Windowssystem32driversnv_agp.sys

20:27:45.0988 4736 nv_agp - ok

20:27:46.0005 4736 NwlnkFlt - ok

20:27:46.0029 4736 NwlnkFwd - ok

20:27:46.0062 4736 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:Windowssystem32driversohci1394.sys

20:27:46.0065 4736 ohci1394 - ok

20:27:46.0121 4736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:Windowssystem32driversparport.sys

20:27:46.0124 4736 Parport - ok

20:27:46.0156 4736 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:Windowssystem32driverspartmgr.sys

20:27:46.0162 4736 partmgr - ok

20:27:46.0200 4736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:Windowssystem32driversparvdm.sys

20:27:46.0202 4736 Parvdm - ok

20:27:46.0257 4736 pci (941dc1d19e7e8620f40bbc206981efdb) C:Windowssystem32driverspci.sys

20:27:46.0265 4736 pci - ok

20:27:46.0292 4736 pciide (fc175f5ddab666d7f4d17449a547626f) C:Windowssystem32driverspciide.sys

20:27:46.0298 4736 pciide - ok

20:27:46.0336 4736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:Windowssystem32driverspcmcia.sys

20:27:46.0340 4736 pcmcia - ok

20:27:46.0393 4736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:Windowssystem32driverspeauth.sys

20:27:46.0414 4736 PEAUTH - ok

20:27:46.0533 4736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:Windowssystem32DRIVERSraspptp.sys

20:27:46.0535 4736 PptpMiniport - ok

20:27:46.0569 4736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:Windowssystem32driversprocessr.sys

20:27:46.0571 4736 Processor - ok

20:27:46.0640 4736 PSched (99514faa8df93d34b5589187db3aa0ba) C:Windowssystem32DRIVERSpacer.sys

20:27:46.0643 4736 PSched - ok

20:27:46.0703 4736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:Windowssystem32driversql2300.sys

20:27:46.0752 4736 ql2300 - ok

20:27:46.0776 4736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:Windowssystem32driversql40xx.sys

20:27:46.0778 4736 ql40xx - ok

20:27:46.0851 4736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:Windowssystem32driversqwavedrv.sys

20:27:46.0852 4736 QWAVEdrv - ok

20:27:46.0904 4736 RasAcd (147d7f9c556d259924351feb0de606c3) C:Windowssystem32DRIVERSrasacd.sys

20:27:46.0906 4736 RasAcd - ok

20:27:46.0957 4736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:Windowssystem32DRIVERSrasl2tp.sys

20:27:46.0960 4736 Rasl2tp - ok

20:27:47.0078 4736 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:Windowssystem32DRIVERSraspppoe.sys

20:27:47.0119 4736 RasPppoe - ok

20:27:47.0225 4736 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:Windowssystem32DRIVERSrassstp.sys

20:27:47.0227 4736 RasSstp - ok

20:27:47.0275 4736 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:Windowssystem32DRIVERSrdbss.sys

20:27:47.0280 4736 rdbss - ok

20:27:47.0308 4736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:Windowssystem32DRIVERSRDPCDD.sys

20:27:47.0310 4736 RDPCDD - ok

20:27:47.0360 4736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:Windowssystem32driversrdpdr.sys

20:27:47.0365 4736 rdpdr - ok

20:27:47.0387 4736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:Windowssystem32driversrdpencdd.sys

20:27:47.0389 4736 RDPENCDD - ok

20:27:47.0429 4736 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:Windowssystem32driversRDPWD.sys

20:27:47.0433 4736 RDPWD - ok

20:27:47.0503 4736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:Windowssystem32DRIVERSrspndr.sys

20:27:47.0507 4736 rspndr - ok

20:27:47.0556 4736 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:Windowssystem32DRIVERSRtlh86.sys

20:27:47.0558 4736 RTL8169 - ok

20:27:47.0601 4736 sbp2port (3ce8f073a557e172b330109436984e30) C:Windowssystem32driverssbp2port.sys

20:27:47.0607 4736 sbp2port - ok

20:27:47.0663 4736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:Windowssystem32driverssecdrv.sys

20:27:47.0665 4736 secdrv - ok

20:27:47.0713 4736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:Windowssystem32driversserenum.sys

20:27:47.0715 4736 Serenum - ok

20:27:47.0748 4736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:Windowssystem32driversserial.sys

20:27:47.0751 4736 Serial - ok

20:27:47.0781 4736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:Windowssystem32driverssermouse.sys

20:27:47.0783 4736 sermouse - ok

20:27:47.0840 4736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:Windowssystem32driverssffdisk.sys

20:27:47.0842 4736 sffdisk - ok

20:27:47.0908 4736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:Windowssystem32driverssffp_mmc.sys

20:27:47.0910 4736 sffp_mmc - ok

20:27:47.0940 4736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:Windowssystem32driverssffp_sd.sys

20:27:47.0942 4736 sffp_sd - ok

20:27:47.0977 4736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:Windowssystem32driverssfloppy.sys

20:27:47.0978 4736 sfloppy - ok

20:27:48.0043 4736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:Windowssystem32driverssisagp.sys

20:27:48.0049 4736 sisagp - ok

20:27:48.0094 4736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:Windowssystem32driverssisraid2.sys

20:27:48.0099 4736 SiSRaid2 - ok

20:27:48.0130 4736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:Windowssystem32driverssisraid4.sys

20:27:48.0133 4736 SiSRaid4 - ok

20:27:48.0208 4736 Smb (7b75299a4d201d6a6533603d6914ab04) C:Windowssystem32DRIVERSsmb.sys

20:27:48.0211 4736 Smb - ok

20:27:48.0267 4736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:Windowssystem32driversspldr.sys

20:27:48.0269 4736 spldr - ok

20:27:48.0342 4736 srv (41987f9fc0e61adf54f581e15029ad91) C:Windowssystem32DRIVERSsrv.sys

20:27:48.0352 4736 srv - ok

20:27:48.0394 4736 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:Windowssystem32DRIVERSsrv2.sys

20:27:48.0398 4736 srv2 - ok

20:27:48.0450 4736 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:Windowssystem32DRIVERSsrvnet.sys

20:27:48.0453 4736 srvnet - ok

20:27:48.0511 4736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:Windowssystem32DRIVERSswenum.sys

20:27:48.0514 4736 swenum - ok

20:27:48.0555 4736 Symc8xx (192aa3ac01df071b541094f251deed10) C:Windowssystem32driverssymc8xx.sys

20:27:48.0557 4736 Symc8xx - ok

20:27:48.0594 4736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:Windowssystem32driverssym_hi.sys

20:27:48.0596 4736 Sym_hi - ok

20:27:48.0629 4736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:Windowssystem32driverssym_u3.sys

20:27:48.0631 4736 Sym_u3 - ok

20:27:48.0664 4736 SynTP (00b19f27858f56181edb58b71a7c67a0) C:Windowssystem32DRIVERSSynTP.sys

20:27:48.0669 4736 SynTP - ok

20:27:48.0763 4736 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:Windowssystem32driverstcpip.sys

20:27:48.0784 4736 Tcpip - ok

20:27:48.0823 4736 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:Windowssystem32DRIVERStcpip.sys

20:27:48.0832 4736 Tcpip6 - ok

20:27:48.0891 4736 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:Windowssystem32driverstcpipreg.sys

20:27:48.0896 4736 tcpipreg - ok

20:27:48.0924 4736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:Windowssystem32driverstdpipe.sys

20:27:48.0926 4736 TDPIPE - ok

20:27:48.0969 4736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:Windowssystem32driverstdtcp.sys

20:27:48.0971 4736 TDTCP - ok

20:27:49.0015 4736 tdx (76b06eb8a01fc8624d699e7045303e54) C:Windowssystem32DRIVERStdx.sys

20:27:49.0017 4736 tdx - ok

20:27:49.0060 4736 TermDD (3cad38910468eab9a6479e2f01db43c7) C:Windowssystem32DRIVERStermdd.sys

20:27:49.0066 4736 TermDD - ok

20:27:49.0159 4736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:Windowssystem32DRIVERStssecsrv.sys

20:27:49.0161 4736 tssecsrv - ok

20:27:49.0198 4736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:Windowssystem32DRIVERStunmp.sys

20:27:49.0200 4736 tunmp - ok

20:27:49.0241 4736 tunnel (300db877ac094feab0be7688c3454a9c) C:Windowssystem32DRIVERStunnel.sys

20:27:49.0242 4736 tunnel - ok

20:27:49.0275 4736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:Windowssystem32driversuagp35.sys

20:27:49.0278 4736 uagp35 - ok

20:27:49.0325 4736 udfs (d9728af68c4c7693cb100b8441cbdec6) C:Windowssystem32DRIVERSudfs.sys

20:27:49.0330 4736 udfs - ok

20:27:49.0383 4736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:Windowssystem32driversuliagpkx.sys

20:27:49.0386 4736 uliagpkx - ok

20:27:49.0426 4736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:Windowssystem32driversuliahci.sys

20:27:49.0431 4736 uliahci - ok

20:27:49.0453 4736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:Windowssystem32driversulsata.sys

20:27:49.0456 4736 UlSata - ok

20:27:49.0479 4736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:Windowssystem32driversulsata2.sys

20:27:49.0485 4736 ulsata2 - ok

20:27:49.0513 4736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:Windowssystem32DRIVERSumbus.sys

20:27:49.0518 4736 umbus - ok

20:27:49.0562 4736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:Windowssystem32DRIVERSusbccgp.sys

20:27:49.0567 4736 usbccgp - ok

20:27:49.0603 4736 usbcir (e9476e6c486e76bc4898074768fb7131) C:Windowssystem32driversusbcir.sys

20:27:49.0606 4736 usbcir - ok

20:27:49.0654 4736 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:Windowssystem32DRIVERSusbehci.sys

20:27:49.0656 4736 usbehci - ok

20:27:49.0685 4736 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:Windowssystem32DRIVERSusbhub.sys

20:27:49.0689 4736 usbhub - ok

20:27:49.0719 4736 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:Windowssystem32DRIVERSusbohci.sys

20:27:49.0721 4736 usbohci - ok

20:27:49.0782 4736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:Windowssystem32DRIVERSusbprint.sys

20:27:49.0784 4736 usbprint - ok

20:27:49.0844 4736 usbscan (a508c9bd8724980512136b039bba65e9) C:Windowssystem32DRIVERSusbscan.sys

20:27:49.0846 4736 usbscan - ok

20:27:49.0889 4736 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:Windowssystem32DRIVERSUSBSTOR.SYS

20:27:49.0892 4736 USBSTOR - ok

20:27:49.0922 4736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:Windowssystem32DRIVERSusbuhci.sys

20:27:49.0924 4736 usbuhci - ok

20:27:49.0969 4736 vga (87b06e1f30b749a114f74622d013f8d4) C:Windowssystem32DRIVERSvgapnp.sys

20:27:49.0972 4736 vga - ok

20:27:50.0013 4736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:WindowsSystem32driversvga.sys

20:27:50.0015 4736 VgaSave - ok

20:27:50.0057 4736 viaagp (5d7159def58a800d5781ba3a879627bc) C:Windowssystem32driversviaagp.sys

20:27:50.0060 4736 viaagp - ok

20:27:50.0091 4736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:Windowssystem32driversviac7.sys

20:27:50.0093 4736 ViaC7 - ok

20:27:50.0127 4736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:Windowssystem32driversviaide.sys

20:27:50.0130 4736 viaide - ok

20:27:50.0189 4736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:Windowssystem32driversvolmgr.sys

20:27:50.0192 4736 volmgr - ok

20:27:50.0235 4736 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:Windowssystem32driversvolmgrx.sys

20:27:50.0244 4736 volmgrx - ok

20:27:50.0280 4736 volsnap (147281c01fcb1df9252de2a10d5e7093) C:Windowssystem32driversvolsnap.sys

20:27:50.0284 4736 volsnap - ok

20:27:50.0311 4736 vsmraid (587253e09325e6bf226b299774b728a9) C:Windowssystem32driversvsmraid.sys

20:27:50.0314 4736 vsmraid - ok

20:27:50.0369 4736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:Windowssystem32driverswacompen.sys

20:27:50.0373 4736 WacomPen - ok

20:27:50.0407 4736 Wanarp (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys

20:27:50.0409 4736 Wanarp - ok

20:27:50.0423 4736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:Windowssystem32DRIVERSwanarp.sys

20:27:50.0424 4736 Wanarpv6 - ok

20:27:50.0482 4736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:Windowssystem32driverswd.sys

20:27:50.0484 4736 Wd - ok

20:27:50.0527 4736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:Windowssystem32driversWdf01000.sys

20:27:50.0536 4736 Wdf01000 - ok

20:27:50.0625 4736 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:Windowssystem32DRIVERSHSX_CNXT.sys

20:27:50.0652 4736 winachsf - ok

20:27:50.0758 4736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:Windowssystem32DRIVERSwmiacpi.sys

20:27:50.0759 4736 WmiAcpi - ok

20:27:50.0832 4736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:Windowssystem32DRIVERSwpdusb.sys

20:27:50.0834 4736 WpdUsb - ok

20:27:50.0889 4736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:Windowssystem32driversws2ifsl.sys

20:27:50.0891 4736 ws2ifsl - ok

20:27:50.0967 4736 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:Windowssystem32DRIVERSWSDPrint.sys

20:27:50.0968 4736 WSDPrintDevice - ok

20:27:51.0004 4736 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:Windowssystem32DRIVERSWSDScan.sys

20:27:51.0006 4736 WSDScan - ok

20:27:51.0066 4736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:Windowssystem32DRIVERSWUDFRd.sys

20:27:51.0069 4736 WUDFRd - ok

20:27:51.0119 4736 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:Windowssystem32DRIVERSxaudio.sys

20:27:51.0122 4736 XAudio - ok

20:27:51.0179 4736 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) DeviceHarddisk0DR0

20:27:51.0215 4736 DeviceHarddisk0DR0 - ok

20:27:51.0222 4736 Boot (0x1200) (c44599a1acc8b3db00ee03a16321d60e) DeviceHarddisk0DR0Partition0

20:27:51.0224 4736 DeviceHarddisk0DR0Partition0 - ok

20:27:51.0235 4736 Boot (0x1200) (10da46c46b1a2e1b6a086fcfda83b72b) DeviceHarddisk0DR0Partition1

20:27:51.0236 4736 DeviceHarddisk0DR0Partition1 - ok

20:27:51.0239 4736 ============================================================

20:27:51.0240 4736 Scan finished

20:27:51.0240 4736 ============================================================

20:27:51.0254 4280 Detected object count: 0

20:27:51.0254 4280 Actual detected object count: 0

Share this post


Link to post
Share on other sites

VEW:

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 01/12/2011 8:18:01 PM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 01/12/2011 10:07:48 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Log: 'Application' Date/Time: 28/11/2011 10:02:41 PM

Type: Error Category: 0

Event: 1010 Source: Microsoft-Windows-Perflib

The Collect Procedure for the "EmdCache" service in DLL "C:Windowssystem32emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

 

Log: 'Application' Date/Time: 28/11/2011 9:55:28 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEDOWNLOADSGMER.ZIP.CRDOWNLOAD> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHECB4> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHECB4> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE914> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:35 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE914> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHED68> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHED68> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE1A7> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:34 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE1A7> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:33 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE36F> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:33 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE36F> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:32 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEE46> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:32 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEE46> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEF94> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHEF94> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE2FE> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE2FE> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

Log: 'Application' Date/Time: 25/11/2011 3:21:31 PM

Type: Error Category: 3

Event: 3013 Source: Microsoft-Windows-Search

The entry <C:USERSSTEVEAPPDATALOCALMOZILLAFIREFOXPROFILESBOIPDRPZ.DEFAULTCACHE248> in the hash map cannot be updated.

 

Context: Application, SystemIndex Catalog

 

Details:

A device attached to the system is not functioning. (0x8007001f)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 27/11/2011 5:13:20 PM

Type: Warning Category: 7

Event: 508 Source: ESENT

Windows (3076) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 45867008 (0x0000000002bbe000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2647 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 25/11/2011 3:49:39 PM

Type: Warning Category: 1

Event: 1015 Source: Microsoft-Windows-Search

Event ID 3013 for the Windows Search Service has been suppressed 6 time(s) since 10:21:37 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

 

Log: 'Application' Date/Time: 24/11/2011 3:06:24 PM

Type: Warning Category: 7

Event: 508 Source: ESENT

Windows (3136) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 16596992 (0x0000000000fd4000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (48985 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 23/11/2011 8:03:34 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000_Classes:

Process 2896 (DeviceHarddiskVolume1Program FilesGoogleUpdateGoogleUpdate.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000_CLASSES

 

 

Log: 'Application' Date/Time: 23/11/2011 8:01:37 PM

Type: Warning Category: 7

Event: 507 Source: ESENT

Windows (3028) Windows: A request to read from the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 69361664 (0x0000000004226000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (92 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 17/11/2011 1:01:11 AM

Type: Warning Category: 7

Event: 508 Source: ESENT

Windows (3016) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 12386304 (0x0000000000bd0000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (18773 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 15/11/2011 10:58:46 PM

Type: Warning Category: 7

Event: 510 Source: ESENT

Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 15745024 (0x0000000000f04000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (2224 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 3092 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 15/11/2011 10:07:13 PM

Type: Warning Category: 7

Event: 510 Source: ESENT

Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 1212416 (0x0000000000128000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (6967 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 7003 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 15/11/2011 8:10:30 PM

Type: Warning Category: 7

Event: 508 Source: ESENT

Windows (2280) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 2621440 (0x0000000000280000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (64803 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 10/11/2011 8:23:24 AM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000:

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 2980 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

 

 

Log: 'Application' Date/Time: 03/11/2011 8:57:49 AM

Type: Warning Category: 7

Event: 507 Source: ESENT

Windows (2980) Windows: A request to read from the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 28573696 (0x0000000001b40000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (64811 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 02/11/2011 2:20:38 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000:

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 3248 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

 

 

Log: 'Application' Date/Time: 29/10/2011 9:34:01 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000:

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 3156 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

 

 

Log: 'Application' Date/Time: 21/10/2011 12:22:52 AM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000_Classes:

Process 928 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000_CLASSES

 

 

Log: 'Application' Date/Time: 21/10/2011 12:22:49 AM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000:

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 928 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 3100 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

Process 1096 (DeviceHarddiskVolume1WINDOWSSystem32svchost.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

 

 

Log: 'Application' Date/Time: 19/10/2011 7:54:31 PM

Type: Warning Category: 7

Event: 510 Source: ESENT

Windows (2952) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 28508160 (0x0000000001b30000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (4671 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 159556 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 17/10/2011 11:35:15 PM

Type: Warning Category: 7

Event: 508 Source: ESENT

Windows (2952) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 23191552 (0x000000000161e000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (3243 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 12/10/2011 12:48:07 PM

Type: Warning Category: 7

Event: 507 Source: ESENT

wuaueng.dll (1056) SUS20ClientDataStore: A request to read from the file "C:WindowsSoftwareDistributionDataStoreDataStore.edb" at offset 143007744 (0x0000000008862000) for 647168 (0x0009e000) bytes succeeded, but took an abnormally long time (41624 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

Log: 'Application' Date/Time: 12/10/2011 1:05:17 AM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from RegistryUserS-1-5-21-3817289807-4157103151-2040133039-1000:

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesRoot

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesDisallowed

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatestrust

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesMy

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwarePoliciesMicrosoftSystemCertificates

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesSmartCardRoot

Process 5460 (DeviceHarddiskVolume1WINDOWSSystem32msiexec.exe) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftWindowsCurrentVersionExplorer

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesTrustedPeople

Process 3116 (DeviceHarddiskVolume1Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE) has opened key REGISTRYUSERS-1-5-21-3817289807-4157103151-2040133039-1000SoftwareMicrosoftSystemCertificatesCA

 

 

Log: 'Application' Date/Time: 12/10/2011 12:14:20 AM

Type: Warning Category: 7

Event: 510 Source: ESENT

Windows (3168) Windows: A request to write to the file "C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb" at offset 50864128 (0x0000000003082000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (2883 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 95855 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 01/12/2011 10:06:59 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 23/11/2011 7:54:29 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 16/11/2011 1:51:22 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 19/10/2011 10:16:17 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 13/10/2011 11:34:36 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 05/10/2011 11:11:23 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 21/09/2011 1:07:13 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 20/09/2011 8:48:04 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 15/09/2011 10:39:27 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 02/09/2011 12:42:58 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 29/08/2011 10:28:07 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 27/08/2011 2:40:46 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 26/08/2011 4:44:45 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 24/08/2011 10:03:47 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 24/08/2011 12:00:07 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 21/08/2011 5:44:07 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 18/08/2011 10:43:21 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 16/08/2011 10:24:13 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 14/08/2011 1:52:07 AM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

Log: 'System' Date/Time: 12/08/2011 9:09:47 PM

Type: Critical Category: 0

Event: 41 Source: Microsoft-Windows-Kernel-Power

The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 01/12/2011 10:08:45 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

Log: 'System' Date/Time: 01/12/2011 10:08:41 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

Log: 'System' Date/Time: 01/12/2011 10:07:49 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

Log: 'System' Date/Time: 01/12/2011 10:07:08 PM

Type: Error Category: 0

Event: 6008 Source: EventLog

The previous system shutdown at 5:05:52 PM on 12/1/2011 was unexpected.

 

Log: 'System' Date/Time: 29/11/2011 12:47:24 AM

Type: Error Category: 0

Event: 7030 Source: Service Control Manager

The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

 

Log: 'System' Date/Time: 29/11/2011 12:42:51 AM

Type: Error Category: 0

Event: 7030 Source: Service Control Manager

The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

 

Log: 'System' Date/Time: 29/11/2011 12:36:26 AM

Type: Error Category: 0

Event: 7030 Source: Service Control Manager

The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

 

Log: 'System' Date/Time: 29/11/2011 12:35:05 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The XAudioService service terminated unexpectedly. It has done this 1 time(s).

 

Log: 'System' Date/Time: 27/11/2011 4:22:18 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.

 

Log: 'System' Date/Time: 26/11/2011 8:52:44 PM

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

 

Log: 'System' Date/Time: 26/11/2011 8:52:03 PM

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

 

Log: 'System' Date/Time: 26/11/2011 12:24:47 AM

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

Log: 'System' Date/Time: 25/11/2011 3:18:45 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

Log: 'System' Date/Time: 25/11/2011 3:18:35 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

Log: 'System' Date/Time: 25/11/2011 3:17:48 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

Log: 'System' Date/Time: 25/11/2011 3:17:35 PM

Type: Error Category: 0

Event: 19 Source: Microsoft-Windows-PrintSpooler

The print spooler failed to share printer Canon MX320 series FAX with shared resource name Canon MX320 series FAX. Error 2114. The printer cannot be used by others on the network.

 

Log: 'System' Date/Time: 25/11/2011 3:17:35 PM

Type: Error Category: 0

Event: 19 Source: Microsoft-Windows-PrintSpooler

The print spooler failed to share printer Canon MX320 series Printer with shared resource name Canon MX320 series Printer. Error 2114. The printer cannot be used by others on the network.

 

Log: 'System' Date/Time: 25/11/2011 3:17:00 PM

Type: Error Category: 0

Event: 6008 Source: EventLog

The previous system shutdown at 10:15:56 AM on 11/25/2011 was unexpected.

 

Log: 'System' Date/Time: 25/11/2011 2:44:13 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYLOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

Log: 'System' Date/Time: 25/11/2011 2:44:04 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 02/12/2011 1:13:19 AM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 02/12/2011 12:29:22 AM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 11:37:14 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 10:53:00 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 10:52:58 PM

Type: Warning Category: 0

Event: 134 Source: Microsoft-Windows-Time-Service

NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

 

Log: 'System' Date/Time: 01/12/2011 10:07:49 PM

Type: Warning Category: 0

Event: 134 Source: Microsoft-Windows-Time-Service

NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

 

Log: 'System' Date/Time: 01/12/2011 10:07:47 PM

Type: Warning Category: 0

Event: 134 Source: Microsoft-Windows-Time-Service

NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

 

Log: 'System' Date/Time: 01/12/2011 10:06:57 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 10:04:50 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 10:02:09 PM

Type: Warning Category: 0

Event: 134 Source: Microsoft-Windows-Time-Service

NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

 

Log: 'System' Date/Time: 01/12/2011 10:02:07 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 01/12/2011 10:01:56 PM

Type: Warning Category: 0

Event: 36 Source: Microsoft-Windows-Time-Service

The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

 

Log: 'System' Date/Time: 30/11/2011 8:46:16 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 30/11/2011 2:05:55 AM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 30/11/2011 1:59:40 AM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 30/11/2011 1:44:58 AM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 29/11/2011 11:23:14 PM

Type: Warning Category: 0

Event: 3004 Source: Microsoft-Windows-Windows Defender

Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {727BDEFE-664A-48A9-89BF-423575A855B0} User: Steve-PCSteve Name: Unknown ID: Severity ID: Category ID: Path Found: driver:aswMBR Alert Type: Unclassified software Detection Type:

 

Log: 'System' Date/Time: 29/11/2011 11:09:24 PM

Type: Warning Category: 0

Event: 1 Source: RTL8169

Realtek PCIe FE Family Controller is disconnected from network.

 

Log: 'System' Date/Time: 29/11/2011 11:09:21 PM

Type: Warning Category: 0

Event: 1003 Source: Microsoft-Windows-Dhcp-Client

Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 002269819BF2. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

 

Log: 'System' Date/Time: 29/11/2011 9:14:16 PM

Type: Warning Category: 0

Event: 3004 Source: Microsoft-Windows-Windows Defender

Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {AB45D62F-1D9F-435A-9914-78DE04F28DEF} User: Steve-PCSteve Name: Unknown ID: Severity ID: Category ID: Path Found: service:avastTestService Alert Type: Unclassified software Detection Type:

Share this post


Link to post
Share on other sites

Hello steverino

 

The VT link you provided is not to the scan results page but to the VT home page. Were you able to scan the file with Virus Total?

 

Your TDSSKiller log is clean. To be honest, there is not a great deal jumping out from your logs in terms of malware, but there are still quite a few things we can try.

 

A couple of questions for you:

 

Is this a business machine?

 

Are your machines connecting through a server?

 

Please let me know in your next reply.

 

  • GetPartitions

  • Please download GetPartitions from the following link. You must Right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop.
  • Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
  • It will produce a log on your C drive called C:\DiskReport.txt
  • Please post the log in your next reply.

Along with the log please let me know about my questions above.

Share this post


Link to post
Share on other sites

it is not a business machine and the computers are not connected through a server. not sure why the VT link was to the main page.

Here is a copy/paste of its results:

File name: MBR.dat

 

Submission date: 2011-12-02 18:58:38 (UTC)

 

Current status: finished

 

 

Result: 0/ 43 (0.0%)

VT Community Posted Image

not reviewed

Safety score: -

 

Compact

Print results

Antivirus Version Last Update Result AhnLab-V3 2011.12.01.02 2011.12.01 - AntiVir 7.11.18.204 2011.12.02 - Antiy-AVL 2.0.3.7 2011.12.02 - Avast 6.0.1289.0 2011.12.02 - AVG 10.0.0.1190 2011.12.02 - BitDefender 7.2 2011.12.02 - ByteHero 1.0.0.1 2011.11.29 - CAT-QuickHeal 12.00 2011.12.02 - ClamAV 0.97.3.0 2011.12.02 - Commtouch 5.3.2.6 2011.12.02 - Comodo 10815 2011.12.02 - DrWeb 5.0.2.03300 2011.12.02 - Emsisoft 5.1.0.11 2011.12.02 - eSafe 7.0.17.0 2011.12.01 - eTrust-Vet 37.0.9599 2011.12.02 - F-Prot 4.6.5.141 2011.11.29 - F-Secure 9.0.16440.0 2011.12.02 - Fortinet 4.3.388.0 2011.12.02 - GData 22 2011.12.02 - Ikarus T3.1.1.109.0 2011.12.02 - Jiangmin 13.0.900 2011.12.02 - K7AntiVirus 9.119.5586 2011.12.02 - Kaspersky 9.0.0.837 2011.12.02 - McAfee 5.400.0.1158 2011.12.02 - McAfee-GW-Edition 2010.1D 2011.12.02 - Microsoft 1.7903 2011.12.02 - NOD32 6668 2011.12.01 - Norman 6.07.13 2011.12.02 - nProtect 2011-12-02.01 2011.12.02 - Panda 10.0.3.5 2011.12.02 - PCTools 8.0.0.5 2011.12.02 - Prevx 3.0 2011.12.02 - Rising 23.86.04.02 2011.12.02 - Sophos 4.71.0 2011.12.02 - SUPERAntiSpyware 4.40.0.1006 2011.12.02 - Symantec 20111.2.0.82 2011.12.02 - TheHacker 6.7.0.1.352 2011.12.01 - TrendMicro 9.500.0.1008 2011.12.02 - TrendMicro-HouseCall 9.500.0.1008 2011.12.02 - VBA32 3.12.16.4 2011.12.01 - VIPRE 11192 2011.12.02 - ViRobot 2011.12.2.4805 2011.12.02 - VirusBuster 14.1.96.0 2011.12.02 -

Additional information

MD5 : 21903a2b5014892ced92aa9833a8e1e7 SHA1 : 7b8966a000d371372c91b4731595cf6fc375a673 SHA256: 7c7a5991c39cf93de4bf87c9e7368f42beccdf71169a20d334bc97cd33507396

Share this post


Link to post
Share on other sites

Microsoft DiskPart version 6.0.6002

Copyright © 1999-2007 Microsoft Corporation.

On computer: STEVE-PC

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

Volume 0 F Audio CD CDFS DVD-ROM 42 MB Healthy

Volume 1 C NTFS Partition 140 GB Healthy System

Volume 2 E PRESARIO_RP NTFS Partition 9 GB Healthy

Share this post


Link to post
Share on other sites

Hello steverino

 

Lets see what the following can tell us:

  • Please run the following scan

  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post the ESET log in your next reply.

Share this post


Link to post
Share on other sites

<p> </p>

<div>ESET</div>

<div> </div>

<div>C:UsersSteveDownloadscnet_aura-free-video-converter_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>C:UsersSteveDownloadscnet_avc-free_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div>C:UsersSteveDownloadscnet_BatteryBarSetup-3_5_2_exe.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.D application</div>

<div> </div>

Share this post


Link to post
Share on other sites

Hello sterevino

 

I am not seeing anything in your logs that would explain the problems you are describing.

 

Lets see of the following can help us:

  • StartupLight

  • You may wish to try StartupLite. Simply download this tool to your desktop and run it.
  • It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup.
  • This will result in fewer programs running when you boot your system, and should improve performance.
  • You can find it here: http://www.malwareby...startuplite.php
More information can be found in the link below:

 

http://www.bleepingc...ndpost&p=487112

 

Share this post


Link to post
Share on other sites

well, though we didnt do too much, it does seem better, at least at the moment. though the cpu usage still hits 100% when doing something as opening a new web page, its clears quickly

Share this post


Link to post
Share on other sites

Hello steverino

 

Lets try one more thing to be safe:

  • MBRCheck

  • Please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
  • Please post the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows Vista Home Basic Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: Presario CQ50 Notebook PC

Logical Drives Mask: 0x00000034

 

Kernel Drivers (total 190):

0x82211000 SystemRootsystem32ntkrnlpa.exe

0x825CB000 SystemRootsystem32hal.dll

0x80400000 SystemRootsystem32kdcom.dll

0x80407000 SystemRootsystem32mcupdate_GenuineIntel.dll

0x80477000 SystemRootsystem32PSHED.dll

0x80488000 SystemRootsystem32BOOTVID.dll

0x80490000 SystemRootsystem32CLFS.SYS

0x804D1000 SystemRootsystem32CI.dll

0x80603000 SystemRootsystem32driversWdf01000.sys

0x8067F000 SystemRootsystem32driversWDFLDR.SYS

0x8068C000 SystemRootsystem32driversacpi.sys

0x806D2000 SystemRootsystem32driversWMILIB.SYS

0x806DB000 SystemRootsystem32driversmsisadrv.sys

0x806E3000 SystemRootsystem32driverspci.sys

0x8070A000 SystemRootsystem32driversisapnp.sys

0x80719000 SystemRootsystem32driversmpio.sys

0x80735000 SystemRootSystem32driverspartmgr.sys

0x80744000 SystemRootsystem32DRIVERScompbatt.sys

0x80747000 SystemRootsystem32DRIVERSBATTC.SYS

0x80751000 SystemRootsystem32driversvolmgr.sys

0x80760000 SystemRootSystem32driversvolmgrx.sys

0x807AA000 SystemRootsystem32driversintelide.sys

0x807B1000 SystemRootsystem32driversPCIIDEX.SYS

0x807BF000 SystemRootsystem32driverspciide.sys

0x807C6000 SystemRootsystem32driversaliide.sys

0x807CD000 SystemRootsystem32driversamdide.sys

0x807D4000 SystemRootsystem32driverscmdide.sys

0x807DC000 SystemRootSystem32driversmountmgr.sys

0x805B1000 SystemRootsystem32driversmsdsm.sys

0x805CB000 SystemRootsystem32driversnvraid.sys

0x88007000 SystemRootsystem32driversCLASSPNP.SYS

0x88028000 SystemRootsystem32driversviaide.sys

0x88030000 SystemRootsystem32driversiastorv.sys

0x880D1000 SystemRootsystem32driversatapi.sys

0x880D9000 SystemRootsystem32driversataport.SYS

0x880F7000 SystemRootsystem32driverslsi_scsi.sys

0x88111000 SystemRootsystem32driversstorport.sys

0x88152000 SystemRootsystem32driversnvstor.sys

0x8815F000 SystemRootsystem32driversmsahci.sys

0x88169000 SystemRootsystem32drivershpcisss.sys

0x88174000 SystemRootsystem32driversadp94xx.sys

0x8820D000 SystemRootsystem32driversadpahci.sys

0x88259000 SystemRootsystem32driversadpu160m.sys

0x88274000 SystemRootsystem32driversSCSIPORT.SYS

0x8829A000 SystemRootsystem32driversadpu320.sys

0x882C0000 SystemRootsystem32driversdjsvs.sys

0x882D4000 SystemRootsystem32driversarc.sys

0x882EA000 SystemRootsystem32driversarcsas.sys

0x88300000 SystemRootsystem32driverselxstor.sys

0x88394000 SystemRootsystem32driversi2omp.sys

0x8839E000 SystemRootsystem32driversiirsp.sys

0x883AE000 SystemRootsystem32driversiteatapi.sys

0x883BA000 SystemRootsystem32driversiteraid.sys

0x883C6000 SystemRootsystem32driverslsi_fc.sys

0x883E0000 SystemRootsystem32driverslsi_sas.sys

0x88200000 SystemRootsystem32driversmegasas.sys

0x8840E000 SystemRootsystem32driversmegasr.sys

0x884C5000 SystemRootsystem32driversmraid35x.sys

0x884D0000 SystemRootsystem32driversnfrd960.sys

0x8860D000 SystemRootsystem32driversql2300.sys

0x88745000 SystemRootsystem32driversql40xx.sys

0x8879A000 SystemRootsystem32driverssisraid2.sys

0x887A7000 SystemRootsystem32driverssisraid4.sys

0x887BC000 SystemRootsystem32driverssymc8xx.sys

0x887C8000 SystemRootsystem32driverssym_hi.sys

0x887D3000 SystemRootsystem32driverssym_u3.sys

0x884DE000 SystemRootsystem32driversuliahci.sys

0x887DE000 SystemRootsystem32driversulsata.sys

0x8851A000 SystemRootsystem32driversulsata2.sys

0x88546000 SystemRootsystem32driversvsmraid.sys

0x88567000 SystemRootsystem32driversfltmgr.sys

0x88599000 SystemRootsystem32driversfileinfo.sys

0x8880E000 SystemRootSystem32Driversksecdd.sys

0x8887F000 SystemRootsystem32driversndis.sys

0x8898A000 SystemRootsystem32driversmsrpc.sys

0x889B5000 SystemRootsystem32driversNETIO.SYS

0x88A0D000 SystemRootSystem32driverstcpip.sys

0x88AF7000 SystemRootSystem32driversfwpkclnt.sys

0x88C06000 SystemRootSystem32DriversNtfs.sys

0x88D16000 SystemRootsystem32driverswd.sys

0x88D1E000 SystemRootsystem32driversvolsnap.sys

0x88D57000 SystemRootSystem32Driversspldr.sys

0x88D5F000 SystemRootsystem32driverssbp2port.sys

0x88D74000 SystemRootSystem32Driversmup.sys

0x88D83000 SystemRootSystem32driversecache.sys

0x88DAA000 SystemRootsystem32driversdisk.sys

0x88DBB000 SystemRootsystem32driverscrcdisk.sys

0x88DE6000 SystemRootsystem32DRIVERStunnel.sys

0x88DF1000 SystemRootsystem32DRIVERStunmp.sys

0x88B12000 SystemRootsystem32DRIVERSintelppm.sys

0x88B21000 SystemRootsystem32DRIVERSwmiacpi.sys

0x8C401000 SystemRootsystem32DRIVERSigdkmd32.sys

0x8CD21000 SystemRootSystem32driversdxgkrnl.sys

0x8CDC1000 SystemRootSystem32driverswatchdog.sys

0x8CDCD000 SystemRootsystem32DRIVERSusbuhci.sys

0x88B2A000 SystemRootsystem32DRIVERSUSBPORT.SYS

0x8CDD8000 SystemRootsystem32DRIVERSusbehci.sys

0x88B68000 SystemRootsystem32DRIVERSHDAudBus.sys

0x885A9000 SystemRootsystem32DRIVERSRtlh86.sys

0x8D00C000 SystemRootsystem32DRIVERSathr.sys

0x8D0F0000 SystemRootsystem32DRIVERSi8042prt.sys

0x8D103000 SystemRootsystem32DRIVERSHpqKbFiltr.sys

0x8D108000 SystemRootsystem32DRIVERSkbdclass.sys

0x8D113000 SystemRootsystem32DRIVERSSynTP.sys

0x8D143000 SystemRootsystem32DRIVERSUSBD.SYS

0x8D145000 SystemRootsystem32DRIVERSmouclass.sys

0x8D150000 SystemRootsystem32DRIVERSCmBatt.sys

0x8D154000 SystemRootsystem32DRIVERScdrom.sys

0x8D16C000 SystemRootsystem32DRIVERSmsiscsi.sys

0x8D19B000 SystemRootsystem32DRIVERSTDI.SYS

0x8D1A6000 SystemRootsystem32DRIVERSrasl2tp.sys

0x8D1BD000 SystemRootsystem32DRIVERSndistapi.sys

0x8D1C8000 SystemRootsystem32DRIVERSndiswan.sys

0x8D1EB000 SystemRootsystem32DRIVERSraspppoe.sys

0x8CDE7000 SystemRootsystem32DRIVERSraspptp.sys

0x885D8000 SystemRootsystem32DRIVERSrassstp.sys

0x889F0000 SystemRootsystem32DRIVERStermdd.sys

0x8D1FA000 SystemRootsystem32DRIVERSswenum.sys

0x8D401000 SystemRootsystem32DRIVERSks.sys

0x8D42B000 SystemRootsystem32DRIVERSmssmbios.sys

0x8D435000 SystemRootsystem32DRIVERSumbus.sys

0x8D442000 SystemRootsystem32DRIVERSusbhub.sys

0x8D477000 SystemRootSystem32DriversNDProxy.SYS

0x8D488000 SystemRootsystem32driversCHDRT32.sys

0x8D4C3000 SystemRootsystem32driversportcls.sys

0x8D4F0000 SystemRootsystem32driversdrmk.sys

0x8D515000 SystemRootsystem32DRIVERSHSXHWAZL.sys

0x8D600000 SystemRootsystem32DRIVERSHSX_DPV.sys

0x8D703000 SystemRootsystem32DRIVERSHSX_CNXT.sys

0x8D7B8000 SystemRootsystem32driversmodem.sys

0x8D7C5000 SystemRootsystem32driversIntcHdmi.sys

0x8D553000 SystemRootSystem32DriversaswSnx.SYS

0x8D7E6000 SystemRootSystem32DriversFs_Rec.SYS

0x8D7EF000 SystemRootSystem32DriversNull.SYS

0x8D7F6000 SystemRootSystem32DriversBeep.SYS

0x8D5C9000 SystemRootsystem32DRIVERSHIDPARSE.SYS

0x8D5D0000 SystemRootSystem32driversvga.sys

0x8D5DC000 SystemRootSystem32driversVIDEOPRT.SYS

0x8D5C0000 SystemRootSystem32DRIVERSRDPCDD.sys

0x8D000000 SystemRootsystem32driversrdpencdd.sys

0x88BF5000 SystemRootSystem32DriversMsfs.SYS

0x88800000 SystemRootSystem32DriversNpfs.SYS

0x88A00000 SystemRootSystem32DRIVERSrasacd.sys

0x881DE000 SystemRootsystem32DRIVERStdx.sys

0x88600000 SystemRootSystem32DriversaswTdi.SYS

0x807EC000 SystemRootsystem32DRIVERSsmb.sys

0x8DC06000 SystemRootsystem32driversafd.sys

0x8DC4E000 SystemRootSystem32DriversaswRdr.SYS

0x8DC55000 SystemRootSystem32DRIVERSnetbt.sys

0x8DC87000 SystemRootsystem32DRIVERSpacer.sys

0x8DC9D000 SystemRootsystem32DRIVERSnetbios.sys

0x8DCAB000 SystemRootsystem32DRIVERSwanarp.sys

0x8DCBE000 SystemRootsystem32DRIVERSrdbss.sys

0x8DCFA000 SystemRootsystem32driversnsiproxy.sys

0x8DD04000 SystemRootSystem32Driversdfsc.sys

0x8DD1B000 SystemRootSystem32DriversaswSP.SYS

0x8DD66000 SystemRootSystem32Driverscrashdmp.sys

0x8DD73000 SystemRootSystem32Driversdump_dumpata.sys

0x8DD7E000 SystemRootSystem32Driversdump_msahci.sys

0x96010000 SystemRootSystem32win32k.sys

0x8DD88000 SystemRootSystem32driversDxapi.sys

0x8DD92000 SystemRootsystem32DRIVERSmonitor.sys

0x96230000 SystemRootSystem32TSDDD.dll

0x96250000 SystemRootSystem32cdd.dll

0x8DDA1000 SystemRootsystem32driversluafv.sys

0x8DDBC000 ??C:Windowssystem32driversaswMonFlt.sys

0x8DDF4000 SystemRootSystem32DriversaswFsBlk.SYS

0x88DC4000 SystemRootsystem32DRIVERSlltdio.sys

0xA8E07000 SystemRootsystem32DRIVERSnwifi.sys

0xA8E31000 SystemRootsystem32DRIVERSndisuio.sys

0xA8E3B000 SystemRootsystem32DRIVERSrspndr.sys

0xA8E4E000 SystemRootsystem32driversspsys.sys

0xA8EFE000 SystemRootsystem32driversHTTP.sys

0xA8F6B000 SystemRootSystem32DRIVERSsrvnet.sys

0xA8F88000 SystemRootsystem32DRIVERSbowser.sys

0xA8FA1000 SystemRootSystem32driversmpsdrv.sys

0xA8FB6000 SystemRootsystem32DRIVERSmrxsmb.sys

0xB2206000 SystemRootsystem32DRIVERSmrxsmb10.sys

0xB223F000 SystemRootsystem32DRIVERSmrxsmb20.sys

0xB2257000 SystemRootSystem32DRIVERSsrv2.sys

0xB227F000 SystemRootSystem32DRIVERSsrv.sys

0xB22E6000 SystemRootsystem32DRIVERSmdmxsdk.sys

0xB22EA000 SystemRootsystem32driverspeauth.sys

0xB23C8000 SystemRootSystem32Driverssecdrv.SYS

0xB23D2000 SystemRootSystem32driverstcpipreg.sys

0xB23DE000 SystemRootsystem32DRIVERSxaudio.sys

0xB23E6000 SystemRootsystem32DRIVERScdfs.sys

0xB22CE000 SystemRootsystem32DRIVERSWSDPrint.sys

0xB22D8000 SystemRootsystem32DRIVERSWSDScan.sys

0x770A0000 WINDOWSSystem32ntdll.dll

 

Processes (total 64):

0 System Idle Process

4 System

436 C:WINDOWSSystem32smss.exe

504 csrss.exe

548 C:WINDOWSSystem32wininit.exe

556 csrss.exe

588 C:WINDOWSSystem32winlogon.exe

628 C:WINDOWSSystem32services.exe

648 C:WINDOWSSystem32lsass.exe

656 C:WINDOWSSystem32lsm.exe

820 C:WINDOWSSystem32svchost.exe

860 C:Program FilesIObitAdvanced SystemCare 5ASCService.exe

916 C:WINDOWSSystem32svchost.exe

952 C:WINDOWSSystem32svchost.exe

1040 C:WINDOWSSystem32svchost.exe

1112 C:WINDOWSSystem32svchost.exe

1124 C:WINDOWSSystem32svchost.exe

1180 C:WINDOWSSystem32audiodg.exe

1216 C:WINDOWSSystem32svchost.exe

1236 C:WINDOWSSystem32SLsvc.exe

1264 C:WINDOWSSystem32svchost.exe

1448 C:WINDOWSSystem32svchost.exe

1652 C:WINDOWSSystem32dwm.exe

1664 C:WINDOWSexplorer.exe

1704 C:WINDOWSSystem32wlanext.exe

1732 C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

1900 C:WINDOWSSystem32spoolsv.exe

1288 C:WINDOWSSystem32taskeng.exe

1356 C:WINDOWSSystem32svchost.exe

1940 C:WINDOWSSystem32taskeng.exe

828 C:Program FilesGoogleUpdateGoogleUpdate.exe

1164 C:Program FilesSynapticsSynTPSynTPEnh.exe

1244 C:Program FilesAlwil SoftwareAvast5AvastUI.exe

1396 C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.exe

1528 C:Program FilesIObitAdvanced SystemCare 5ASCTray.exe

2052 C:UsersSteveAppDataRoamingDropboxbinDropbox.exe

2212 C:WINDOWSSystem32igfxsrvc.exe

2636 C:WINDOWSSystem32svchost.exe

2664 C:WINDOWSSystem32svchost.exe

2776 C:WINDOWSSystem32svchost.exe

2792 C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVC.EXE

2860 C:WINDOWSSystem32SearchIndexer.exe

2924 C:Program FilesCommon Filesmicrosoft sharedWindows LiveWLIDSVCM.EXE

3080 C:WINDOWSSystem32driversXAudio.exe

3272 C:Program FilesSpybot - Search & DestroySDWinSec.exe

1916 C:Program FilesMozilla Firefoxfirefox.exe

2456 C:Program FilesGoogleChromeApplicationchrome.exe

2596 C:Program FilesGoogleChromeApplicationchrome.exe

3424 C:Program FilesGoogleChromeApplicationchrome.exe

3128 C:Program FilesGoogleChromeApplicationchrome.exe

3152 C:WINDOWSSystem32rundll32.exe

3160 C:Program FilesGoogleChromeApplicationchrome.exe

3344 C:Program FilesWindows Media Playerwmpnscfg.exe

4044 C:Program FilesWindows Media Playerwmpnetwk.exe

3752 C:Program FilesGoogleChromeApplicationchrome.exe

3472 C:Program FilesSynapticsSynTPSynTPHelper.exe

2060 C:WINDOWSSystem32svchost.exe

2344 C:WINDOWSSystem32SearchProtocolHost.exe

5396 C:WINDOWSSystem32SearchFilterHost.exe

5500 WmiPrvSE.exe

5900 C:WINDOWSservicingTrustedInstaller.exe

6020 C:WINDOWSSystem32wbemWMIADAP.exe

6048 WmiPrvSE.exe

6136 C:UsersSteveDesktopMBRCheck.exe

 

.C: --> .PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

.E: --> .PhysicalDrive0 at offset 0x00000022`ed300000 (NTFS)

 

PhysicalDrive0 Model Number: WDCWD1600BEVT-60ZCT0, Rev: 12.01A12

 

Size Device Name MBR Status

--------------------------------------------

149 GB .PhysicalDrive0 Unknown MBR code

SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

Share this post


Link to post
Share on other sites

Hello sterevino

 

Your MBRCheck log appears to be clean (the non standard MBR code in use is specific to HP machines - I have the same one on my machine).

 

Nothing I can see is pointing to a malware infection at this time.

 

The machine has 2GB of RAM installed. Vista itself will use 1GB of that RAM straight away, which means that if you run any programs that take up a lot of system resources they will be a drain on performance.

 

At the moment I think this may be a RAM issue, since after running startuplite (which disables non essential programs at startup) you experienced an improvement in system performance.

 

 

As for your connection issues I am not sure what could be causing the timing out. Please feel free to create a thread in our Networking, Email and Internet Connections forum for additional support.

 

Lets remove our tools in the steps below:

  • Please Uninstall Combofix

  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
  • A Run box will open.
  • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  • Removal of Tools

    • You no longer need DDS, GMER, aswMBR, TDSSKiller, GetPartitions or MBRCheck.
    • Please delete them from your machine.
    I'll leave you with some preventative tips below:
  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.
    Web Browsers and Browser Security

     

    Firefox

    • You can download Firefox from here.
    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.
    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.
    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.
    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.
    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites

Since this problem appears to be resolved this topic is now closed.

 

Glad we could help :)

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×