Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Smitfraud -C Generic

Started by Seran , Jan 26 2012 03:47 AM

Please log in to reply

#16
RKinner

Posted 27 January 2012 - 12:30 AM

Malware Expert

Expert
24,625 posts

Uninstall Malwarebytes' Anti-Malware now. It can interfere with our other tools.

Run aswMBR again and let's see if fixing TDSS cleared its log too. No need to do the Avast thing this time so it should be fairly quick. If the FIX button is enabled (not the FixMBR button) then press it. Please copy and paste the log.

Could I also see your final TDSSKiller log?

Could you try Combofix again? This time boot into Safe Mode with Networking before you run it.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Let it run for at least an hour. The 10 minutes that they talk about is very optimistic these days.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#17
Seran

Posted 27 January 2012 - 07:40 AM

Member

Topic Starter
Member
37 posts

07:37:16.0126 1220 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
07:37:16.0691 1220 ============================================================
07:37:16.0691 1220 Current date / time: 2012/01/27 07:37:16.0691
07:37:16.0691 1220 SystemInfo:
07:37:16.0692 1220
07:37:16.0692 1220 OS Version: 6.0.6002 ServicePack: 2.0
07:37:16.0692 1220 Product type: Workstation
07:37:16.0692 1220 ComputerName: AWESOME
07:37:16.0692 1220 UserName: Martin
07:37:16.0692 1220 Windows directory: C:\Windows
07:37:16.0692 1220 System windows directory: C:\Windows
07:37:16.0692 1220 Running under WOW64
07:37:16.0692 1220 Processor architecture: Intel x64
07:37:16.0692 1220 Number of processors: 2
07:37:16.0692 1220 Page size: 0x1000
07:37:16.0692 1220 Boot type: Normal boot
07:37:16.0692 1220 ============================================================
07:37:17.0944 1220 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:37:21.0705 1220 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:37:25.0662 1220 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:37:25.0976 1220 Initialize success
07:37:30.0797 2044 ============================================================
07:37:30.0797 2044 Scan started
07:37:30.0797 2044 Mode: Manual; SigCheck; TDLFS;
07:37:30.0797 2044 ============================================================
07:37:31.0633 2044 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
07:37:31.0813 2044 ACPI - ok
07:37:31.0904 2044 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
07:37:31.0950 2044 adp94xx - ok
07:37:31.0983 2044 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
07:37:32.0022 2044 adpahci - ok
07:37:32.0048 2044 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
07:37:32.0069 2044 adpu160m - ok
07:37:32.0109 2044 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
07:37:32.0135 2044 adpu320 - ok
07:37:32.0242 2044 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
07:37:32.0386 2044 AFD - ok
07:37:32.0448 2044 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
07:37:32.0468 2044 agp440 - ok
07:37:32.0521 2044 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
07:37:32.0556 2044 aic78xx - ok
07:37:32.0597 2044 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
07:37:32.0624 2044 aliide - ok
07:37:32.0646 2044 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
07:37:32.0665 2044 amdide - ok
07:37:32.0703 2044 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
07:37:32.0786 2044 AmdK8 - ok
07:37:32.0842 2044 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
07:37:32.0863 2044 arc - ok
07:37:32.0894 2044 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
07:37:32.0915 2044 arcsas - ok
07:37:33.0103 2044 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
07:37:33.0207 2044 AsyncMac - ok
07:37:33.0369 2044 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
07:37:33.0388 2044 atapi - ok
07:37:33.0513 2044 ATIAVPCI (a87c69ea0319a6d1b5457290a7d62f75) C:\Windows\system32\DRIVERS\atinavrr.sys
07:37:33.0606 2044 ATIAVPCI - ok
07:37:33.0645 2044 Beep - ok
07:37:33.0692 2044 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
07:37:33.0766 2044 blbdrive - ok
07:37:33.0819 2044 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
07:37:33.0871 2044 bowser - ok
07:37:33.0896 2044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
07:37:33.0948 2044 BrFiltLo - ok
07:37:34.0053 2044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
07:37:34.0118 2044 BrFiltUp - ok
07:37:34.0160 2044 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
07:37:34.0250 2044 Brserid - ok
07:37:34.0280 2044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
07:37:34.0390 2044 BrSerWdm - ok
07:37:34.0424 2044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
07:37:34.0524 2044 BrUsbMdm - ok
07:37:34.0548 2044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
07:37:34.0644 2044 BrUsbSer - ok
07:37:34.0676 2044 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
07:37:34.0774 2044 BTHMODEM - ok
07:37:34.0842 2044 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
07:37:34.0885 2044 BVRPMPR5a64 - ok
07:37:34.0995 2044 catchme - ok
07:37:35.0077 2044 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
07:37:35.0159 2044 cdfs - ok
07:37:35.0194 2044 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
07:37:35.0251 2044 cdrom - ok
07:37:35.0286 2044 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
07:37:35.0356 2044 circlass - ok
07:37:35.0390 2044 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
07:37:35.0425 2044 CLFS - ok
07:37:35.0477 2044 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
07:37:35.0494 2044 cmdide - ok
07:37:35.0519 2044 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
07:37:35.0545 2044 Compbatt - ok
07:37:35.0568 2044 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
07:37:35.0586 2044 crcdisk - ok
07:37:35.0655 2044 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
07:37:35.0695 2044 DfsC - ok
07:37:35.0740 2044 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
07:37:35.0762 2044 disk - ok
07:37:35.0808 2044 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
07:37:35.0883 2044 Dot4 - ok
07:37:35.0939 2044 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:37:35.0999 2044 Dot4Print - ok
07:37:36.0062 2044 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
07:37:36.0125 2044 dot4usb - ok
07:37:36.0177 2044 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
07:37:36.0219 2044 drmkaud - ok
07:37:36.0308 2044 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
07:37:36.0325 2044 DrvAgent64 - ok
07:37:36.0446 2044 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
07:37:36.0513 2044 DXGKrnl - ok
07:37:36.0561 2044 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
07:37:36.0631 2044 E1G60 - ok
07:37:36.0708 2044 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
07:37:36.0732 2044 Ecache - ok
07:37:36.0810 2044 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
07:37:36.0849 2044 elxstor - ok
07:37:36.0901 2044 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
07:37:36.0918 2044 ENTECH64 - ok
07:37:36.0940 2044 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
07:37:37.0014 2044 ErrDev - ok
07:37:37.0094 2044 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
07:37:37.0155 2044 exfat - ok
07:37:37.0201 2044 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
07:37:37.0267 2044 fastfat - ok
07:37:37.0333 2044 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
07:37:37.0399 2044 fdc - ok
07:37:37.0460 2044 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
07:37:37.0482 2044 FileInfo - ok
07:37:37.0505 2044 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
07:37:37.0562 2044 Filetrace - ok
07:37:37.0613 2044 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:37:37.0681 2044 flpydisk - ok
07:37:37.0762 2044 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
07:37:37.0795 2044 FltMgr - ok
07:37:37.0827 2044 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
07:37:37.0871 2044 Fs_Rec - ok
07:37:37.0934 2044 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
07:37:37.0954 2044 gagp30kx - ok
07:37:37.0984 2044 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:37:37.0998 2044 gdrv - ok
07:37:38.0045 2044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:37:38.0060 2044 GEARAspiWDM - ok
07:37:38.0131 2044 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
07:37:38.0147 2044 hamachi - ok
07:37:38.0244 2044 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
07:37:38.0294 2044 HdAudAddService - ok
07:37:38.0350 2044 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:37:38.0455 2044 HDAudBus - ok
07:37:38.0499 2044 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
07:37:38.0629 2044 HidBth - ok
07:37:38.0682 2044 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
07:37:38.0733 2044 HidIr - ok
07:37:38.0791 2044 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
07:37:38.0855 2044 HidUsb - ok
07:37:38.0899 2044 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
07:37:38.0917 2044 HpCISSs - ok
07:37:38.0986 2044 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
07:37:39.0070 2044 HTTP - ok
07:37:39.0099 2044 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
07:37:39.0117 2044 i2omp - ok
07:37:39.0171 2044 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
07:37:39.0246 2044 i8042prt - ok
07:37:39.0317 2044 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
07:37:39.0343 2044 iaStorV - ok
07:37:39.0386 2044 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
07:37:39.0416 2044 iirsp - ok
07:37:39.0526 2044 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
07:37:39.0680 2044 IntcAzAudAddService - ok
07:37:39.0707 2044 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
07:37:39.0725 2044 intelide - ok
07:37:39.0785 2044 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
07:37:39.0847 2044 intelppm - ok
07:37:39.0900 2044 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:37:39.0969 2044 IpFilterDriver - ok
07:37:39.0989 2044 IpInIp - ok
07:37:40.0027 2044 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
07:37:40.0110 2044 IPMIDRV - ok
07:37:40.0169 2044 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
07:37:40.0255 2044 IPNAT - ok
07:37:40.0291 2044 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
07:37:40.0369 2044 IRENUM - ok
07:37:40.0402 2044 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
07:37:40.0420 2044 isapnp - ok
07:37:40.0470 2044 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
07:37:40.0511 2044 iScsiPrt - ok
07:37:40.0550 2044 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
07:37:40.0567 2044 iteatapi - ok
07:37:40.0587 2044 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
07:37:40.0605 2044 iteraid - ok
07:37:40.0640 2044 JRAID (98e7d6164eba27ef25835f95910e622c) C:\Windows\system32\DRIVERS\jraid.sys
07:37:40.0678 2044 JRAID - ok
07:37:40.0706 2044 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
07:37:40.0725 2044 kbdclass - ok
07:37:40.0757 2044 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
07:37:40.0816 2044 kbdhid - ok
07:37:40.0866 2044 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
07:37:40.0921 2044 KSecDD - ok
07:37:40.0972 2044 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
07:37:41.0042 2044 ksthunk - ok
07:37:41.0094 2044 L8042Kbd (bbd9bbed0de036b2297e6434b26d1ae9) C:\Windows\system32\DRIVERS\L8042Kbd.sys
07:37:41.0110 2044 L8042Kbd - ok
07:37:41.0173 2044 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:37:41.0189 2044 LHidFilt - ok
07:37:41.0225 2044 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
07:37:41.0301 2044 lltdio - ok
07:37:41.0337 2044 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:37:41.0352 2044 LMouFilt - ok
07:37:41.0377 2044 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
07:37:41.0411 2044 LSI_FC - ok
07:37:41.0441 2044 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
07:37:41.0461 2044 LSI_SAS - ok
07:37:41.0489 2044 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
07:37:41.0509 2044 LSI_SCSI - ok
07:37:41.0533 2044 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
07:37:41.0595 2044 luafv - ok
07:37:41.0629 2044 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
07:37:41.0645 2044 LVPr2M64 - ok
07:37:41.0678 2044 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
07:37:41.0691 2044 LVPr2Mon - ok
07:37:41.0784 2044 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
07:37:41.0842 2044 LVRS64 - ok
07:37:41.0857 2044 LVUSBS64 - ok
07:37:41.0983 2044 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
07:37:42.0653 2044 LVUVC64 - ok
07:37:42.0707 2044 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
07:37:42.0722 2044 MagicTune - ok
07:37:42.0747 2044 MBAMProtector - ok
07:37:42.0801 2044 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
07:37:42.0819 2044 megasas - ok
07:37:42.0855 2044 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
07:37:42.0893 2044 MegaSR - ok
07:37:42.0920 2044 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
07:37:42.0998 2044 Modem - ok
07:37:43.0047 2044 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
07:37:43.0104 2044 monitor - ok
07:37:43.0139 2044 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
07:37:43.0157 2044 mouclass - ok
07:37:43.0183 2044 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
07:37:43.0250 2044 mouhid - ok
07:37:43.0271 2044 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
07:37:43.0297 2044 MountMgr - ok
07:37:43.0340 2044 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
07:37:43.0368 2044 MpFilter - ok
07:37:43.0401 2044 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
07:37:43.0422 2044 mpio - ok
07:37:43.0475 2044 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
07:37:43.0493 2044 MpNWMon - ok
07:37:43.0532 2044 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
07:37:43.0593 2044 mpsdrv - ok
07:37:43.0620 2044 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
07:37:43.0638 2044 Mraid35x - ok
07:37:43.0676 2044 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
07:37:43.0734 2044 MRxDAV - ok
07:37:43.0767 2044 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:37:43.0823 2044 mrxsmb - ok
07:37:43.0849 2044 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:37:43.0899 2044 mrxsmb10 - ok
07:37:43.0930 2044 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:37:43.0964 2044 mrxsmb20 - ok
07:37:43.0996 2044 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
07:37:44.0014 2044 msahci - ok
07:37:44.0038 2044 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
07:37:44.0058 2044 msdsm - ok
07:37:44.0097 2044 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
07:37:44.0156 2044 Msfs - ok
07:37:44.0179 2044 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
07:37:44.0196 2044 msisadrv - ok
07:37:44.0296 2044 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
07:37:44.0394 2044 MSKSSRV - ok
07:37:44.0440 2044 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
07:37:44.0525 2044 MSPCLOCK - ok
07:37:44.0565 2044 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
07:37:44.0630 2044 MSPQM - ok
07:37:44.0687 2044 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
07:37:44.0719 2044 MsRPC - ok
07:37:44.0752 2044 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
07:37:44.0771 2044 mssmbios - ok
07:37:44.0811 2044 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
07:37:44.0869 2044 MSTEE - ok
07:37:44.0922 2044 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
07:37:44.0938 2044 msvad_simple - ok
07:37:44.0966 2044 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
07:37:44.0987 2044 Mup - ok
07:37:45.0031 2044 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
07:37:45.0079 2044 NativeWifiP - ok
07:37:45.0124 2044 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
07:37:45.0222 2044 NDIS - ok
07:37:45.0271 2044 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
07:37:45.0333 2044 NdisTapi - ok
07:37:45.0389 2044 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
07:37:45.0481 2044 Ndisuio - ok
07:37:45.0568 2044 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
07:37:45.0630 2044 NdisWan - ok
07:37:45.0663 2044 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
07:37:45.0728 2044 NDProxy - ok
07:37:45.0761 2044 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
07:37:45.0827 2044 NetBIOS - ok
07:37:45.0891 2044 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
07:37:46.0009 2044 netbt - ok
07:37:46.0276 2044 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
07:37:46.0339 2044 nfrd960 - ok
07:37:46.0498 2044 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:37:46.0573 2044 NisDrv - ok
07:37:46.0648 2044 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
07:37:46.0710 2044 Npfs - ok
07:37:46.0761 2044 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
07:37:46.0869 2044 nsiproxy - ok
07:37:46.0944 2044 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
07:37:47.0041 2044 Ntfs - ok
07:37:47.0090 2044 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
07:37:47.0152 2044 Null - ok
07:37:47.0561 2044 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:37:49.0078 2044 nvlddmkm - ok
07:37:49.0153 2044 NwlnkFlt - ok
07:37:49.0179 2044 NwlnkFwd - ok
07:37:49.0219 2044 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
07:37:49.0270 2044 ohci1394 - ok
07:37:49.0325 2044 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
07:37:49.0410 2044 Parport - ok
07:37:49.0467 2044 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
07:37:49.0491 2044 partmgr - ok
07:37:49.0570 2044 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
07:37:49.0599 2044 pci - ok
07:37:49.0633 2044 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
07:37:49.0654 2044 pciide - ok
07:37:49.0696 2044 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
07:37:49.0720 2044 pcmcia - ok
07:37:49.0762 2044 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
07:37:49.0891 2044 PEAUTH - ok
07:37:49.0997 2044 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
07:37:50.0066 2044 PptpMiniport - ok
07:37:50.0093 2044 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
07:37:50.0152 2044 Processor - ok
07:37:50.0208 2044 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
07:37:50.0259 2044 PSched - ok
07:37:50.0307 2044 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
07:37:50.0381 2044 ql2300 - ok
07:37:50.0417 2044 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
07:37:50.0437 2044 ql40xx - ok
07:37:50.0470 2044 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
07:37:50.0494 2044 QWAVEdrv - ok
07:37:50.0514 2044 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
07:37:50.0582 2044 RasAcd - ok
07:37:50.0631 2044 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:37:50.0676 2044 Rasl2tp - ok
07:37:50.0721 2044 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
07:37:50.0764 2044 RasPppoe - ok
07:37:50.0795 2044 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
07:37:50.0830 2044 RasSstp - ok
07:37:50.0881 2044 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
07:37:50.0947 2044 rdbss - ok
07:37:50.0979 2044 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:37:51.0037 2044 RDPCDD - ok
07:37:51.0077 2044 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
07:37:51.0142 2044 rdpdr - ok
07:37:51.0172 2044 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
07:37:51.0265 2044 RDPENCDD - ok
07:37:51.0306 2044 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
07:37:51.0365 2044 RDPWD - ok
07:37:51.0454 2044 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
07:37:51.0473 2044 RivaTuner64 - ok
07:37:51.0505 2044 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
07:37:51.0565 2044 rspndr - ok
07:37:51.0606 2044 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:37:51.0652 2044 RTL8169 - ok
07:37:51.0735 2044 SaiK0728 (86044d29e67b27f8bb80b381486bc1ed) C:\Windows\system32\DRIVERS\SaiK0728.sys
07:37:51.0768 2044 SaiK0728 - ok
07:37:51.0819 2044 SaiMini (adab3414e8864b77f4c68c96434b0043) C:\Windows\system32\DRIVERS\SaiMini.sys
07:37:51.0841 2044 SaiMini - ok
07:37:51.0873 2044 SaiNtBus (652ac63c3c9b6b6d5f9862ff2374b9da) C:\Windows\system32\drivers\SaiBus.sys
07:37:51.0891 2044 SaiNtBus - ok
07:37:51.0922 2044 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
07:37:51.0941 2044 sbp2port - ok
07:37:51.0998 2044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:37:52.0089 2044 secdrv - ok
07:37:52.0124 2044 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
07:37:52.0189 2044 Serenum - ok
07:37:52.0278 2044 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
07:37:52.0356 2044 Serial - ok
07:37:52.0411 2044 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
07:37:52.0480 2044 sermouse - ok
07:37:52.0528 2044 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
07:37:52.0591 2044 sffdisk - ok
07:37:52.0626 2044 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
07:37:52.0695 2044 sffp_mmc - ok
07:37:52.0728 2044 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
07:37:52.0797 2044 sffp_sd - ok
07:37:52.0827 2044 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
07:37:52.0915 2044 sfloppy - ok
07:37:52.0950 2044 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
07:37:52.0968 2044 SiSRaid2 - ok
07:37:53.0001 2044 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
07:37:53.0020 2044 SiSRaid4 - ok
07:37:53.0077 2044 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
07:37:53.0097 2044 skfiltv - ok
07:37:53.0141 2044 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
07:37:53.0185 2044 Smb - ok
07:37:53.0273 2044 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
07:37:53.0296 2044 spldr - ok
07:37:53.0356 2044 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
07:37:53.0357 2044 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
07:37:53.0360 2044 sptd ( LockedFile.Multi.Generic ) - warning
07:37:53.0360 2044 sptd - detected LockedFile.Multi.Generic (1)
07:37:53.0400 2044 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
07:37:53.0467 2044 srv - ok
07:37:53.0511 2044 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
07:37:53.0565 2044 srv2 - ok
07:37:53.0597 2044 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
07:37:53.0623 2044 srvnet - ok
07:37:53.0675 2044 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
07:37:53.0690 2044 swenum - ok
07:37:53.0733 2044 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
07:37:53.0752 2044 Symc8xx - ok
07:37:53.0783 2044 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
07:37:53.0801 2044 Sym_hi - ok
07:37:53.0832 2044 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
07:37:53.0850 2044 Sym_u3 - ok
07:37:53.0899 2044 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
07:37:53.0915 2044 taphss - ok
07:37:53.0988 2044 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
07:37:54.0080 2044 Tcpip - ok
07:37:54.0147 2044 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
07:37:54.0241 2044 Tcpip6 - ok
07:37:54.0280 2044 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
07:37:54.0314 2044 tcpipreg - ok
07:37:54.0338 2044 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
07:37:54.0407 2044 TDPIPE - ok
07:37:54.0447 2044 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
07:37:54.0504 2044 TDTCP - ok
07:37:54.0535 2044 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
07:37:54.0579 2044 tdx - ok
07:37:54.0618 2044 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
07:37:54.0640 2044 TermDD - ok
07:37:54.0675 2044 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:37:54.0731 2044 tssecsrv - ok
07:37:54.0763 2044 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
07:37:54.0807 2044 tunmp - ok
07:37:54.0846 2044 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
07:37:54.0869 2044 tunnel - ok
07:37:54.0899 2044 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
07:37:54.0917 2044 uagp35 - ok
07:37:54.0962 2044 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
07:37:55.0012 2044 udfs - ok
07:37:55.0045 2044 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
07:37:55.0064 2044 uliagpkx - ok
07:37:55.0095 2044 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
07:37:55.0121 2044 uliahci - ok
07:37:55.0155 2044 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
07:37:55.0176 2044 UlSata - ok
07:37:55.0204 2044 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
07:37:55.0227 2044 ulsata2 - ok
07:37:55.0263 2044 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
07:37:55.0320 2044 umbus - ok
07:37:55.0365 2044 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
07:37:55.0421 2044 UMPass - ok
07:37:55.0482 2044 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:37:55.0511 2044 USBAAPL64 - ok
07:37:55.0553 2044 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
07:37:55.0619 2044 usbaudio - ok
07:37:55.0670 2044 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
07:37:55.0725 2044 usbccgp - ok
07:37:55.0759 2044 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
07:37:55.0833 2044 usbcir - ok
07:37:55.0876 2044 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
07:37:55.0925 2044 usbehci - ok
07:37:55.0955 2044 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
07:37:56.0010 2044 usbhub - ok
07:37:56.0043 2044 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
07:37:56.0148 2044 usbohci - ok
07:37:56.0185 2044 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
07:37:56.0276 2044 usbprint - ok
07:37:56.0321 2044 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
07:37:56.0375 2044 usbscan - ok
07:37:56.0553 2044 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:37:56.0602 2044 USBSTOR - ok
07:37:56.0641 2044 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
07:37:56.0688 2044 usbuhci - ok
07:37:56.0757 2044 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
07:37:56.0834 2044 usbvideo - ok
07:37:56.0873 2044 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
07:37:56.0950 2044 vga - ok
07:37:56.0996 2044 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
07:37:57.0073 2044 VgaSave - ok
07:37:57.0111 2044 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
07:37:57.0128 2044 viaide - ok
07:37:57.0182 2044 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
07:37:57.0205 2044 volmgr - ok
07:37:57.0263 2044 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
07:37:57.0314 2044 volmgrx - ok
07:37:57.0353 2044 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
07:37:57.0382 2044 volsnap - ok
07:37:57.0419 2044 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
07:37:57.0453 2044 vsmraid - ok
07:37:57.0489 2044 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
07:37:57.0597 2044 WacomPen - ok
07:37:57.0649 2044 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:57.0711 2044 Wanarp - ok
07:37:57.0721 2044 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:57.0765 2044 Wanarpv6 - ok
07:37:57.0812 2044 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
07:37:57.0830 2044 Wd - ok
07:37:57.0874 2044 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
07:37:58.0003 2044 Wdf01000 - ok
07:37:58.0079 2044 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
07:37:58.0095 2044 WmBEnum - ok
07:37:58.0130 2044 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
07:37:58.0144 2044 WmFilter - ok
07:37:58.0178 2044 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
07:37:58.0232 2044 WmiAcpi - ok
07:37:58.0273 2044 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
07:37:58.0286 2044 WmVirHid - ok
07:37:58.0311 2044 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
07:37:58.0326 2044 WmXlCore - ok
07:37:58.0368 2044 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
07:37:58.0399 2044 WpdUsb - ok
07:37:58.0425 2044 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
07:37:58.0486 2044 ws2ifsl - ok
07:37:58.0550 2044 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:37:58.0610 2044 WSDPrintDevice - ok
07:37:58.0648 2044 WSDScan (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys
07:37:58.0691 2044 WSDScan - ok
07:37:58.0736 2044 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:37:58.0812 2044 WUDFRd - ok
07:37:58.0845 2044 MBR (0x1B8) (9a14d85b5f6b63a52dcd7e77d9804319) \Device\Harddisk0\DR0
07:37:58.0959 2044 \Device\Harddisk0\DR0 - ok
07:38:02.0709 2044 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
07:38:02.0797 2044 \Device\Harddisk1\DR1 - ok
07:38:06.0723 2044 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
07:38:06.0814 2044 \Device\Harddisk2\DR2 - ok
07:38:06.0830 2044 Boot (0x1200) (309392275d769ab38ac0cc07502359df) \Device\Harddisk0\DR0\Partition0
07:38:06.0833 2044 \Device\Harddisk0\DR0\Partition0 - ok
07:38:06.0837 2044 Boot (0x1200) (5bc0df43816f32698388fae1357dc910) \Device\Harddisk1\DR1\Partition0
07:38:06.0838 2044 \Device\Harddisk1\DR1\Partition0 - ok
07:38:06.0868 2044 Boot (0x1200) (be1430a3a5f24a9c30ace10154116133) \Device\Harddisk2\DR2\Partition0
07:38:06.0870 2044 \Device\Harddisk2\DR2\Partition0 - ok
07:38:06.0875 2044 ============================================================
07:38:06.0875 2044 Scan finished
07:38:06.0875 2044 ============================================================
07:38:06.0891 2648 Detected object count: 1
07:38:06.0891 2648 Actual detected object count: 1

#18
Seran

Posted 27 January 2012 - 08:07 AM

Member

Topic Starter
Member
37 posts

It's very strange. Combofixer didn't want to run as admin no matter how many times I right clicked to Run As Admin.... But it did produce a log....

ComboFix 12-01-27.01 - Martin 01/27/2012 7:59.2.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2885 [GMT -6:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\GTA\AppData\Local\temp
2012-01-27 13:45 . 2012-01-27 13:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0F08E34-AEFB-44F2-B360-556E1DCC3CC5}\offreg.dll
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 00:59 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0F08E34-AEFB-44F2-B360-556E1DCC3CC5}\mpengine.dll
2012-01-26 22:27 . 2012-01-26 22:27 -------- d-----w- C:\_OTL
2012-01-26 09:50 . 2012-01-26 10:15 -------- d-----w- c:\users\Martin\DoctorWeb
2012-01-25 11:27 . 2012-01-25 11:27 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-24 06:03 . 2012-01-26 08:22 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-24 06:03 . 2012-01-24 06:03 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-21 02:13 . 2012-01-24 23:33 -------- d-----w- c:\program files\iPod(24)
2012-01-12 15:39 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 15:39 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 15:39 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 15:39 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 15:39 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 01:54 . 2012-01-12 01:54 -------- d-----w- c:\users\Martin\AppData\Local\SanctionedMedia
2012-01-11 11:59 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 10:22 . 2012-01-06 10:22 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2012-01-06 10:14 . 2012-01-06 10:16 -------- d-----w- c:\program files\Canon
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-02 14:59 . 2012-01-02 15:05 -------- d-----w- c:\users\Martin\AppData\Roaming\PCPro
2012-01-02 14:59 . 2012-01-02 14:59 -------- d-----w- c:\users\Martin\AppData\Roaming\PC Cleaners
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\programdata\PC1Data
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\program files (x86)\PC Cleaners
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\DriverCure
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\SpeedyPC Software
2012-01-02 14:29 . 2012-01-02 14:29 -------- d-----w- c:\windows\Sun
2012-01-01 04:58 . 2012-01-01 04:58 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 04:58 . 2012-01-01 04:58 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 04:58 . 2012-01-01 04:58 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-01 04:58 . 2012-01-01 04:58 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 04:24 . 2012-01-01 04:24 -------- d-----w- c:\users\Martin\AppData\Local\SWTOR
2011-12-30 10:08 . 2011-12-30 10:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-12-30 10:05 . 2011-12-30 10:08 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-30 09:46 . 2011-12-30 09:56 -------- d-----w- c:\users\Martin\Adobe Photoshop CS5.1
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-12-29 09:15 . 2011-12-29 12:27 -------- d-----w- c:\users\Martin\AppData\Roaming\Intelli-studio
2011-12-29 09:15 . 2011-12-29 09:15 -------- d-----w- c:\program files (x86)\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 03:15 . 2010-11-06 19:54 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2009-10-03 04:29 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 07:18 . 2011-05-13 03:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 06:33 . 2011-11-24 06:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 13:57 . 2011-12-14 03:50 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 11:57 . 2011-11-16 11:57 53248 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-11-08 14:58 . 2011-12-14 03:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 03:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 03:51 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 03:51 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 03:51 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 03:51 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 03:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 03:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_23.08.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2012-01-27 03:41 87760 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 03:05 . 2012-01-27 03:41 41918 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2836959131-4068810153-2499601522-1000_UserData.bin
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 13:45 . 2012-01-27 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 13:45 . 2012-01-27 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:23 . 2012-01-27 03:41 133896 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-01-27 13:51 605616 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-27 13:51 104586 c:\windows\system32\perfc009.dat
- 2010-04-27 07:09 . 2012-01-26 23:06 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-27 07:09 . 2012-01-27 13:40 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-27 07:09 . 2012-01-27 13:40 13873212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2836959131-4068810153-2499601522-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-09-07 20:25 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2009-5-26 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-3 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-03 23:34]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
- c:\windows\system32\msfeedssync.exe [2011-04-07 00:20]
.
2011-05-13 c:\windows\Tasks\{3A203E6F-0710-43F9-A55E-2D9EBC8FF01A}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 14:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"MagicTuneEngine"="c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe" [2009-06-15 24064]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 352256]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 194560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Solid YouTube FileBulldog Toolbar - c:\program files (x86)\Solid YouTube FileBulldog Toolbar\UninstallToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AirPrint]
"ImagePath"="c:\program files<x86>\AirPrint\airprint.exe-s"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}*]
"haldmoebgbmehcln"=hex:6a,61,62,6e,61,69,6d,61,6e,70,63,69,69,6f,67,6c,68,68,
63,63,00,2e
"iafeogiphdphneicoo"=hex:6a,61,62,6e,61,69,6d,61,6e,70,63,69,69,6f,67,6c,68,68,
63,63,00,68
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,e3,e2,40,a5,4f,ea,e4,f9,9c,30,7a,de,0a,b2,7d,e8,66,00,a2,31,ad,42,
92,15,ae,09,00,73,a3,71,4a,ba,95,5b,2b,f7,20,70,b5,51,31,52,9d,03,ae,28,cf,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,44,08,45,d0,3b,47,0d,32,08,68,98,d7,34,e8,be,98,d2,47,8a,c3,
f7,22,f4,67,5e,97,33,fd,a9,d8,dc,f9,ac,09,40,d5,e4,be,aa,07,bb,e1,66,78,d2,\
"rkeysecu"=hex:6d,8d,3b,f5,a9,55,a7,a1,12,13,c7,72,49,ad,78,21
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-01-27 08:05:39
ComboFix-quarantined-files.txt 2012-01-27 14:05
.
Pre-Run: 56,483,594,240 bytes free
Post-Run: 56,481,181,696 bytes free
.
- - End Of File - - 0E4469B9A3A19D4BEBDF3069B76016EA

#19
Seran

Posted 27 January 2012 - 08:19 AM

Member

Topic Starter
Member
37 posts

OTL only posted 1 log... maybe I needed to put something into Custom Scans/Fixes box? You never said to...

Anyways...

ComboFix 12-01-27.01 - Martin 01/27/2012 7:59.2.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2885 [GMT -6:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-01-27 14:03 . 2012-01-27 14:03 -------- d-----w- c:\users\GTA\AppData\Local\temp
2012-01-27 13:45 . 2012-01-27 13:45 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0F08E34-AEFB-44F2-B360-556E1DCC3CC5}\offreg.dll
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 00:59 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0F08E34-AEFB-44F2-B360-556E1DCC3CC5}\mpengine.dll
2012-01-26 22:27 . 2012-01-26 22:27 -------- d-----w- C:\_OTL
2012-01-26 09:50 . 2012-01-26 10:15 -------- d-----w- c:\users\Martin\DoctorWeb
2012-01-25 11:27 . 2012-01-25 11:27 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-24 06:03 . 2012-01-26 08:22 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-24 06:03 . 2012-01-24 06:03 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-21 02:13 . 2012-01-24 23:33 -------- d-----w- c:\program files\iPod(24)
2012-01-12 15:39 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 15:39 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 15:39 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 15:39 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 15:39 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 01:54 . 2012-01-12 01:54 -------- d-----w- c:\users\Martin\AppData\Local\SanctionedMedia
2012-01-11 11:59 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 10:22 . 2012-01-06 10:22 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2012-01-06 10:14 . 2012-01-06 10:16 -------- d-----w- c:\program files\Canon
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-02 14:59 . 2012-01-02 15:05 -------- d-----w- c:\users\Martin\AppData\Roaming\PCPro
2012-01-02 14:59 . 2012-01-02 14:59 -------- d-----w- c:\users\Martin\AppData\Roaming\PC Cleaners
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\programdata\PC1Data
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\program files (x86)\PC Cleaners
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\DriverCure
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\SpeedyPC Software
2012-01-02 14:29 . 2012-01-02 14:29 -------- d-----w- c:\windows\Sun
2012-01-01 04:58 . 2012-01-01 04:58 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 04:58 . 2012-01-01 04:58 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 04:58 . 2012-01-01 04:58 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-01 04:58 . 2012-01-01 04:58 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 04:24 . 2012-01-01 04:24 -------- d-----w- c:\users\Martin\AppData\Local\SWTOR
2011-12-30 10:08 . 2011-12-30 10:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-12-30 10:05 . 2011-12-30 10:08 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-30 09:46 . 2011-12-30 09:56 -------- d-----w- c:\users\Martin\Adobe Photoshop CS5.1
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-12-29 09:15 . 2011-12-29 12:27 -------- d-----w- c:\users\Martin\AppData\Roaming\Intelli-studio
2011-12-29 09:15 . 2011-12-29 09:15 -------- d-----w- c:\program files (x86)\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 03:15 . 2010-11-06 19:54 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2009-10-03 04:29 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 07:18 . 2011-05-13 03:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 06:33 . 2011-11-24 06:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 13:57 . 2011-12-14 03:50 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 11:57 . 2011-11-16 11:57 53248 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-11-08 14:58 . 2011-12-14 03:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 03:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 03:51 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 03:51 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 03:51 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 03:51 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 03:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 03:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_23.08.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2012-01-27 03:41 87760 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 03:05 . 2012-01-27 03:41 41918 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2836959131-4068810153-2499601522-1000_UserData.bin
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 13:45 . 2012-01-27 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 13:45 . 2012-01-27 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:23 . 2012-01-27 03:41 133896 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-01-27 13:51 605616 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-27 13:51 104586 c:\windows\system32\perfc009.dat
- 2010-04-27 07:09 . 2012-01-26 23:06 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-27 07:09 . 2012-01-27 13:40 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-27 07:09 . 2012-01-27 13:40 13873212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2836959131-4068810153-2499601522-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-09-07 20:25 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2009-5-26 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-3 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-03 23:34]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
- c:\windows\system32\msfeedssync.exe [2011-04-07 00:20]
.
2011-05-13 c:\windows\Tasks\{3A203E6F-0710-43F9-A55E-2D9EBC8FF01A}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 14:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"MagicTuneEngine"="c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe" [2009-06-15 24064]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 352256]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 194560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Solid YouTube FileBulldog Toolbar - c:\program files (x86)\Solid YouTube FileBulldog Toolbar\UninstallToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AirPrint]
"ImagePath"="c:\program files<x86>\AirPrint\airprint.exe-s"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}*]
"haldmoebgbmehcln"=hex:6a,61,62,6e,61,69,6d,61,6e,70,63,69,69,6f,67,6c,68,68,
63,63,00,2e
"iafeogiphdphneicoo"=hex:6a,61,62,6e,61,69,6d,61,6e,70,63,69,69,6f,67,6c,68,68,
63,63,00,68
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,e3,e2,40,a5,4f,ea,e4,f9,9c,30,7a,de,0a,b2,7d,e8,66,00,a2,31,ad,42,
92,15,ae,09,00,73,a3,71,4a,ba,95,5b,2b,f7,20,70,b5,51,31,52,9d,03,ae,28,cf,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,44,08,45,d0,3b,47,0d,32,08,68,98,d7,34,e8,be,98,d2,47,8a,c3,
f7,22,f4,67,5e,97,33,fd,a9,d8,dc,f9,ac,09,40,d5,e4,be,aa,07,bb,e1,66,78,d2,\
"rkeysecu"=hex:6d,8d,3b,f5,a9,55,a7,a1,12,13,c7,72,49,ad,78,21
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-01-27 08:05:39
ComboFix-quarantined-files.txt 2012-01-27 14:05
.
Pre-Run: 56,483,594,240 bytes free
Post-Run: 56,481,181,696 bytes free
.
- - End Of File - - 0E4469B9A3A19D4BEBDF3069B76016EA

#20
Seran

Posted 27 January 2012 - 08:30 AM

Member

Topic Starter
Member
37 posts

btw, the sfc scan said

Windows Resource Protection found corrupt files and successfully respaired them. Details are included in the CBS.log windir/log/CBS/CBS.log . For example C:/Windows/Logs/CBS/CBS.log

#21
Seran

Posted 27 January 2012 - 08:36 AM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/01/2012 08:36:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/01/2012 14:03:56
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 14:03:55
Type: Error Category: 0
Event: 1048 Source: Microsoft-Windows-TerminalServices-LocalSessionManager
Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

Log: 'System' Date/Time: 27/01/2012 14:01:10
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 13:56:37
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 13:47:42
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep MpFilter spldr Wanarpv6

Log: 'System' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 27/01/2012 13:46:21
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

Log: 'System' Date/Time: 27/01/2012 13:46:13
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Log: 'System' Date/Time: 27/01/2012 13:46:09
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 27/01/2012 13:46:00
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 27/01/2012 13:45:42
Type: Error Category: 0
Event: 1048 Source: Microsoft-Windows-TerminalServices-LocalSessionManager
Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

Log: 'System' Date/Time: 27/01/2012 13:45:42
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Log: 'System' Date/Time: 27/01/2012 06:46:39
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

Log: 'System' Date/Time: 27/01/2012 06:46:27
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

Log: 'System' Date/Time: 27/01/2012 06:45:56
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

Log: 'System' Date/Time: 27/01/2012 06:44:52
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/01/2012 13:45:34
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

#22
Seran

Posted 27 January 2012 - 08:37 AM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/01/2012 08:36:52

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/01/2012 13:46:43
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/01/2012 13:46:09
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/01/2012 13:45:58
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 27/01/2012 13:40:48
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-2836959131-4068810153-2499601522-1000:
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\SystemCertificates\Root
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Policies\Microsoft\SystemCertificates
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\SystemCertificates\CA
Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\SystemCertificates\trust

#23
Seran

Posted 27 January 2012 - 08:47 AM

Member

Topic Starter
Member
37 posts

Ok... there is still obviously some Malware on my computer... sometimes when I look at my desktop I see an icon there - which I did not add - that says "The Internet" What the...?! When I click properties on it, it goes to my IE properties... which I don't get...

#24
Seran

Posted 27 January 2012 - 08:51 AM

Member

Topic Starter
Member
37 posts

Um... the CBS logs are huge. You want me to attach them as a file?

#25
Seran

Posted 27 January 2012 - 08:59 AM

Member

Topic Starter
Member
37 posts

Oh sorry one more thing... I AM ABSOLUTELY SURE that my Microsoft Security Essentials Real Time Protection is turned off... and combo fixer doesn't seem to think so... I tried to even end the process tree on it, which worked... still combo fixer said it was one. Spybot S&D Teamtimer.exe is off too...

#26
RKinner

Posted 27 January 2012 - 01:31 PM

Malware Expert

Expert
24,625 posts

If you are sure that MSSE is off then don't worry about it. Combofix gets the info from Windows WMI which is easily confused.

You only get one log with OTL after the first time unless we click the All button and Run Scan. I'm thinking the Internet icon is just something that is there by default. If you can't delete it there is probably an option. Right click on the desktop and select Personalize then Change Desktop Icons. Do you see it there?

IF SFC ran ok then no need for the CBS.log.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

RegNull::
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}*]

RegLock::
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}*]
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}]

Registry::
[-HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}*]
[-HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C0C4D6F-EEF6-B058-4C07-DF530954270F}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Process 2512 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836959131-4068810153-2499601522-1000

These are from Windows Live. I see this all the time on 64 bit systems so it appears to me that Windows Live is not ready for 64 bit. If you are not using Windows Live, I would uninstall Windows Live Essentials. If you do use it, uninstall it and download a new copy. Perhaps they have fixed the problem by now.

Appears you ran VEW in Safe Mode.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot into Regular mode.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#27
Seran

Posted 27 January 2012 - 07:26 PM

Member

Topic Starter
Member
37 posts

ComboFix 12-01-27.01 - Martin 01/27/2012 16:47:55.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2339 [GMT -6:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))
.
.
2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-01-27 23:07 . 2012-01-27 23:07 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D492218-1BB3-485E-90C0-DEA04004A13A}\offreg.dll
2012-01-27 23:00 . 2012-01-27 23:08 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-01-27 23:00 . 2012-01-27 23:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-27 23:00 . 2012-01-27 23:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-27 23:00 . 2012-01-27 23:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-27 23:00 . 2012-01-27 23:00 -------- d-----w- c:\users\GTA\AppData\Local\temp
2012-01-27 23:00 . 2012-01-27 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 22:41 . 2012-01-27 22:41 -------- d-----w- c:\program files\iPod
2012-01-27 22:41 . 2012-01-27 22:41 -------- d-----w- c:\program files\iTunes
2012-01-27 22:31 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D492218-1BB3-485E-90C0-DEA04004A13A}\mpengine.dll
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2012-01-27 04:25 . 2012-01-27 04:25 -------- d-----w- c:\programdata\Malwarebytes
2012-01-26 22:27 . 2012-01-26 22:27 -------- d-----w- C:\_OTL
2012-01-26 09:50 . 2012-01-26 10:15 -------- d-----w- c:\users\Martin\DoctorWeb
2012-01-25 11:27 . 2012-01-25 11:27 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-24 06:03 . 2012-01-26 08:22 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-24 06:03 . 2012-01-24 06:03 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-12 15:39 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 15:39 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 15:39 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 15:39 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-12 15:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-12 15:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-12 15:39 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 01:54 . 2012-01-12 01:54 -------- d-----w- c:\users\Martin\AppData\Local\SanctionedMedia
2012-01-11 11:59 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 10:22 . 2012-01-06 10:22 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2012-01-06 10:14 . 2012-01-06 10:16 -------- d-----w- c:\program files\Canon
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-02 14:59 . 2012-01-02 15:05 -------- d-----w- c:\users\Martin\AppData\Roaming\PCPro
2012-01-02 14:59 . 2012-01-02 14:59 -------- d-----w- c:\users\Martin\AppData\Roaming\PC Cleaners
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\programdata\PC1Data
2012-01-02 14:58 . 2012-01-02 14:58 -------- d-----w- c:\program files (x86)\PC Cleaners
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\DriverCure
2012-01-02 14:30 . 2012-01-02 14:30 -------- d-----w- c:\users\Martin\AppData\Roaming\SpeedyPC Software
2012-01-02 14:29 . 2012-01-02 14:29 -------- d-----w- c:\windows\Sun
2012-01-01 04:58 . 2012-01-01 04:58 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-01 04:58 . 2012-01-01 04:58 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-01 04:58 . 2012-01-01 04:58 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-01 04:58 . 2012-01-01 04:58 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-01 04:24 . 2012-01-01 04:24 -------- d-----w- c:\users\Martin\AppData\Local\SWTOR
2011-12-30 10:08 . 2011-12-30 10:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-12-30 10:05 . 2011-12-30 10:08 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-30 09:46 . 2011-12-30 09:56 -------- d-----w- c:\users\Martin\Adobe Photoshop CS5.1
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-30 09:45 . 2011-12-30 09:45 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-12-29 09:15 . 2011-12-29 12:27 -------- d-----w- c:\users\Martin\AppData\Roaming\Intelli-studio
2011-12-29 09:15 . 2011-12-29 09:15 -------- d-----w- c:\program files (x86)\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 03:15 . 2010-11-06 19:54 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2009-10-03 04:29 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 07:18 . 2011-05-13 03:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-14 03:50 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 11:57 . 2011-11-16 11:57 53248 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-11-08 14:58 . 2011-12-14 03:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 03:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 03:51 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 03:51 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 03:51 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 03:51 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 03:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 03:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 03:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_23.08.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2012-01-27 23:09 87800 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 03:05 . 2012-01-27 23:09 41934 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2836959131-4068810153-2499601522-1000_UserData.bin
+ 2012-01-27 23:07 . 2012-01-27 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 23:07 . 2012-01-27 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-26 23:07 . 2012-01-26 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:23 . 2012-01-27 23:09 133912 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-01-27 22:32 606364 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-26 22:47 606364 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-27 22:32 104964 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-26 22:47 104964 c:\windows\system32\perfc009.dat
+ 2010-04-27 07:09 . 2012-01-27 23:00 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-27 07:09 . 2012-01-26 23:06 340820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-27 22:41 . 2012-01-27 22:41 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe
+ 2012-01-27 22:41 . 2012-01-27 22:41 5428224 c:\windows\Installer\825df.msi
- 2006-11-02 12:33 . 2012-01-12 15:43 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-01-27 23:05 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-04-27 07:09 . 2012-01-27 23:01 13873212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2836959131-4068810153-2499601522-1000-8192.dat
+ 2012-01-27 22:44 . 2012-01-27 22:44 11079680 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-09-07 20:25 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="f:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2009-5-26 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-3 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-03 23:34]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-12 21:47]
.
2012-01-27 c:\windows\Tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
- c:\windows\system32\msfeedssync.exe [2011-04-07 00:20]
.
2011-05-13 c:\windows\Tasks\{3A203E6F-0710-43F9-A55E-2D9EBC8FF01A}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2011-10-13 14:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"MagicTuneEngine"="c:\program files (x86)\MagicTune Premium\MagicTuneEngine.exe" [2009-06-15 24064]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 352256]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 194560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AirPrint]
"ImagePath"="c:\program files<x86>\AirPrint\airprint.exe-s"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,e3,e2,40,a5,4f,ea,e4,f9,9c,30,7a,de,0a,b2,7d,e8,66,00,a2,31,ad,42,
92,15,ae,09,00,73,a3,71,4a,ba,95,5b,2b,f7,20,70,b5,51,31,52,9d,03,ae,28,cf,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2836959131-4068810153-2499601522-1000\Software\SecuROM\License information*]
"datasecu"=hex:e3,44,08,45,d0,3b,47,0d,32,08,68,98,d7,34,e8,be,98,d2,47,8a,c3,
f7,22,f4,67,5e,97,33,fd,a9,d8,dc,f9,ac,09,40,d5,e4,be,aa,07,bb,e1,66,78,d2,\
"rkeysecu"=hex:6d,8d,3b,f5,a9,55,a7,a1,12,13,c7,72,49,ad,78,21
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
f:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-01-27 17:15:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-27 23:15
ComboFix2.txt 2012-01-27 14:05
.
Pre-Run: 56,911,568,896 bytes free
Post-Run: 56,369,508,352 bytes free
.
- - End Of File - - C5CF44BC42BB6CB473C17D71359DC97A

#28
Seran

Posted 27 January 2012 - 07:29 PM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/01/2012 19:28:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/01/2012 23:11:12
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 27/01/2012 23:08:22
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 27/01/2012 23:08:03
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 27/01/2012 23:08:01
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 27/01/2012 23:08:01
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 27/01/2012 23:08:01
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 27/01/2012 23:00:52
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 22:53:41
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 22:46:55
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 27/01/2012 22:46:55
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 27/01/2012 22:29:54
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 27/01/2012 22:27:09
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 27/01/2012 22:27:09
Type: Error Category: 0
Event: 14325 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

Log: 'System' Date/Time: 27/01/2012 22:26:56
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 27/01/2012 22:26:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 27/01/2012 22:26:55
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 27/01/2012 22:26:55
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 27/01/2012 15:07:47
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Log: 'System' Date/Time: 27/01/2012 14:03:56
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 27/01/2012 14:03:55
Type: Error Category: 0
Event: 1048 Source: Microsoft-Windows-TerminalServices-LocalSessionManager
Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/01/2012 23:07:52
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 27/01/2012 22:26:20
Type: Warning Category: 0
Event: 2506 Source: Server
The value named Hidden in the server's registry key LanmanServer\Parameters was not valid, and was ignored. If you want to change the value, change it to one that is the correct type and is within the acceptable range, or delete the value to use the default. This value might have been set up by an older program that did not use the correct boundaries.

Log: 'System' Date/Time: 27/01/2012 13:45:34
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

#29
Seran

Posted 27 January 2012 - 07:29 PM

Member

Topic Starter
Member
37 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/01/2012 19:29:17

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#30
RKinner

Posted 27 January 2012 - 09:12 PM

Malware Expert

Expert
24,625 posts

I don't see any real malware damage but something strange is going on. Some programs think they are running in Safe Mode.

Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.

I would just turn off Media Sharing in Windows Media player: Go to Advanced sharing settings and click on Choose media streaming options. Then next to 'Show devices on' select all networks. Remove all devices. You'll be left with 'Media programs on this PC and remote connections...'. Select blocked or block all.

The AirPrint service failed to start due to the following error: The system cannot find the file specified.

Combofix shows it at:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AirPrint]
"ImagePath"="c:\program files<x86>\AirPrint\airprint.exe-s"

It looks to me like it is missing a space between airprint.exe and the -s.

http://jaxov.com/201...ice-on-windows/

The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find Internet Connection Sharing (ICS) and right click select Properties. Chagne the Startup Type: to Disabled. OK. Repeat for Computer Browser.

PEVSystemStart and catchme.sys are from Combofix and will go away when we uninstall it:

To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Uninstall Microsoft Security Client and Microsoft Antimalware and reinstall.

The following boot-start or system-start driver(s) failed to load: Beep

There is no beep driver in 64 bit Win 7. Some program is calling for it in error. Just ignore this one.

Terminal Service start failed

It says it is in Safe Mode which makes no sense. I don't have Terminal Service on mine so go back into Services and Disable it.

DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

This is another one that says it is in Safe Mode. No idea why.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
msiexec

(Does it bring up a little help screen? Click on OK)

(back in command prompt type: )

netsh  winhttp  reset  proxy

exit

That should fix most of the errors. Once you do that:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply.

Ron