Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with removal


  • Please log in to reply

#1
NOT URSS

NOT URSS

    New Member

  • Member
  • Pip
  • 2 posts
Hi my name is Matt. I am really not computer literate. I work for a car dealership and we use the computers for our service manuals. The computers are accessing the internet and are shared by a bunch of techs. I do not know how the problem happend. The problem is: I start up the computer fresh. The computer boots up, and I click on Internet explorer. Once I click on Internet explorer, as soon as it pops up a second tab appears. The tab that opens as well says "99 Search Engines" I am not sure how this got here and I have no clue how to get it off. I googled "99 Search Engines" and found by the search this is a common virus. Any help would be greatly appreciated. I have not tried to download anything to fix the problem except for the OTL. This computer is using Windos 7 Professional. I do not know if there is any virus software, again I apologize I am computer challenged.

OTL logfile created on: 2/2/2012 7:51:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\service-west\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.18% Memory free
3.98 Gb Paging File | 2.15 Gb Available in Paging File | 54.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 111.61 Gb Free Space | 74.92% Space Free | Partition Type: NTFS

Computer Name: SERVICE-WEST-PC | User Name: service-west | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 07:50:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\service-west\Desktop\OTL.exe
PRC - [2012/01/20 15:46:24 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012/01/13 15:10:07 | 000,225,280 | ---- | M] (Reynolds & Reynolds) -- C:\rey\Bin\ERAccess.exe
PRC - [2011/10/24 13:06:59 | 000,061,440 | ---- | M] (UCS) -- C:\rey\Bin\PSCVersionService.exe
PRC - [2011/07/29 15:06:54 | 000,098,304 | ---- | M] (UCS) -- C:\rey\Bin\UcsInSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/03 10:40:26 | 000,167,936 | ---- | M] (UCS) -- C:\rey\Bin\Umhwinmg.exe
PRC - [2011/04/15 11:02:13 | 000,147,456 | ---- | M] (Reynolds and Reynolds) -- C:\rey\Bin\UIInsSvc.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/07 12:12:22 | 000,505,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/10/27 15:56:36 | 000,059,904 | ---- | M] (Rocket Software) -- C:\ReynoldsCommon\ERAccess\wIntegSM.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/14 15:16:05 | 000,106,496 | ---- | M] () -- C:\rey\Bin\PSCCommon.dll
MOD - [2011/11/28 18:44:06 | 000,010,752 | ---- | M] () -- C:\rey\Bin\AutoLogoff.dll
MOD - [2011/09/28 14:01:48 | 000,017,920 | ---- | M] () -- C:\rey\Bin\messagequeue.dll
MOD - [2011/04/04 15:36:13 | 000,053,248 | ---- | M] () -- C:\rey\Bin\diagnosticlogex.dll
MOD - [2011/02/19 21:35:02 | 000,015,872 | ---- | M] () -- C:\rey\Bin\reyconfig.dll
MOD - [2010/04/13 14:04:39 | 000,019,456 | ---- | M] () -- C:\rey\Bin\UCSString.dll
MOD - [2009/08/08 00:44:36 | 000,049,152 | ---- | M] () -- C:\rey\Bin\IntelDis.dll
MOD - [2005/01/04 14:37:30 | 000,159,744 | ---- | M] () -- C:\rey\Bin\ssleay32.dll
MOD - [2005/01/04 14:37:05 | 000,876,544 | ---- | M] () -- C:\rey\Bin\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UCS Install NT Service)
SRV - [2011/10/24 13:06:59 | 000,061,440 | ---- | M] (UCS) [Auto | Running] -- C:\rey\Bin\PSCVersionService.exe -- (REY PSCVersionService)
SRV - [2011/07/29 15:06:54 | 000,098,304 | ---- | M] (UCS) [Auto | Running] -- C:\rey\Bin\UcsInSvc.exe -- (REY Install NT Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/12 11:01:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 09:58:20 | 000,050,176 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2010/04/27 09:58:20 | 000,023,552 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2007/10/30 18:41:46 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2007/05/29 22:32:58 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2kp.sys -- (USA19H2KP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.autopart...rtal/login.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 34 B9 7F A1 10 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA13E0E8-C973-493C-BD2A-F3D3F7B8E08A}: NameServer = 65.32.1.65,65.32.1.70
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 07:50:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\service-west\Desktop\OTL.exe
[2012/02/01 12:47:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\service-west\Desktop\dds.com
[2012/02/01 12:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/01 12:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/01 12:24:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/01 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\service-west\AppData\Local\APN

========== Files - Modified Within 30 Days ==========

[2012/02/02 07:50:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\service-west\Desktop\OTL.exe
[2012/02/02 07:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 15:22:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 12:51:06 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 12:51:06 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 12:50:23 | 000,294,216 | ---- | M] () -- C:\Users\service-west\Desktop\gmer.zip
[2012/02/01 12:48:45 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/01 12:48:45 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/01 12:47:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\service-west\Desktop\dds.com
[2012/02/01 12:43:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/01 12:43:52 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 12:31:01 | 000,001,222 | ---- | M] () -- C:\Users\service-west\Desktop\Spybot - Search & Destroy.lnk
[2012/01/31 07:18:12 | 000,001,493 | ---- | M] () -- C:\Users\Public\Desktop\ERAccess.LNK
[2012/01/24 01:17:54 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/02/01 12:50:18 | 000,294,216 | ---- | C] () -- C:\Users\service-west\Desktop\gmer.zip
[2012/02/01 12:31:01 | 000,001,222 | ---- | C] () -- C:\Users\service-west\Desktop\Spybot - Search & Destroy.lnk
[2011/09/28 06:56:38 | 000,577,536 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/05/12 08:10:28 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,276,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/03/17 23:16:38 | 000,049,152 | ---- | C] () -- C:\Windows\System32\k19hinst.dll

========== LOP Check ==========

[2011/05/12 08:21:46 | 000,000,000 | ---D | M] -- C:\Users\service-west\AppData\Roaming\ADP
[2011/05/12 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\service-west\AppData\Roaming\Seagull Software
[2012/02/01 08:31:16 | 000,000,000 | ---D | M] -- C:\Users\service-west\AppData\Roaming\Systweak
[2009/07/13 23:53:46 | 000,013,378 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 2/2/2012 7:51:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\service-west\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.18% Memory free
3.98 Gb Paging File | 2.15 Gb Available in Paging File | 54.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 111.61 Gb Free Space | 74.92% Space Free | Partition Type: NTFS

Computer Name: SERVICE-WEST-PC | User Name: service-west | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0624CA22-A85C-4A3B-97DD-C73ACB26AFEF}" = GDS 2
"{16F76153-7405-4FA2-90E6-4E2196EFC24C}" = PC CONFIG CONTROL
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26D1CCB8-6960-4211-B537-C298CDF9935F}" = ADP View Client 4.5.228.0
"{27122263-6813-4C51-8ABE-45795722A7E8}" = w.e.b.Suite Terminal Emulator 4.5.937.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{92FB3399-B2AC-4A33-A0E4-66CD30E9B8C5}" = w.e.b.Suite Launch Application
"{945A7B82-922F-4B31-9B90-B97729F884B3}" = GM MDI Software - 7.10.87
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"{EDAF13BC-2ADA-4491-BCA2-972522907138}" = w.e.b.Suite Terminal Emulator VBA Support
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}" = SIplugin
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMGINSTL" = ERA Software Manager
"Tech2Win" = Tech2Win
"TIS2WebProxy" = TIS2WebProxy
"TVWiz" = Intel® TV Wizard

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by NOT URSS, 02 February 2012 - 07:11 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Uninstall
Java 2 Runtime Environment, SE v1.4.2_07
Java™ 6 Update 25 - Get the latest Java from java.com
McAfee Security Scan Plus - foistware - you probably got it when you downloaded adobe reader. It is not an anti-virus.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast engine download and scan)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

I don't see an anti-virus so I would download the free MSSE. It's legal for a business as long as it is on less than 10 PCs and certainly better nothing.
http://windows.micro...rity-essentials

Ron
  • 0

#3
NOT URSS

NOT URSS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
First off, thank you for taking the time to help me with my problem. Here is what you asked for I hope

*Malware*

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
service-west :: SERVICE-WEST-PC [administrator]

2/3/2012 8:29:44 AM
mbam-log-2012-02-03 (08-29-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 159609
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


*Combofix*

ComboFix 12-02-03.02 - service-west 02/03/2012 8:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2037.1243 [GMT -5:00]
Running from: c:\users\service-west\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\service-west\AppData\Local\assembly\tmp
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 13:43 . 2012-02-03 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 13:29 . 2012-02-03 13:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-03 13:29 . 2012-02-03 13:29 -------- d-----w- c:\users\service-west\AppData\Roaming\Malwarebytes
2012-02-03 13:29 . 2012-02-03 13:29 -------- d-----w- c:\programdata\Malwarebytes
2012-02-03 13:29 . 2012-02-03 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 13:29 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 13:09 . 2012-02-03 13:09 -------- d-----w- C:\_OTL
2012-02-01 17:30 . 2012-02-03 13:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-01 17:30 . 2012-02-03 13:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-01 17:17 . 2012-02-01 17:17 -------- d-----w- c:\users\service-west\AppData\Local\APN
2012-01-31 21:48 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C17A368D-3547-4D27-8059-A68EA87EEF76}\mpengine.dll
2012-01-26 02:09 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-26 02:09 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-26 02:09 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-26 02:09 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-26 02:09 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-26 02:09 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-26 02:09 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-26 02:09 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-26 02:09 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 02:09 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 18:13 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:13 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:13 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:13 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 20:46 . 2011-05-25 18:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 15:08 . 2011-05-12 12:41 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:23 . 2011-12-14 18:34 2340352 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APIMonitor Disable.lnk - c:\program files\GM MDI Software\J2534 Configuration\J2534ConfigApp.exe [2011-1-25 1213440]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 136176]
R2 UCS Install NT Service;UCS Install NT Service;c:\ucc\Services\UcsInSvc.exe [x]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [2010-04-27 50176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys [2007-10-30 704000]
R3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\DRIVERS\USA19H2kp.SYS [2007-05-30 24192]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1343400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 REY Install NT Service;REY Install NT Service;c:\rey\Bin\Ucsinsvc.exe [2011-07-29 98304]
S2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\PscVersionService.exe [2011-10-24 61440]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-03 40776]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [2010-04-27 23552]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 21:29]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.autopart...rtal/login.html
TCP: Interfaces\{EA13E0E8-C973-493C-BD2A-F3D3F7B8E08A}: NameServer = 65.32.1.65,65.32.1.70
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-03 08:44:33
ComboFix-quarantined-files.txt 2012-02-03 13:44
.
Pre-Run: 119,812,812,800 bytes free
Post-Run: 119,678,578,688 bytes free
.
- - End Of File - - 78DC3698232565C2CE48D431BCCB9B52


*TDSSKiller*

08:47:15.0970 4084 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
08:47:16.0240 4084 ============================================================
08:47:16.0240 4084 Current date / time: 2012/02/03 08:47:16.0240
08:47:16.0241 4084 SystemInfo:
08:47:16.0241 4084
08:47:16.0241 4084 OS Version: 6.1.7600 ServicePack: 0.0
08:47:16.0241 4084 Product type: Workstation
08:47:16.0241 4084 ComputerName: SERVICE-WEST-PC
08:47:16.0241 4084 UserName: service-west
08:47:16.0241 4084 Windows directory: C:\Windows
08:47:16.0241 4084 System windows directory: C:\Windows
08:47:16.0241 4084 Processor architecture: Intel x86
08:47:16.0241 4084 Number of processors: 2
08:47:16.0241 4084 Page size: 0x1000
08:47:16.0241 4084 Boot type: Normal boot
08:47:16.0241 4084 ============================================================
08:47:17.0049 4084 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:47:17.0050 4084 \Device\Harddisk0\DR0:
08:47:17.0050 4084 MBR used
08:47:17.0050 4084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x129F1720
08:47:17.0075 4084 Initialize success
08:47:17.0075 4084 ============================================================
08:47:28.0298 0192 ============================================================
08:47:28.0298 0192 Scan started
08:47:28.0298 0192 Mode: Manual;
08:47:28.0298 0192 ============================================================
08:47:28.0714 0192 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
08:47:28.0715 0192 1394ohci - ok
08:47:28.0739 0192 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
08:47:28.0741 0192 ACPI - ok
08:47:28.0765 0192 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
08:47:28.0766 0192 AcpiPmi - ok
08:47:28.0804 0192 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:47:28.0806 0192 adp94xx - ok
08:47:28.0844 0192 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:47:28.0846 0192 adpahci - ok
08:47:28.0873 0192 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:47:28.0874 0192 adpu320 - ok
08:47:28.0933 0192 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
08:47:28.0935 0192 AFD - ok
08:47:28.0952 0192 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
08:47:28.0953 0192 agp440 - ok
08:47:28.0983 0192 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:47:28.0984 0192 aic78xx - ok
08:47:29.0018 0192 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
08:47:29.0019 0192 aliide - ok
08:47:29.0038 0192 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
08:47:29.0038 0192 amdagp - ok
08:47:29.0061 0192 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
08:47:29.0061 0192 amdide - ok
08:47:29.0087 0192 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:47:29.0088 0192 AmdK8 - ok
08:47:29.0096 0192 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:47:29.0097 0192 AmdPPM - ok
08:47:29.0143 0192 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
08:47:29.0144 0192 amdsata - ok
08:47:29.0168 0192 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:47:29.0169 0192 amdsbs - ok
08:47:29.0184 0192 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
08:47:29.0184 0192 amdxata - ok
08:47:29.0214 0192 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
08:47:29.0215 0192 AppID - ok
08:47:29.0252 0192 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:47:29.0252 0192 arc - ok
08:47:29.0272 0192 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:47:29.0273 0192 arcsas - ok
08:47:29.0303 0192 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:29.0303 0192 AsyncMac - ok
08:47:29.0320 0192 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
08:47:29.0321 0192 atapi - ok
08:47:29.0358 0192 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:47:29.0360 0192 b06bdrv - ok
08:47:29.0398 0192 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:47:29.0399 0192 b57nd60x - ok
08:47:29.0418 0192 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:47:29.0419 0192 Beep - ok
08:47:29.0449 0192 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:47:29.0450 0192 blbdrive - ok
08:47:29.0477 0192 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
08:47:29.0478 0192 bowser - ok
08:47:29.0493 0192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:47:29.0494 0192 BrFiltLo - ok
08:47:29.0514 0192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:47:29.0514 0192 BrFiltUp - ok
08:47:29.0548 0192 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
08:47:29.0549 0192 BridgeMP - ok
08:47:29.0572 0192 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:47:29.0573 0192 Brserid - ok
08:47:29.0581 0192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:29.0582 0192 BrSerWdm - ok
08:47:29.0590 0192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:29.0590 0192 BrUsbMdm - ok
08:47:29.0601 0192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:47:29.0601 0192 BrUsbSer - ok
08:47:29.0613 0192 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:47:29.0614 0192 BTHMODEM - ok
08:47:29.0712 0192 catchme - ok
08:47:29.0743 0192 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:47:29.0744 0192 cdfs - ok
08:47:29.0774 0192 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
08:47:29.0775 0192 cdrom - ok
08:47:29.0798 0192 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:47:29.0799 0192 circlass - ok
08:47:29.0839 0192 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:47:29.0840 0192 CLFS - ok
08:47:29.0879 0192 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:47:29.0879 0192 CmBatt - ok
08:47:29.0900 0192 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
08:47:29.0900 0192 cmdide - ok
08:47:29.0932 0192 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
08:47:29.0934 0192 CNG - ok
08:47:29.0951 0192 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:47:29.0952 0192 Compbatt - ok
08:47:29.0973 0192 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:47:29.0973 0192 CompositeBus - ok
08:47:29.0999 0192 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:47:30.0000 0192 crcdisk - ok
08:47:30.0051 0192 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
08:47:30.0053 0192 CSC - ok
08:47:30.0113 0192 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
08:47:30.0113 0192 DfsC - ok
08:47:30.0126 0192 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:47:30.0127 0192 discache - ok
08:47:30.0158 0192 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:47:30.0159 0192 Disk - ok
08:47:30.0206 0192 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:47:30.0206 0192 drmkaud - ok
08:47:30.0251 0192 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
08:47:30.0255 0192 DXGKrnl - ok
08:47:30.0320 0192 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:47:30.0335 0192 ebdrv - ok
08:47:30.0371 0192 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:47:30.0373 0192 elxstor - ok
08:47:30.0409 0192 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
08:47:30.0410 0192 ErrDev - ok
08:47:30.0486 0192 evserial (7259c7e9ccea905786bbbc31b04b753e) C:\Windows\system32\DRIVERS\evserial.sys
08:47:30.0486 0192 evserial - ok
08:47:30.0497 0192 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:47:30.0498 0192 exfat - ok
08:47:30.0521 0192 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:47:30.0522 0192 fastfat - ok
08:47:30.0550 0192 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:47:30.0551 0192 fdc - ok
08:47:30.0576 0192 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:47:30.0577 0192 FileInfo - ok
08:47:30.0591 0192 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:47:30.0592 0192 Filetrace - ok
08:47:30.0601 0192 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:47:30.0602 0192 flpydisk - ok
08:47:30.0617 0192 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:47:30.0618 0192 FltMgr - ok
08:47:30.0639 0192 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:47:30.0640 0192 FsDepends - ok
08:47:30.0651 0192 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:47:30.0652 0192 Fs_Rec - ok
08:47:30.0683 0192 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
08:47:30.0684 0192 fvevol - ok
08:47:30.0706 0192 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:47:30.0706 0192 gagp30kx - ok
08:47:30.0735 0192 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:47:30.0736 0192 hcw85cir - ok
08:47:30.0780 0192 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
08:47:30.0781 0192 HdAudAddService - ok
08:47:30.0826 0192 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:47:30.0828 0192 HDAudBus - ok
08:47:30.0836 0192 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:47:30.0836 0192 HidBatt - ok
08:47:30.0858 0192 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:47:30.0859 0192 HidBth - ok
08:47:30.0893 0192 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:47:30.0894 0192 HidIr - ok
08:47:30.0927 0192 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
08:47:30.0927 0192 HidUsb - ok
08:47:30.0957 0192 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:47:30.0958 0192 HpSAMD - ok
08:47:30.0992 0192 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
08:47:30.0996 0192 HTTP - ok
08:47:31.0014 0192 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
08:47:31.0015 0192 hwpolicy - ok
08:47:31.0034 0192 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
08:47:31.0035 0192 i8042prt - ok
08:47:31.0077 0192 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
08:47:31.0079 0192 iaStorV - ok
08:47:31.0203 0192 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:47:31.0226 0192 igfx - ok
08:47:31.0333 0192 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:47:31.0334 0192 iirsp - ok
08:47:31.0345 0192 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
08:47:31.0346 0192 intelide - ok
08:47:31.0382 0192 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:47:31.0383 0192 intelppm - ok
08:47:31.0530 0192 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:31.0531 0192 IpFilterDriver - ok
08:47:31.0553 0192 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:47:31.0553 0192 IPMIDRV - ok
08:47:31.0579 0192 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:47:31.0580 0192 IPNAT - ok
08:47:31.0602 0192 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:47:31.0602 0192 IRENUM - ok
08:47:31.0624 0192 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
08:47:31.0624 0192 isapnp - ok
08:47:31.0647 0192 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
08:47:31.0648 0192 iScsiPrt - ok
08:47:31.0688 0192 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
08:47:31.0689 0192 k57nd60x - ok
08:47:31.0715 0192 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:31.0716 0192 kbdclass - ok
08:47:31.0740 0192 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:31.0741 0192 kbdhid - ok
08:47:31.0783 0192 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
08:47:31.0784 0192 KSecDD - ok
08:47:31.0799 0192 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
08:47:31.0800 0192 KSecPkg - ok
08:47:31.0835 0192 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:47:31.0835 0192 lltdio - ok
08:47:31.0877 0192 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:47:31.0878 0192 LSI_FC - ok
08:47:31.0905 0192 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:47:31.0906 0192 LSI_SAS - ok
08:47:31.0923 0192 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:47:31.0924 0192 LSI_SAS2 - ok
08:47:31.0950 0192 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:47:31.0951 0192 LSI_SCSI - ok
08:47:31.0967 0192 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:47:31.0968 0192 luafv - ok
08:47:32.0016 0192 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
08:47:32.0017 0192 MBAMSwissArmy - ok
08:47:32.0042 0192 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:47:32.0042 0192 megasas - ok
08:47:32.0063 0192 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:47:32.0065 0192 MegaSR - ok
08:47:32.0091 0192 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:47:32.0092 0192 Modem - ok
08:47:32.0111 0192 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:47:32.0112 0192 monitor - ok
08:47:32.0133 0192 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:47:32.0134 0192 mouclass - ok
08:47:32.0171 0192 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:47:32.0171 0192 mouhid - ok
08:47:32.0186 0192 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
08:47:32.0186 0192 mountmgr - ok
08:47:32.0203 0192 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
08:47:32.0204 0192 mpio - ok
08:47:32.0224 0192 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:47:32.0224 0192 mpsdrv - ok
08:47:32.0245 0192 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
08:47:32.0246 0192 MRxDAV - ok
08:47:32.0293 0192 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:32.0294 0192 mrxsmb - ok
08:47:32.0350 0192 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:32.0352 0192 mrxsmb10 - ok
08:47:32.0379 0192 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:32.0380 0192 mrxsmb20 - ok
08:47:32.0394 0192 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
08:47:32.0395 0192 msahci - ok
08:47:32.0416 0192 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
08:47:32.0417 0192 msdsm - ok
08:47:32.0440 0192 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:47:32.0440 0192 Msfs - ok
08:47:32.0456 0192 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:47:32.0457 0192 mshidkmdf - ok
08:47:32.0472 0192 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
08:47:32.0472 0192 msisadrv - ok
08:47:32.0502 0192 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:47:32.0503 0192 MSKSSRV - ok
08:47:32.0523 0192 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:32.0524 0192 MSPCLOCK - ok
08:47:32.0545 0192 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:47:32.0546 0192 MSPQM - ok
08:47:32.0563 0192 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:47:32.0564 0192 MsRPC - ok
08:47:32.0580 0192 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
08:47:32.0580 0192 mssmbios - ok
08:47:32.0597 0192 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:47:32.0597 0192 MSTEE - ok
08:47:32.0614 0192 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:47:32.0614 0192 MTConfig - ok
08:47:32.0632 0192 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:47:32.0632 0192 Mup - ok
08:47:32.0672 0192 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:47:32.0674 0192 NativeWifiP - ok
08:47:32.0714 0192 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
08:47:32.0717 0192 NDIS - ok
08:47:32.0741 0192 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:32.0742 0192 NdisCap - ok
08:47:32.0759 0192 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:32.0760 0192 NdisTapi - ok
08:47:32.0781 0192 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:32.0782 0192 Ndisuio - ok
08:47:32.0797 0192 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:32.0798 0192 NdisWan - ok
08:47:32.0808 0192 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
08:47:32.0809 0192 NDProxy - ok
08:47:32.0835 0192 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:47:32.0835 0192 NetBIOS - ok
08:47:32.0852 0192 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
08:47:32.0853 0192 NetBT - ok
08:47:32.0892 0192 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:47:32.0892 0192 nfrd960 - ok
08:47:32.0914 0192 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:47:32.0914 0192 Npfs - ok
08:47:32.0933 0192 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:47:32.0934 0192 nsiproxy - ok
08:47:32.0979 0192 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
08:47:32.0985 0192 Ntfs - ok
08:47:33.0003 0192 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:47:33.0003 0192 Null - ok
08:47:33.0030 0192 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
08:47:33.0031 0192 nvraid - ok
08:47:33.0056 0192 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
08:47:33.0056 0192 nvstor - ok
08:47:33.0078 0192 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
08:47:33.0079 0192 nv_agp - ok
08:47:33.0102 0192 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
08:47:33.0102 0192 ohci1394 - ok
08:47:33.0147 0192 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:47:33.0147 0192 Parport - ok
08:47:33.0161 0192 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
08:47:33.0161 0192 partmgr - ok
08:47:33.0170 0192 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:47:33.0171 0192 Parvdm - ok
08:47:33.0188 0192 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
08:47:33.0189 0192 pci - ok
08:47:33.0202 0192 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
08:47:33.0203 0192 pciide - ok
08:47:33.0226 0192 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:47:33.0228 0192 pcmcia - ok
08:47:33.0243 0192 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:47:33.0244 0192 pcw - ok
08:47:33.0271 0192 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:47:33.0274 0192 PEAUTH - ok
08:47:33.0311 0192 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:47:33.0312 0192 PptpMiniport - ok
08:47:33.0329 0192 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:47:33.0330 0192 Processor - ok
08:47:33.0361 0192 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:47:33.0362 0192 Psched - ok
08:47:33.0403 0192 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:47:33.0410 0192 ql2300 - ok
08:47:33.0430 0192 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:47:33.0431 0192 ql40xx - ok
08:47:33.0446 0192 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:47:33.0447 0192 QWAVEdrv - ok
08:47:33.0466 0192 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:47:33.0467 0192 RasAcd - ok
08:47:33.0502 0192 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:47:33.0502 0192 RasAgileVpn - ok
08:47:33.0520 0192 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:47:33.0521 0192 Rasl2tp - ok
08:47:33.0551 0192 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:47:33.0552 0192 RasPppoe - ok
08:47:33.0570 0192 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:47:33.0570 0192 RasSstp - ok
08:47:33.0588 0192 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
08:47:33.0589 0192 rdbss - ok
08:47:33.0604 0192 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:47:33.0604 0192 rdpbus - ok
08:47:33.0615 0192 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:47:33.0615 0192 RDPCDD - ok
08:47:33.0648 0192 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
08:47:33.0649 0192 RDPDR - ok
08:47:33.0674 0192 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:47:33.0675 0192 RDPENCDD - ok
08:47:33.0695 0192 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:47:33.0696 0192 RDPREFMP - ok
08:47:33.0715 0192 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
08:47:33.0716 0192 RDPWD - ok
08:47:33.0748 0192 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
08:47:33.0749 0192 rdyboost - ok
08:47:33.0782 0192 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:47:33.0783 0192 rspndr - ok
08:47:33.0808 0192 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
08:47:33.0809 0192 s3cap - ok
08:47:33.0845 0192 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
08:47:33.0846 0192 sbp2port - ok
08:47:33.0865 0192 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
08:47:33.0866 0192 scfilter - ok
08:47:33.0886 0192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:47:33.0887 0192 secdrv - ok
08:47:33.0931 0192 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:47:33.0932 0192 Serenum - ok
08:47:33.0943 0192 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:47:33.0944 0192 Serial - ok
08:47:33.0963 0192 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:47:33.0964 0192 sermouse - ok
08:47:33.0992 0192 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
08:47:33.0992 0192 sffdisk - ok
08:47:34.0012 0192 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:47:34.0012 0192 sffp_mmc - ok
08:47:34.0033 0192 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:47:34.0033 0192 sffp_sd - ok
08:47:34.0058 0192 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:47:34.0059 0192 sfloppy - ok
08:47:34.0086 0192 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
08:47:34.0087 0192 sisagp - ok
08:47:34.0116 0192 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:47:34.0116 0192 SiSRaid2 - ok
08:47:34.0135 0192 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:47:34.0136 0192 SiSRaid4 - ok
08:47:34.0170 0192 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:47:34.0171 0192 Smb - ok
08:47:34.0204 0192 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:47:34.0204 0192 spldr - ok
08:47:34.0258 0192 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
08:47:34.0260 0192 srv - ok
08:47:34.0287 0192 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
08:47:34.0288 0192 srv2 - ok
08:47:34.0322 0192 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
08:47:34.0322 0192 srvnet - ok
08:47:34.0351 0192 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:47:34.0352 0192 stexstor - ok
08:47:34.0396 0192 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
08:47:34.0397 0192 storflt - ok
08:47:34.0413 0192 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
08:47:34.0413 0192 storvsc - ok
08:47:34.0431 0192 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
08:47:34.0432 0192 swenum - ok
08:47:34.0493 0192 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
08:47:34.0500 0192 Tcpip - ok
08:47:34.0526 0192 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
08:47:34.0533 0192 TCPIP6 - ok
08:47:34.0553 0192 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
08:47:34.0554 0192 tcpipreg - ok
08:47:34.0577 0192 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
08:47:34.0577 0192 TDPIPE - ok
08:47:34.0592 0192 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
08:47:34.0593 0192 TDTCP - ok
08:47:34.0617 0192 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
08:47:34.0618 0192 tdx - ok
08:47:34.0632 0192 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
08:47:34.0633 0192 TermDD - ok
08:47:34.0662 0192 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:47:34.0662 0192 tssecsrv - ok
08:47:34.0695 0192 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
08:47:34.0696 0192 tunnel - ok
08:47:34.0718 0192 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:47:34.0719 0192 uagp35 - ok
08:47:34.0754 0192 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
08:47:34.0755 0192 udfs - ok
08:47:34.0793 0192 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:47:34.0794 0192 uliagpkx - ok
08:47:34.0825 0192 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
08:47:34.0826 0192 umbus - ok
08:47:34.0857 0192 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:47:34.0857 0192 UmPass - ok
08:47:34.0913 0192 USA19H (6d1e41657fdb48f9147598c773297513) C:\Windows\system32\DRIVERS\USA19H2k.sys
08:47:34.0917 0192 USA19H - ok
08:47:34.0938 0192 USA19H2KP (8a217fc16dd14ab8ad2eaa1f08b3b5c5) C:\Windows\system32\DRIVERS\USA19H2kp.SYS
08:47:34.0939 0192 USA19H2KP - ok
08:47:34.0974 0192 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
08:47:34.0975 0192 usbccgp - ok
08:47:35.0000 0192 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
08:47:35.0001 0192 usbcir - ok
08:47:35.0036 0192 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
08:47:35.0036 0192 usbehci - ok
08:47:35.0063 0192 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
08:47:35.0064 0192 usbhub - ok
08:47:35.0087 0192 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
08:47:35.0088 0192 usbohci - ok
08:47:35.0111 0192 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:47:35.0111 0192 usbprint - ok
08:47:35.0148 0192 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
08:47:35.0149 0192 USBSTOR - ok
08:47:35.0161 0192 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
08:47:35.0161 0192 usbuhci - ok
08:47:35.0190 0192 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
08:47:35.0190 0192 USB_RNDIS - ok
08:47:35.0226 0192 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:47:35.0227 0192 vdrvroot - ok
08:47:35.0250 0192 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:35.0251 0192 vga - ok
08:47:35.0270 0192 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:47:35.0270 0192 VgaSave - ok
08:47:35.0294 0192 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
08:47:35.0295 0192 vhdmp - ok
08:47:35.0327 0192 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
08:47:35.0328 0192 viaagp - ok
08:47:35.0354 0192 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:47:35.0354 0192 ViaC7 - ok
08:47:35.0378 0192 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
08:47:35.0378 0192 viaide - ok
08:47:35.0413 0192 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
08:47:35.0414 0192 vmbus - ok
08:47:35.0441 0192 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
08:47:35.0441 0192 VMBusHID - ok
08:47:35.0463 0192 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
08:47:35.0464 0192 volmgr - ok
08:47:35.0479 0192 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:47:35.0481 0192 volmgrx - ok
08:47:35.0499 0192 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
08:47:35.0501 0192 volsnap - ok
08:47:35.0546 0192 VSBC (0b3e6259c5e1cbc9c75db3311abb946d) C:\Windows\system32\DRIVERS\evsbc.sys
08:47:35.0547 0192 VSBC - ok
08:47:35.0578 0192 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:47:35.0579 0192 vsmraid - ok
08:47:35.0589 0192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:47:35.0590 0192 vwifibus - ok
08:47:35.0619 0192 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:47:35.0620 0192 WacomPen - ok
08:47:35.0648 0192 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:35.0649 0192 WANARP - ok
08:47:35.0652 0192 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:35.0652 0192 Wanarpv6 - ok
08:47:35.0681 0192 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:47:35.0681 0192 Wd - ok
08:47:35.0706 0192 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:47:35.0708 0192 Wdf01000 - ok
08:47:35.0751 0192 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:47:35.0751 0192 WfpLwf - ok
08:47:35.0772 0192 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:47:35.0773 0192 WIMMount - ok
08:47:35.0836 0192 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
08:47:35.0836 0192 WinUsb - ok
08:47:35.0863 0192 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:47:35.0863 0192 WmiAcpi - ok
08:47:35.0914 0192 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:47:35.0915 0192 ws2ifsl - ok
08:47:35.0937 0192 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
08:47:35.0938 0192 WudfPf - ok
08:47:35.0965 0192 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:35.0966 0192 WUDFRd - ok
08:47:35.0999 0192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:47:36.0050 0192 \Device\Harddisk0\DR0 - ok
08:47:36.0053 0192 Boot (0x1200) (69004a080c9b62d6b0b341379db3c9eb) \Device\Harddisk0\DR0\Partition0
08:47:36.0054 0192 \Device\Harddisk0\DR0\Partition0 - ok
08:47:36.0055 0192 ============================================================
08:47:36.0055 0192 Scan finished
08:47:36.0055 0192 ============================================================
08:47:36.0065 0900 Detected object count: 0
08:47:36.0065 0900 Actual detected object count: 0


**VEW SYSTEM**

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/02/2012 9:11:47 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/02/2012 1:52:45 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The UCS Install NT Service service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


**VEW APPLICATION**

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/02/2012 9:12:33 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/02/2012 1:13:37 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e5c Start Time: 01cce1094006e0b6 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 01/02/2012 5:17:42 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {51a83664-e149-46a5-91fb-0a1e6f79c40f}

Log: 'Application' Date/Time: 31/01/2012 12:17:58 PM
Type: Error Category: 3212
Event: 5381 Source: uprtube
The event description cannot be found.

Log: 'Application' Date/Time: 31/01/2012 12:17:33 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ERAccess.exe version 27.515.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1094 Start Time: 01cce0123fdb75ae Termination Time: 5 Application Path: C:\rey\Bin\ERAccess.exe Report Id: 8730961c-4c05-11e1-b4f3-b8ac6f0e406e

Log: 'Application' Date/Time: 20/01/2012 4:02:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 8.0.7600.16912, time stamp: 0x4eb4a5ea Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf Exception code: 0xc0000374 Fault offset: 0x000c33bb Faulting process id: 0xd7c Faulting application start time: 0x01ccd12e5bcbd75c Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 273f1880-4380-11e1-b4b0-b8ac6f0e406e

Log: 'Application' Date/Time: 10/01/2012 12:24:52 PM
Type: Error Category: 4688
Event: 5381 Source: uprtube
The event description cannot be found.

Log: 'Application' Date/Time: 10/01/2012 12:24:14 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ERAccess.exe version 27.515.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1690 Start Time: 01cccf92aa0ed877 Termination Time: 13 Application Path: C:\rey\Bin\ERAccess.exe Report Id: fc7fea5a-3b85-11e1-b432-b8ac6f0e406e

Log: 'Application' Date/Time: 20/12/2011 1:03:21 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 8.0.7600.16912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 254 Start Time: 01ccbe50e6ef68b9 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: f9299cbc-2b0a-11e1-b46d-b8ac6f0e406e

Log: 'Application' Date/Time: 14/12/2011 3:42:32 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 8.0.7600.16869 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cfc Start Time: 01ccb37903f0f3df Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: 36b6bc69-266a-11e1-b823-b8ac6f0e406e

Log: 'Application' Date/Time: 12/12/2011 11:25:52 PM
Type: Error Category: 7828
Event: 5381 Source: uprtube
The event description cannot be found.

Log: 'Application' Date/Time: 12/12/2011 11:23:03 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program pwrsuite.exe version 27.540.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1bd0 Start Time: 01ccb924d9cc7235 Termination Time: 7 Application Path: c:\rey\bin\pwrsuite.exe Report Id: 350320ba-2518-11e1-b823-b8ac6f0e406e

Log: 'Application' Date/Time: 01/12/2011 10:21:41 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 8.0.7600.16869, time stamp: 0x4e4f21db Faulting module name: mshtml.dll, version: 8.0.7600.16891, time stamp: 0x4e869892 Exception code: 0xc00000fd Fault offset: 0x0010a3bc Faulting process id: 0x8f0 Faulting application start time: 0x01ccaedde2f0f428 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll Report Id: d759bb14-1c6a-11e1-b823-b8ac6f0e406e

Log: 'Application' Date/Time: 29/11/2011 7:29:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: GoogleToolbarUser_32.exe, version: 7.2.2304.102, time stamp: 0x4eb34147 Faulting module name: GoogleToolbarDynamic_32_065C9F0_unloaded, version: 0.0.0.0, time stamp: 0x4eb99ae6 Exception code: 0xc0000005 Fault offset: 0x6d2033ad Faulting process id: 0xcf8 Faulting application start time: 0x01ccaecce6be0862 Faulting application path: C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe Faulting module path: GoogleToolbarDynamic_32_065C9F0 Report Id: 74ad6dc1-1ac0-11e1-b431-b8ac6f0e406e

Log: 'Application' Date/Time: 29/11/2011 7:28:10 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ERAccess.exe version 27.514.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 430 Start Time: 01ccaeccf13879ee Termination Time: 3 Application Path: C:\rey\Bin\ERAccess.exe Report Id: 40269977-1ac0-11e1-b431-b8ac6f0e406e

Log: 'Application' Date/Time: 11/11/2011 8:38:32 PM
Type: Error Category: 912
Event: 5381 Source: uprtube
The event description cannot be found.

Log: 'Application' Date/Time: 11/11/2011 7:23:21 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program pwrsuite.exe version 27.529.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 26c Start Time: 01cca0a73601b997 Termination Time: 7 Application Path: c:\rey\bin\pwrsuite.exe Report Id: 95aa9ff6-0c9a-11e1-b29c-b8ac6f0e406e

Log: 'Application' Date/Time: 03/11/2011 12:39:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Faulting module name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Exception code: 0xc0000005 Fault offset: 0x00006e96 Faulting process id: 0xbf0 Faulting application start time: 0x01cc9973dcf59082 Faulting application path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Faulting module path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Report Id: d6f25735-0618-11e1-b303-b8ac6f0e406e

Log: 'Application' Date/Time: 03/11/2011 12:05:42 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Faulting module name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Exception code: 0xc0000005 Fault offset: 0x00006e96 Faulting process id: 0x8b0 Faulting application start time: 0x01cc9973e92ba8a8 Faulting application path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Faulting module path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Report Id: 268a3bfc-0614-11e1-b303-b8ac6f0e406e

Log: 'Application' Date/Time: 03/11/2011 11:00:12 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Faulting module name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Exception code: 0xc0000005 Fault offset: 0x00006e96 Faulting process id: 0x668 Faulting application start time: 0x01cc9973f45ca90c Faulting application path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Faulting module path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Report Id: 001058f8-060b-11e1-b303-b8ac6f0e406e

Log: 'Application' Date/Time: 02/11/2011 5:06:02 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Faulting module name: BZVBA.EXE, version: 4.1.2.902, time stamp: 0x47107b14 Exception code: 0xc0000005 Fault offset: 0x00006e96 Faulting process id: 0xb94 Faulting application start time: 0x01cc997401a19d19 Faulting application path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Faulting module path: C:\Program Files\ADP\webSuite TE\BZVBA.EXE Report Id: f0ec2ccf-0574-11e1-b303-b8ac6f0e406e

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/02/2012 1:16:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1454766406-4256416969-2470652638-1000:
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\My
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\CA
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\Root
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\trust
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Policies\Microsoft\SystemCertificates
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Policies\Microsoft\SystemCertificates
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Policies\Microsoft\SystemCertificates
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Policies\Microsoft\SystemCertificates
Process 892 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000\Software\Microsoft\SystemCertificates\TrustedPeople


Log: 'Application' Date/Time: 14/09/2011 7:00:49 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\ADP\ws2000\ws2000.exe' (pid 3028) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 29/06/2011 11:22:37 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 11:22:37 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 8:22:35 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 8:22:35 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 7:22:32 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 7:22:32 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 7:22:32 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 7:22:32 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1454766406-4256416969-2470652638-1000}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 29/06/2011 7:21:35 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Application Requested}.


Log: 'Application' Date/Time: 12/05/2011 4:28:24 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 300 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 12/05/2011 4:24:24 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 12/05/2011 1:02:17 PM
Type: Warning Category: 0
Event: 6004 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.

Log: 'Application' Date/Time: 12/05/2011 12:59:54 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1454766406-4256416969-2470652638-1000:
Process 456 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1454766406-4256416969-2470652638-1000


Log: 'Application' Date/Time: 12/05/2011 12:31:08 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.


Log: 'Application' Date/Time: 12/05/2011 3:27:10 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I don't see the aswMBR log.

In your event logs I see

The UCS Install NT Service service failed to start due to the following error: The system cannot find the file specified.


I assume this is part of some of your special purpose software. The odd thing is that the file is being called twice per your combofix log:


R2 UCS Install NT Service;UCS Install NT Service;c:\ucc\Services\UcsInSvc.exe [x]
...
S2 REY Install NT Service;REY Install NT Service;c:\rey\Bin\Ucsinsvc.exe [2011-07-29 98304]


I am assuming that both lines are looking for the same file but in different places. The first line doesn't find it but the second one does. We can probably fix this by just copying the file from c:\rey\Bin\Ucsinsvc.exe to c:\ucc\Services\UcsInSvc.exe


It appears you did not clear the Application Errors before running VEW. Let's try it again:
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application: Right click on APPLICATION and Clear Log, Clear.

Reboot.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP