ComboFix 11-11-05.03 - Mom 11/05/2011 18:11:40.1.2 - x86 NETWORK Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1983.1577 [GMT -5:00] Running from: C:\Users\Mom\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 ))))))))))))))))))))))))))))))) 2011-11-05 23:16:24 . 2011-11-05 23:16:24 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-11-05 22:22:35 . 2011-11-05 22:22:35 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\offreg.dll 2011-11-05 22:09:18 . 2011-11-05 22:09:18 -------- d-----w- C:\Users\Mom\AppData\Roaming\Malwarebytes 2011-11-05 22:09:04 . 2011-11-05 22:09:04 -------- d-----w- C:\ProgramData\Malwarebytes 2011-11-05 22:09:01 . 2011-11-05 22:09:07 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2011-11-05 22:09:01 . 2011-08-31 22:00:50 22216 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-11-04 23:07:13 . 2011-10-18 07:28:06 6668624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\mpengine.dll 2011-11-03 22:56:38 . 2011-11-03 22:56:38 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2011-11-02 22:38:33 . 2011-11-04 11:55:11 -------- d-----w- C:\Program Files\Microsoft Works 2011-11-02 22:36:39 . 2008-10-08 12:55:08 463152 ----a-r- C:\Users\Mom\setup.exe 2011-11-02 21:40:30 . 2011-11-02 21:40:53 -------- d-----w- C:\ProgramData\NVIDIA 2011-11-02 21:38:48 . 2011-11-02 21:38:49 -------- d-----w- C:\Windows\system32\EventProviders 2011-11-02 21:38:13 . 2009-03-06 16:52:00 797216 ----a-w- C:\Windows\system32\nvcplui.exe 2011-11-02 21:38:13 . 2009-03-06 16:52:00 420384 ----a-w- C:\Windows\system32\nvcpl.cpl 2011-11-02 21:38:13 . 2009-03-06 16:52:00 1108512 ----a-w- C:\Windows\system32\nvcpluir.dll 2011-11-02 21:38:12 . 2009-03-06 16:52:00 453152 ----a-w- C:\Windows\system32\nvuninst.exe 2011-11-02 21:17:48 . 2011-11-02 21:17:48 -------- d-----w- C:\found.001 2011-10-26 01:02:49 . 2011-10-26 01:02:49 -------- d-----w- C:\found.000 2011-10-26 00:04:42 . 2011-08-15 04:25:59 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-09-06 20:45:29 . 2011-09-04 22:55:53 199304 ----a-w- C:\Windows\system32\aswBoot.exe 2011-09-06 20:45:29 . 2011-06-17 15:54:17 41184 ----a-w- C:\Windows\avastSS.scr 2011-09-06 20:38:05 . 2011-09-04 22:56:17 442200 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2011-09-06 20:37:53 . 2011-09-04 22:56:23 320856 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2011-09-06 20:36:38 . 2011-09-04 22:56:20 34392 ----a-w- C:\Windows\system32\drivers\aswRdr.sys 2011-09-06 20:36:36 . 2011-09-04 22:56:19 52568 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2011-09-06 20:36:26 . 2011-09-04 22:56:15 54616 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36:12 . 2011-09-04 22:56:23 20568 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2011-10-01 16:49:16 . 2011-06-16 05:09:37 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll 2011-06-17 16:02:34 8192 --sha-w- C:\Windows\System32\srvany.exe ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [-] 2011-08-01 03:12:46 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\System32\user32.dll [7] 2010-11-20 12:21:33 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 01:16:17 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45:22 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 17:55:28 937920] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 19:54:26 91520] "EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 15:12:12 976320] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-09-06 20:45:30 3722416] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-03-06 16:52:00 13605408] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2009-03-06 16:52:00 92704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 17:55:28 64952] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 20:36:26 54616] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 16:15:00 31125880] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:37:50 4640000] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 22:13:45 207360] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 22:13:46 980992] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 22:13:45 661504] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-21 11:36:03 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:18:07 17920] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128] ------- Supplementary Scan ------- IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.10.30 FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\f1damigj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0
Program Files Disappeared / No Outlook
Started by
brandonlile
, Nov 05 2011 05:34 PM
#1
Posted 05 November 2011 - 05:34 PM
#2
Posted 05 November 2011 - 11:18 PM
There is one type of malware that likes to remove the links and hide them in %Temp%\smtmp which I expect would be C:\Users\Mom\AppData\Local\temp\smtp on your mom's PC.
Unfortunately when you start trying to get rid of this on your own the tendency is to clear the temp files so that the folder is lost.
Combofix is also aware of the bug so it should fix it for you if the folder exists. It a hidden system file so first:
Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.
See if you can find the smtmp folder. If you do, copy it to your desktop so it will be safe (don't move it).
You can try unhide.exe which I think will automatically fix it for you.
Download, Save and Right click on unhide.exe and Run As Administrator from
http://download.blee...nler/unhide.exe
We really need to see your OTL log to know what's going on.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Also you only posted part of the Combofix log. The bottom of it was missing.
Also run the following:
First fix Avast so it won't interfere:
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Ron
Unfortunately when you start trying to get rid of this on your own the tendency is to clear the temp files so that the folder is lost.
Combofix is also aware of the bug so it should fix it for you if the folder exists. It a hidden system file so first:
Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.
See if you can find the smtmp folder. If you do, copy it to your desktop so it will be safe (don't move it).
You can try unhide.exe which I think will automatically fix it for you.
Download, Save and Right click on unhide.exe and Run As Administrator from
http://download.blee...nler/unhide.exe
We really need to see your OTL log to know what's going on.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Also you only posted part of the Combofix log. The bottom of it was missing.
Also run the following:
First fix Avast so it won't interfere:
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwarebytes.org/mbam.php
SAVE Malwarebytes' Anti-Malware to your desktop.
Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Ron
#3
Posted 06 November 2011 - 11:55 AM
So I looked for the hidden folder but was unable to find it. So I'm not sure what my next step with that should be (if anything). And here are the OTL logs :
The Extra's :
I re-ran the ComboFix scan and got :
No malicious items were found with MBAM :
TDSKiller found nothing :
And as far as aswMBR goes, only the fixMBR button was enabled :
OTL logfile created on: 11/6/2011 10:20:42 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mom\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.15% Memory free 3.87 Gb Paging File | 2.63 Gb Available in Paging File | 67.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103.38 Gb Total Space | 72.45 Gb Free Space | 70.08% Space Free | Partition Type: NTFS Drive D: | 74.53 Gb Total Space | 63.17 Gb Free Space | 84.76% Space Free | Partition Type: NTFS Drive E: | 8.41 Gb Total Space | 1.79 Gb Free Space | 21.23% Space Free | Partition Type: NTFS Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/11/06 10:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe PRC - [2011/10/01 10:49:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/12/03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/10/01 10:49:16 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/06/16 13:08:34 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/05/28 21:04:58 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/06/21 05:36:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/09/06 14:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/09/06 14:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/09/06 14:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/09/06 14:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/09/06 14:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/09/06 14:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/07/26 18:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 39 93 2F E3 2B CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/02 15:25:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:49:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 23:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions [2011/06/15 23:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/02 15:25:25 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011/10/01 10:49:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7F9BA32-40A5-409B-B8F1-8F58BFE89328}: DhcpNameServer = 192.168.10.30 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/06 10:26:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Mom\Desktop\aswMBR.exe [2011/11/06 10:25:24 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\tdsskiller.exe [2011/11/06 10:18:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe [2011/11/05 17:24:42 | 000,000,000 | ---D | C] -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2011/11/05 17:17:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/11/05 17:10:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/11/05 17:10:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/11/05 17:10:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/11/05 17:10:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/11/05 17:10:33 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/11/05 17:10:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/11/05 17:10:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011/11/05 16:09:18 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Malwarebytes [2011/11/05 16:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/05 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/05 16:09:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/11/05 16:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/11/02 16:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/11/02 16:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2011/11/02 16:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2011/11/02 16:36:39 | 000,463,152 | R--- | C] (Microsoft Corporation) -- C:\Users\Mom\setup.exe [2011/11/02 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011/11/02 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011/11/02 15:38:13 | 001,108,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll [2011/11/02 15:38:13 | 000,797,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe [2011/11/02 15:38:13 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl [2011/11/02 15:38:12 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe [2011/11/02 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Microsoft [2011/11/02 15:17:48 | 000,000,000 | ---D | C] -- C:\found.001 [2011/10/25 19:02:49 | 000,000,000 | ---D | C] -- C:\found.000 [2011/10/13 17:45:33 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011/10/13 17:45:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011/10/13 17:45:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011/10/13 17:45:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011/10/13 17:45:32 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011/10/13 17:45:30 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/10/13 17:45:22 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/10/13 17:45:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/10/13 17:45:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/10/13 17:45:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/10/13 17:45:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/10/13 17:45:20 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/10/13 17:45:20 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/10/13 17:45:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/10/13 17:45:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/10/13 17:45:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/10/13 17:45:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/06 10:26:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Mom\Desktop\aswMBR.exe [2011/11/06 10:25:33 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mom\Desktop\tdsskiller.exe [2011/11/06 10:19:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe [2011/11/06 10:15:41 | 000,684,297 | ---- | M] () -- C:\Users\Mom\Desktop\unhide.exe [2011/11/06 10:13:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/11/05 17:27:44 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/11/05 17:27:44 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/11/05 17:22:56 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2011/11/05 16:16:53 | 000,009,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/05 16:16:52 | 000,009,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/05 16:09:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/02 18:11:34 | 000,400,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/11/02 15:58:45 | 000,000,993 | ---- | M] () -- C:\Users\Mom\Desktop\connorgay - Shortcut.lnk [2011/11/02 15:25:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/06 10:15:32 | 000,684,297 | ---- | C] () -- C:\Users\Mom\Desktop\unhide.exe [2011/11/05 17:10:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/11/05 17:10:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/11/05 17:10:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/11/05 17:10:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/11/05 17:10:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/05 16:09:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/02 15:58:45 | 000,000,993 | ---- | C] () -- C:\Users\Mom\Desktop\connorgay - Shortcut.lnk [2011/09/04 16:31:48 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/09/04 16:31:48 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/09/04 16:31:48 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/09/04 16:31:48 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/09/04 16:31:48 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/09/04 16:31:48 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/09/04 16:31:48 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/09/04 16:31:48 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/09/04 16:31:48 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/09/04 16:31:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/09/04 16:31:48 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/09/04 16:31:48 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/09/04 16:31:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/09/04 16:31:48 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/09/04 16:31:48 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/09/04 16:31:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/09/04 16:29:19 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini [2011/06/17 10:03:19 | 000,008,192 | -HS- | C] () -- C:\Windows\System32\srvany.exe [2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 22:33:53 | 000,400,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005/05/06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll < End of report >
The Extra's :
OTL Extras logfile created on: 11/6/2011 10:43:53 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mom\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.15% Memory free 3.87 Gb Paging File | 2.63 Gb Available in Paging File | 67.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 103.38 Gb Total Space | 72.45 Gb Free Space | 70.08% Space Free | Partition Type: NTFS Drive D: | 74.53 Gb Total Space | 63.17 Gb Free Space | 84.76% Space Free | Partition Type: NTFS Drive E: | 8.41 Gb Total Space | 1.79 Gb Free Space | 21.23% Space Free | Partition Type: NTFS Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = ComFile] -- "%1" %* .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast" = avast! Free Antivirus "EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall "EPSON Scanner" = EPSON Scan "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US) "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OUTLOOKSTD" = Microsoft Office Outlook 2007 "WinRAR 4.01" = WinRAR 4.01 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11/4/2011 1:23:45 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 11/4/2011 7:25:14 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 11/4/2011 8:25:14 PM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 11/5/2011 7:32:21 AM | Computer Name = Mom-PC | Source = System Restore | ID = 8193 Description = Error - 11/5/2011 7:58:30 AM | Computer Name = Mom-PC | Source = Software Protection Platform Service | ID = 8193 Description = License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error - 11/5/2011 6:20:22 PM | Computer Name = Mom-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = VSS | ID = 18 Description = Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = VSS | ID = 8193 Description = Error - 11/5/2011 7:10:42 PM | Computer Name = Mom-PC | Source = System Restore | ID = 8193 Description = Error - 11/5/2011 7:23:11 PM | Computer Name = Mom-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. [ System Events ] Error - 11/5/2011 7:17:09 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/5/2011 7:17:09 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/5/2011 7:17:47 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error - 11/5/2011 7:18:00 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005 Description = Error - 11/5/2011 7:18:00 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10005 Description = Error - 11/5/2011 7:23:26 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = A fatal hardware error has occurred. Reported by component: Processor Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry contains further information. Error - 11/5/2011 7:23:26 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = A fatal hardware error has occurred. Reported by component: Processor Core Error Source: 3 Error Type: 6 Processor ID: 1 The details view of this entry contains further information. Error - 11/5/2011 7:24:33 PM | Computer Name = Mom-PC | Source = DCOM | ID = 10016 Description = Error - 11/5/2011 10:00:13 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-HAL | ID = 12 Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error - 11/6/2011 12:22:22 AM | Computer Name = Mom-PC | Source = atapi | ID = 262153 Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period. < End of report >
I re-ran the ComboFix scan and got :
ComboFix 11-11-06.02 - Mom 11/06/2011 10:55:12.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1983.1225 [GMT -6:00] Running from: c:\users\Mom\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 17:01 . 2011-11-06 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-05 23:25 . 2011-11-05 23:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\offreg.dll 2011-11-05 22:09 . 2011-11-05 22:09 -------- d-----w- c:\users\Mom\AppData\Roaming\Malwarebytes 2011-11-05 22:09 . 2011-11-05 22:09 -------- d-----w- c:\programdata\Malwarebytes 2011-11-05 22:09 . 2011-11-05 22:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-05 22:09 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-04 23:07 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D672B32-4F88-4A9B-96B9-72886814AFB8}\mpengine.dll 2011-11-03 22:56 . 2011-11-03 22:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-11-02 22:38 . 2011-11-04 11:55 -------- d-----w- c:\program files\Microsoft Works 2011-11-02 22:36 . 2008-10-08 12:55 463152 ----a-r- c:\users\Mom\setup.exe 2011-11-02 21:40 . 2011-11-02 21:40 -------- d-----w- c:\programdata\NVIDIA 2011-11-02 21:38 . 2011-11-02 21:38 -------- d-----w- c:\windows\system32\EventProviders 2011-11-02 21:38 . 2009-03-06 16:52 797216 ----a-w- c:\windows\system32\nvcplui.exe 2011-11-02 21:38 . 2009-03-06 16:52 420384 ----a-w- c:\windows\system32\nvcpl.cpl 2011-11-02 21:38 . 2009-03-06 16:52 1108512 ----a-w- c:\windows\system32\nvcpluir.dll 2011-11-02 21:38 . 2009-03-06 16:52 453152 ----a-w- c:\windows\system32\nvuninst.exe 2011-11-02 21:17 . 2011-11-02 21:17 -------- d-----w- C:\found.001 2011-10-26 01:02 . 2011-10-26 01:02 -------- d-----w- C:\found.000 2011-10-26 00:04 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 20:45 . 2011-09-04 22:55 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:45 . 2011-06-17 15:54 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38 . 2011-09-04 22:56 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2011-09-04 22:56 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2011-09-04 22:56 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2011-09-04 22:56 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2011-09-04 22:56 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2011-09-04 22:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-01 16:49 . 2011-06-16 05:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-17 16:02 8192 --sha-w- c:\windows\System32\srvany.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-08-01 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-21 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.10.30 FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\f1damigj.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 11:03:27 ComboFix-quarantined-files.txt 2011-11-06 17:03 . Pre-Run: 78,004,531,200 bytes free Post-Run: 77,822,709,760 bytes free . - - End Of File - - CB8F95DB1459CDA9A6D997EF49DB402B
No malicious items were found with MBAM :
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8093 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/6/2011 11:10:25 AM mbam-log-2011-11-06 (11-10-25).txt Scan type: Quick scan Objects scanned: 157827 Time elapsed: 2 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
TDSKiller found nothing :
11:47:17.0188 1736 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49 11:47:17.0594 1736 ============================================================ 11:47:17.0594 1736 Current date / time: 2011/11/06 11:47:17.0594 11:47:17.0594 1736 SystemInfo: 11:47:17.0594 1736 11:47:17.0594 1736 OS Version: 6.1.7600 ServicePack: 0.0 11:47:17.0594 1736 Product type: Workstation 11:47:17.0594 1736 ComputerName: MOM-PC 11:47:17.0594 1736 UserName: Mom 11:47:17.0594 1736 Windows directory: C:\Windows 11:47:17.0594 1736 System windows directory: C:\Windows 11:47:17.0594 1736 Processor architecture: Intel x86 11:47:17.0594 1736 Number of processors: 2 11:47:17.0594 1736 Page size: 0x1000 11:47:17.0594 1736 Boot type: Normal boot 11:47:17.0595 1736 ============================================================ 11:47:20.0063 1736 Initialize success 11:47:37.0866 2780 ============================================================ 11:47:37.0866 2780 Scan started 11:47:37.0866 2780 Mode: Manual; 11:47:37.0866 2780 ============================================================ 11:47:38.0936 2780 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 11:47:38.0941 2780 1394ohci - ok 11:47:38.0986 2780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 11:47:38.0994 2780 ACPI - ok 11:47:39.0028 2780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 11:47:39.0031 2780 AcpiPmi - ok 11:47:39.0112 2780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 11:47:39.0122 2780 adp94xx - ok 11:47:39.0156 2780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 11:47:39.0163 2780 adpahci - ok 11:47:39.0187 2780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 11:47:39.0192 2780 adpu320 - ok 11:47:39.0260 2780 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 11:47:39.0269 2780 AFD - ok 11:47:39.0289 2780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 11:47:39.0292 2780 agp440 - ok 11:47:39.0319 2780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 11:47:39.0322 2780 aic78xx - ok 11:47:39.0359 2780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 11:47:39.0361 2780 aliide - ok 11:47:39.0378 2780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 11:47:39.0381 2780 amdagp - ok 11:47:39.0401 2780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 11:47:39.0403 2780 amdide - ok 11:47:39.0455 2780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 11:47:39.0457 2780 AmdK8 - ok 11:47:39.0470 2780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 11:47:39.0473 2780 AmdPPM - ok 11:47:39.0516 2780 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 11:47:39.0520 2780 amdsata - ok 11:47:39.0546 2780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 11:47:39.0551 2780 amdsbs - ok 11:47:39.0575 2780 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 11:47:39.0578 2780 amdxata - ok 11:47:39.0610 2780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 11:47:39.0613 2780 AppID - ok 11:47:39.0675 2780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 11:47:39.0678 2780 arc - ok 11:47:39.0697 2780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 11:47:39.0700 2780 arcsas - ok 11:47:39.0741 2780 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys 11:47:39.0743 2780 aswFsBlk - ok 11:47:39.0795 2780 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys 11:47:39.0798 2780 aswMonFlt - ok 11:47:39.0820 2780 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys 11:47:39.0823 2780 aswRdr - ok 11:47:39.0889 2780 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys 11:47:39.0906 2780 aswSnx - ok 11:47:39.0948 2780 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys 11:47:39.0956 2780 aswSP - ok 11:47:39.0976 2780 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys 11:47:39.0979 2780 aswTdi - ok 11:47:40.0018 2780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 11:47:40.0021 2780 AsyncMac - ok 11:47:40.0042 2780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 11:47:40.0044 2780 atapi - ok 11:47:40.0122 2780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 11:47:40.0132 2780 b06bdrv - ok 11:47:40.0174 2780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 11:47:40.0180 2780 b57nd60x - ok 11:47:40.0259 2780 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys 11:47:40.0279 2780 BCM43XX - ok 11:47:40.0295 2780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 11:47:40.0297 2780 Beep - ok 11:47:40.0344 2780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 11:47:40.0347 2780 blbdrive - ok 11:47:40.0396 2780 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 11:47:40.0399 2780 bowser - ok 11:47:40.0423 2780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:47:40.0426 2780 BrFiltLo - ok 11:47:40.0450 2780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:47:40.0452 2780 BrFiltUp - ok 11:47:40.0488 2780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 11:47:40.0495 2780 Brserid - ok 11:47:40.0521 2780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 11:47:40.0524 2780 BrSerWdm - ok 11:47:40.0536 2780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:47:40.0539 2780 BrUsbMdm - ok 11:47:40.0552 2780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 11:47:40.0554 2780 BrUsbSer - ok 11:47:40.0581 2780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 11:47:40.0584 2780 BTHMODEM - ok 11:47:40.0721 2780 catchme - ok 11:47:40.0768 2780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 11:47:40.0772 2780 cdfs - ok 11:47:40.0809 2780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 11:47:40.0811 2780 cdrom - ok 11:47:40.0858 2780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 11:47:40.0861 2780 circlass - ok 11:47:40.0898 2780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 11:47:40.0906 2780 CLFS - ok 11:47:40.0954 2780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 11:47:40.0957 2780 CmBatt - ok 11:47:40.0970 2780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 11:47:40.0973 2780 cmdide - ok 11:47:41.0001 2780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 11:47:41.0010 2780 CNG - ok 11:47:41.0050 2780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 11:47:41.0053 2780 Compbatt - ok 11:47:41.0092 2780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 11:47:41.0094 2780 CompositeBus - ok 11:47:41.0136 2780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 11:47:41.0139 2780 crcdisk - ok 11:47:41.0204 2780 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 11:47:41.0208 2780 DfsC - ok 11:47:41.0224 2780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 11:47:41.0228 2780 discache - ok 11:47:41.0267 2780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 11:47:41.0270 2780 Disk - ok 11:47:41.0339 2780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 11:47:41.0344 2780 drmkaud - ok 11:47:41.0416 2780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 11:47:41.0441 2780 DXGKrnl - ok 11:47:41.0556 2780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 11:47:41.0607 2780 ebdrv - ok 11:47:41.0667 2780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 11:47:41.0677 2780 elxstor - ok 11:47:41.0698 2780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 11:47:41.0700 2780 ErrDev - ok 11:47:41.0739 2780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 11:47:41.0744 2780 exfat - ok 11:47:41.0770 2780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 11:47:41.0775 2780 fastfat - ok 11:47:41.0814 2780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 11:47:41.0816 2780 fdc - ok 11:47:41.0844 2780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 11:47:41.0847 2780 FileInfo - ok 11:47:41.0869 2780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 11:47:41.0871 2780 Filetrace - ok 11:47:41.0888 2780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 11:47:41.0890 2780 flpydisk - ok 11:47:41.0930 2780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 11:47:41.0936 2780 FltMgr - ok 11:47:41.0964 2780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 11:47:41.0967 2780 FsDepends - ok 11:47:41.0987 2780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 11:47:41.0990 2780 Fs_Rec - ok 11:47:42.0033 2780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 11:47:42.0038 2780 fvevol - ok 11:47:42.0075 2780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:47:42.0078 2780 gagp30kx - ok 11:47:42.0122 2780 HBtnKey (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\Windows\system32\DRIVERS\cpqbttn.sys 11:47:42.0124 2780 HBtnKey - ok 11:47:42.0148 2780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 11:47:42.0151 2780 hcw85cir - ok 11:47:42.0201 2780 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 11:47:42.0208 2780 HdAudAddService - ok 11:47:42.0238 2780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:47:42.0242 2780 HDAudBus - ok 11:47:42.0268 2780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 11:47:42.0270 2780 HidBatt - ok 11:47:42.0293 2780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 11:47:42.0297 2780 HidBth - ok 11:47:42.0348 2780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 11:47:42.0351 2780 HidIr - ok 11:47:42.0385 2780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 11:47:42.0388 2780 HidUsb - ok 11:47:42.0455 2780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 11:47:42.0461 2780 HpSAMD - ok 11:47:42.0523 2780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 11:47:42.0542 2780 HTTP - ok 11:47:42.0567 2780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 11:47:42.0569 2780 hwpolicy - ok 11:47:42.0608 2780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 11:47:42.0612 2780 i8042prt - ok 11:47:42.0661 2780 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 11:47:42.0670 2780 iaStorV - ok 11:47:42.0707 2780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 11:47:42.0711 2780 iirsp - ok 11:47:42.0740 2780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 11:47:42.0742 2780 intelide - ok 11:47:42.0767 2780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 11:47:42.0770 2780 intelppm - ok 11:47:42.0805 2780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:47:42.0808 2780 IpFilterDriver - ok 11:47:42.0848 2780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 11:47:42.0852 2780 IPMIDRV - ok 11:47:42.0877 2780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 11:47:42.0881 2780 IPNAT - ok 11:47:42.0907 2780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 11:47:42.0909 2780 IRENUM - ok 11:47:42.0929 2780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 11:47:42.0932 2780 isapnp - ok 11:47:42.0963 2780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 11:47:42.0968 2780 iScsiPrt - ok 11:47:42.0987 2780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 11:47:42.0990 2780 kbdclass - ok 11:47:43.0018 2780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 11:47:43.0021 2780 kbdhid - ok 11:47:43.0051 2780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 11:47:43.0055 2780 KSecDD - ok 11:47:43.0104 2780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 11:47:43.0112 2780 KSecPkg - ok 11:47:43.0201 2780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 11:47:43.0204 2780 lltdio - ok 11:47:43.0255 2780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:47:43.0259 2780 LSI_FC - ok 11:47:43.0278 2780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:47:43.0282 2780 LSI_SAS - ok 11:47:43.0309 2780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:47:43.0313 2780 LSI_SAS2 - ok 11:47:43.0331 2780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:47:43.0335 2780 LSI_SCSI - ok 11:47:43.0384 2780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 11:47:43.0387 2780 luafv - ok 11:47:43.0415 2780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 11:47:43.0418 2780 megasas - ok 11:47:43.0459 2780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 11:47:43.0466 2780 MegaSR - ok 11:47:43.0506 2780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 11:47:43.0507 2780 Modem - ok 11:47:43.0548 2780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 11:47:43.0551 2780 monitor - ok 11:47:43.0577 2780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 11:47:43.0581 2780 mouclass - ok 11:47:43.0617 2780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 11:47:43.0620 2780 mouhid - ok 11:47:43.0642 2780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 11:47:43.0645 2780 mountmgr - ok 11:47:43.0683 2780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 11:47:43.0688 2780 mpio - ok 11:47:43.0732 2780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 11:47:43.0736 2780 mpsdrv - ok 11:47:43.0758 2780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 11:47:43.0762 2780 MRxDAV - ok 11:47:43.0807 2780 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:47:43.0811 2780 mrxsmb - ok 11:47:43.0854 2780 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:47:43.0861 2780 mrxsmb10 - ok 11:47:43.0889 2780 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:47:43.0891 2780 mrxsmb20 - ok 11:47:43.0908 2780 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 11:47:43.0910 2780 msahci - ok 11:47:43.0939 2780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 11:47:43.0943 2780 msdsm - ok 11:47:43.0974 2780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 11:47:43.0977 2780 Msfs - ok 11:47:43.0997 2780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 11:47:43.0999 2780 mshidkmdf - ok 11:47:44.0014 2780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 11:47:44.0017 2780 msisadrv - ok 11:47:44.0059 2780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 11:47:44.0061 2780 MSKSSRV - ok 11:47:44.0086 2780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 11:47:44.0089 2780 MSPCLOCK - ok 11:47:44.0109 2780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 11:47:44.0111 2780 MSPQM - ok 11:47:44.0139 2780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 11:47:44.0144 2780 MsRPC - ok 11:47:44.0173 2780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 11:47:44.0176 2780 mssmbios - ok 11:47:44.0195 2780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 11:47:44.0198 2780 MSTEE - ok 11:47:44.0215 2780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 11:47:44.0217 2780 MTConfig - ok 11:47:44.0243 2780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 11:47:44.0246 2780 Mup - ok 11:47:44.0285 2780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 11:47:44.0293 2780 NativeWifiP - ok 11:47:44.0347 2780 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 11:47:44.0360 2780 NDIS - ok 11:47:44.0380 2780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 11:47:44.0383 2780 NdisCap - ok 11:47:44.0414 2780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 11:47:44.0417 2780 NdisTapi - ok 11:47:44.0441 2780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 11:47:44.0444 2780 Ndisuio - ok 11:47:44.0471 2780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 11:47:44.0475 2780 NdisWan - ok 11:47:44.0498 2780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 11:47:44.0502 2780 NDProxy - ok 11:47:44.0537 2780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 11:47:44.0540 2780 NetBIOS - ok 11:47:44.0566 2780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 11:47:44.0571 2780 NetBT - ok 11:47:44.0628 2780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 11:47:44.0631 2780 nfrd960 - ok 11:47:44.0666 2780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 11:47:44.0669 2780 Npfs - ok 11:47:44.0698 2780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 11:47:44.0701 2780 nsiproxy - ok 11:47:44.0778 2780 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 11:47:44.0801 2780 Ntfs - ok 11:47:44.0824 2780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 11:47:44.0827 2780 Null - ok 11:47:44.0896 2780 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 11:47:44.0910 2780 NVENETFD - ok 11:47:45.0180 2780 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:47:45.0383 2780 nvlddmkm - ok 11:47:45.0500 2780 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 11:47:45.0508 2780 nvraid - ok 11:47:45.0542 2780 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 11:47:45.0550 2780 nvstor - ok 11:47:45.0599 2780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 11:47:45.0604 2780 nv_agp - ok 11:47:45.0655 2780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 11:47:45.0659 2780 ohci1394 - ok 11:47:45.0716 2780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 11:47:45.0720 2780 Parport - ok 11:47:45.0747 2780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 11:47:45.0750 2780 partmgr - ok 11:47:45.0767 2780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 11:47:45.0769 2780 Parvdm - ok 11:47:45.0803 2780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 11:47:45.0808 2780 pci - ok 11:47:45.0826 2780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 11:47:45.0828 2780 pciide - ok 11:47:45.0858 2780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 11:47:45.0864 2780 pcmcia - ok 11:47:45.0889 2780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 11:47:45.0892 2780 pcw - ok 11:47:45.0929 2780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 11:47:45.0942 2780 PEAUTH - ok 11:47:46.0028 2780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 11:47:46.0032 2780 PptpMiniport - ok 11:47:46.0056 2780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 11:47:46.0059 2780 Processor - ok 11:47:46.0113 2780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 11:47:46.0117 2780 Psched - ok 11:47:46.0171 2780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 11:47:46.0197 2780 ql2300 - ok 11:47:46.0227 2780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 11:47:46.0231 2780 ql40xx - ok 11:47:46.0255 2780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 11:47:46.0257 2780 QWAVEdrv - ok 11:47:46.0274 2780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 11:47:46.0277 2780 RasAcd - ok 11:47:46.0325 2780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:47:46.0328 2780 RasAgileVpn - ok 11:47:46.0351 2780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:47:46.0354 2780 Rasl2tp - ok 11:47:46.0379 2780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 11:47:46.0383 2780 RasPppoe - ok 11:47:46.0402 2780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 11:47:46.0406 2780 RasSstp - ok 11:47:46.0435 2780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 11:47:46.0442 2780 rdbss - ok 11:47:46.0471 2780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 11:47:46.0474 2780 rdpbus - ok 11:47:46.0495 2780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:47:46.0498 2780 RDPCDD - ok 11:47:46.0532 2780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 11:47:46.0535 2780 RDPENCDD - ok 11:47:46.0557 2780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 11:47:46.0559 2780 RDPREFMP - ok 11:47:46.0589 2780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 11:47:46.0594 2780 RDPWD - ok 11:47:46.0623 2780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 11:47:46.0629 2780 rdyboost - ok 11:47:46.0672 2780 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 11:47:46.0675 2780 rismxdp - ok 11:47:46.0738 2780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 11:47:46.0741 2780 rspndr - ok 11:47:46.0783 2780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 11:47:46.0786 2780 sbp2port - ok 11:47:46.0816 2780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 11:47:46.0819 2780 scfilter - ok 11:47:46.0876 2780 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 11:47:46.0886 2780 sdbus - ok 11:47:46.0933 2780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 11:47:46.0939 2780 secdrv - ok 11:47:46.0989 2780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 11:47:46.0992 2780 Serenum - ok 11:47:47.0016 2780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 11:47:47.0020 2780 Serial - ok 11:47:47.0038 2780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 11:47:47.0041 2780 sermouse - ok 11:47:47.0088 2780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 11:47:47.0090 2780 sffdisk - ok 11:47:47.0106 2780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 11:47:47.0108 2780 sffp_mmc - ok 11:47:47.0132 2780 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 11:47:47.0135 2780 sffp_sd - ok 11:47:47.0149 2780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 11:47:47.0151 2780 sfloppy - ok 11:47:47.0175 2780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 11:47:47.0179 2780 sisagp - ok 11:47:47.0212 2780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:47:47.0215 2780 SiSRaid2 - ok 11:47:47.0242 2780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 11:47:47.0245 2780 SiSRaid4 - ok 11:47:47.0274 2780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 11:47:47.0278 2780 Smb - ok 11:47:47.0316 2780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 11:47:47.0318 2780 spldr - ok 11:47:47.0385 2780 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 11:47:47.0393 2780 srv - ok 11:47:47.0422 2780 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 11:47:47.0430 2780 srv2 - ok 11:47:47.0489 2780 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 11:47:47.0500 2780 SrvHsfHDA - ok 11:47:47.0565 2780 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 11:47:47.0586 2780 SrvHsfV92 - ok 11:47:47.0624 2780 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 11:47:47.0638 2780 SrvHsfWinac - ok 11:47:47.0685 2780 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 11:47:47.0688 2780 srvnet - ok 11:47:47.0739 2780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 11:47:47.0742 2780 stexstor - ok 11:47:47.0771 2780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 11:47:47.0774 2780 swenum - ok 11:47:47.0863 2780 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys 11:47:47.0887 2780 Tcpip - ok 11:47:47.0934 2780 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys 11:47:47.0945 2780 TCPIP6 - ok 11:47:47.0974 2780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 11:47:47.0977 2780 tcpipreg - ok 11:47:48.0004 2780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 11:47:48.0007 2780 TDPIPE - ok 11:47:48.0020 2780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 11:47:48.0023 2780 TDTCP - ok 11:47:48.0048 2780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 11:47:48.0051 2780 tdx - ok 11:47:48.0073 2780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 11:47:48.0076 2780 TermDD - ok 11:47:48.0138 2780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:47:48.0141 2780 tssecsrv - ok 11:47:48.0178 2780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 11:47:48.0183 2780 tunnel - ok 11:47:48.0203 2780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 11:47:48.0206 2780 uagp35 - ok 11:47:48.0234 2780 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 11:47:48.0241 2780 udfs - ok 11:47:48.0289 2780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 11:47:48.0293 2780 uliagpkx - ok 11:47:48.0322 2780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 11:47:48.0325 2780 umbus - ok 11:47:48.0355 2780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 11:47:48.0357 2780 UmPass - ok 11:47:48.0401 2780 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 11:47:48.0405 2780 usbccgp - ok 11:47:48.0439 2780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 11:47:48.0442 2780 usbcir - ok 11:47:48.0469 2780 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys 11:47:48.0472 2780 usbehci - ok 11:47:48.0513 2780 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 11:47:48.0520 2780 usbhub - ok 11:47:48.0543 2780 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys 11:47:48.0546 2780 usbohci - ok 11:47:48.0569 2780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 11:47:48.0571 2780 usbprint - ok 11:47:48.0607 2780 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:47:48.0610 2780 USBSTOR - ok 11:47:48.0634 2780 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys 11:47:48.0637 2780 usbuhci - ok 11:47:48.0697 2780 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 11:47:48.0707 2780 usbvideo - ok 11:47:48.0775 2780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 11:47:48.0784 2780 vdrvroot - ok 11:47:48.0825 2780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 11:47:48.0828 2780 vga - ok 11:47:48.0848 2780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 11:47:48.0851 2780 VgaSave - ok 11:47:48.0876 2780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 11:47:48.0881 2780 vhdmp - ok 11:47:48.0904 2780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 11:47:48.0908 2780 viaagp - ok 11:47:48.0931 2780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 11:47:48.0935 2780 ViaC7 - ok 11:47:48.0958 2780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 11:47:48.0961 2780 viaide - ok 11:47:48.0984 2780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 11:47:48.0988 2780 volmgr - ok 11:47:49.0011 2780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 11:47:49.0020 2780 volmgrx - ok 11:47:49.0043 2780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 11:47:49.0050 2780 volsnap - ok 11:47:49.0079 2780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 11:47:49.0083 2780 vsmraid - ok 11:47:49.0105 2780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 11:47:49.0109 2780 vwifibus - ok 11:47:49.0146 2780 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 11:47:49.0149 2780 vwififlt - ok 11:47:49.0175 2780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 11:47:49.0178 2780 WacomPen - ok 11:47:49.0215 2780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 11:47:49.0219 2780 WANARP - ok 11:47:49.0224 2780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 11:47:49.0227 2780 Wanarpv6 - ok 11:47:49.0277 2780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 11:47:49.0280 2780 Wd - ok 11:47:49.0310 2780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 11:47:49.0320 2780 Wdf01000 - ok 11:47:49.0394 2780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 11:47:49.0397 2780 WfpLwf - ok 11:47:49.0417 2780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 11:47:49.0420 2780 WIMMount - ok 11:47:49.0493 2780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:47:49.0496 2780 WmiAcpi - ok 11:47:49.0538 2780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 11:47:49.0541 2780 ws2ifsl - ok 11:47:49.0590 2780 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 11:47:49.0593 2780 WSDPrintDevice - ok 11:47:49.0628 2780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 11:47:49.0632 2780 WudfPf - ok 11:47:49.0686 2780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:47:49.0695 2780 WUDFRd - ok 11:47:49.0774 2780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 11:47:49.0780 2780 \Device\Harddisk1\DR1 - ok 11:47:49.0787 2780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 11:47:49.0793 2780 \Device\Harddisk0\DR0 - ok 11:47:49.0798 2780 Boot (0x1200) (82d653d9529b0c08bae2d4a41c27da9e) \Device\Harddisk1\DR1\Partition0 11:47:49.0800 2780 \Device\Harddisk1\DR1\Partition0 - ok 11:47:49.0831 2780 Boot (0x1200) (c4e277d4370c6295b4e5b070568de19f) \Device\Harddisk1\DR1\Partition1 11:47:49.0833 2780 \Device\Harddisk1\DR1\Partition1 - ok 11:47:49.0838 2780 Boot (0x1200) (87d0eb966d52ab9451d3bbdb57214a1f) \Device\Harddisk0\DR0\Partition0 11:47:49.0839 2780 \Device\Harddisk0\DR0\Partition0 - ok 11:47:49.0842 2780 ============================================================ 11:47:49.0842 2780 Scan finished 11:47:49.0842 2780 ============================================================ 11:47:49.0860 4088 Detected object count: 0 11:47:49.0860 4088 Actual detected object count: 0 11:47:59.0745 3840 Deinitialize success
And as far as aswMBR goes, only the fixMBR button was enabled :
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-06 11:48:53 ----------------------------- 11:48:53.818 OS Version: Windows 6.1.7600 11:48:53.819 Number of processors: 2 586 0x6801 11:48:53.821 ComputerName: MOM-PC UserName: Mom 11:48:55.514 Initialize success 11:48:56.055 AVAST engine defs: 11110601 11:49:01.403 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 11:49:01.411 Disk 0 Vendor: WDC_WD800BEVS-60RST0 04.01G04 Size: 76319MB BusType: 3 11:49:01.426 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 11:49:01.437 Disk 1 Vendor: SAMSUNG_HM121HI LZ100-10 Size: 114473MB BusType: 3 11:49:03.466 Disk 1 MBR read successfully 11:49:03.477 Disk 1 MBR scan 11:49:03.536 Disk 1 Windows 7 default MBR code 11:49:03.548 Disk 1 scanning sectors +234436545 11:49:03.625 Disk 1 scanning C:\Windows\system32\drivers 11:49:17.610 Service scanning 11:49:24.250 Modules scanning 11:49:32.031 Module: C:\Windows\System32\user32.dll **SUSPICIOUS** 11:49:33.941 Disk 1 trace - called modules: 11:49:34.361 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 11:49:34.386 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x855ee950] 11:49:34.401 3 CLASSPNP.SYS[8899459e] -> nt!IofCallDriver -> [0x85520918] 11:49:34.412 5 ACPI.sys[884133b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8550c030] 11:49:34.997 AVAST engine scan C:\Windows 11:49:37.416 AVAST engine scan C:\Windows\system32 11:51:21.183 AVAST engine scan C:\Windows\system32\drivers 11:51:31.749 AVAST engine scan C:\Users\Mom 11:52:34.485 AVAST engine scan C:\ProgramData 11:52:52.271 Scan finished successfully 11:53:38.007 Disk 1 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat" 11:53:38.018 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"
#4
Posted 06 November 2011 - 12:40 PM
Both combofix and aswmbr are flagging c:\windows\System32\user32.dll
Let's take a closer look at it:
Copy the text in the code box by highlighting and Ctrl + c
Let the program run unhindered, it shouldn't need to reboot. You should only get one log. Copy and Paste it into a reply.
Your event logs are saying that Windows is not happy. It claims it is not activated and also it is showing some ugly hardware errors. Run the builtin memory check:
To run the Memory Diagnostics Tool manually
If the Windows Memory Diagnostics tool doesn't run automatically, you can run it manually.
Open Memory Diagnostics Tool by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type Memory, and then click Diagnose your computer's memory problems. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Choose when to run the tool.
I expect it will want to reboot in order to run the test. IF it passes the memory test then:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
sigverif
Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Then check to see if Win 7 is activated.
http://windows.micro...-7-is-activated
if not go through the process here:
http://windows.micro...n-this-computer
Ron
Let's take a closer look at it:
Copy the text in the code box by highlighting and Ctrl + c
/md5start user32.dll /md5stopthen run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, it shouldn't need to reboot. You should only get one log. Copy and Paste it into a reply.
Your event logs are saying that Windows is not happy. It claims it is not activated and also it is showing some ugly hardware errors. Run the builtin memory check:
To run the Memory Diagnostics Tool manually
If the Windows Memory Diagnostics tool doesn't run automatically, you can run it manually.
Open Memory Diagnostics Tool by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type Memory, and then click Diagnose your computer's memory problems. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Choose when to run the tool.
I expect it will want to reboot in order to run the test. IF it passes the memory test then:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)
sigverif
Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Then check to see if Win 7 is activated.
http://windows.micro...-7-is-activated
if not go through the process here:
http://windows.micro...n-this-computer
Ron
#5
Posted 06 November 2011 - 09:55 PM
Quick question. Since all my start menu items are gone, the administrative event viewer is no longer there. What do you suggest I do, since when I click manage I get that error?
#6
Posted 06 November 2011 - 10:33 PM
Can you skip to the bottom and do the part that starts with:
Then check to see if Win 7 is activated.
When the timer runs down on Windows activation it pretty much limits windows to basic things. Might be what has happened here.
Then check to see if Win 7 is activated.
When the timer runs down on Windows activation it pretty much limits windows to basic things. Might be what has happened here.
#7
Posted 07 November 2011 - 12:12 PM
Ok, after doing that step it turns out there wasn't even an activation section in the properties of the computer... Which is very strange, because I confirmed that I was doing the right thing by performing the same action on my laptop. In order to activate it say's I need a key, and the person that she bought the computer from did not provide any sort of recovery disc etc...
So basically what I'm understanding now is that the person who sold it to us needs to provide us with the key for windows?
So basically what I'm understanding now is that the person who sold it to us needs to provide us with the key for windows?
#8
Posted 07 November 2011 - 12:18 PM
Usually the key is on a sticker on the PC somewhere if it came from the factory with Windows installed. How long have you had this PC?
#9
Posted 07 November 2011 - 12:30 PM
Beginning of the summer maybe
#10
Posted 07 November 2011 - 12:54 PM
If you can get Speccy to run and there is a license key on the PC then it will show it:
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and find the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Do not post or attach the file to your next post. I don't need to see it and if the serial number exists we do not want to publish it to the internet.
Ron
Get the free version of Speccy:
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and find the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Do not post or attach the file to your next post. I don't need to see it and if the serial number exists we do not want to publish it to the internet.
Ron
#11
Posted 07 November 2011 - 02:58 PM
Ok I did that and I found the serial number
#12
Posted 07 November 2011 - 04:04 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users