Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Attn RKinner - Java Zero Day exploit? Thread from PM


  • Please log in to reply

#16
thisstinks

thisstinks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Quickscan with no parameter changes


OTL logfile created on: 9/13/2012 9:22:20 PM - Run 7
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Historic Inn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 78.80% Memory free
10.95 Gb Paging File | 9.75 Gb Available in Paging File | 88.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.54 Gb Total Space | 343.19 Gb Free Space | 76.00% Space Free | Partition Type: NTFS
Drive D: | 14.02 Gb Total Space | 1.65 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: HISTORICINN | User Name: Historic Inn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/19 21:41:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Historic Inn\Desktop\OTL.exe
PRC - [2012/05/08 23:39:52 | 001,061,520 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/17 18:53:28 | 000,522,720 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2012/02/17 17:52:52 | 000,425,250 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2011/03/22 15:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/08/13 14:04:02 | 003,168,256 | ---- | M] (Carbonite) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe -- (Carbonite-Mirror-Image-Svc)
SRV:64bit: - [2012/05/08 23:31:42 | 006,715,024 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/09/15 19:12:12 | 000,204,288 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/13 02:58:52 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/23 08:59:57 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\HISTOR~1\AppData\Local\Temp\7zS7843\hpslpsvc64.dll -- (HPSLPSVC)
SRV - [2012/04/02 23:22:18 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/18 21:26:44 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/04/02 23:25:44 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/04/02 23:23:12 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/04/02 23:22:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/15 19:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 18:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 18:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 18:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 13:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 13:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 12 42 CD DD 3C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Historic Inn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Historic Inn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/12 23:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/03 12:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/12 23:34:00 | 000,000,000 | ---D | M]

[2012/04/07 09:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Historic Inn\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Historic Inn\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Historic Inn\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Historic Inn\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Historic Inn\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Historic Inn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Historic Inn\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{579B1970-7426-4C37-A8E1-C2AC490679A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C284AAD2-9339-47FB-9F11-3833CE2F17F0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 17:05:38 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/13 17:03:41 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Local\Apps
[2012/09/13 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Local\Deployment
[2012/09/12 23:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012/09/12 23:39:32 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Roaming\HP
[2012/09/12 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Local\HP
[2012/09/12 23:33:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/09/12 23:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/09/12 23:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012/09/12 23:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/09/12 23:07:13 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/09/12 23:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/09/12 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\Desktop\SR reports
[2012/09/11 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/03 12:04:24 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Historic Inn\Desktop\FSS.exe
[2012/09/03 11:42:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Historic Inn\Desktop\aswMBR.exe
[2012/09/01 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Local\Google
[2012/09/01 11:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/09/01 11:34:58 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/09/01 11:34:58 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/09/01 11:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/01 11:34:56 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/09/01 11:34:53 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/09/01 11:34:53 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/09/01 11:34:50 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/09/01 11:34:50 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/09/01 11:34:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/01 11:34:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/09/01 11:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/01 11:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/01 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/08/30 17:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/28 19:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/28 19:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/28 19:48:48 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Users\Historic Inn\Desktop\ccsetup322.exe
[2012/08/28 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2012/08/28 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2012/08/28 15:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2012/08/27 21:30:34 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Historic Inn\Desktop\HousecallLauncher64.exe
[2012/08/27 11:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/08/26 10:47:27 | 001,479,536 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Historic Inn\Desktop\procexp64.exe
[2012/08/25 18:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/08/25 18:49:12 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Historic Inn\Desktop\revosetup.exe
[2012/08/25 18:35:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/25 17:53:17 | 000,000,000 | ---D | C] -- C:\silent runners
[2012/08/22 20:30:10 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Historic Inn\Desktop\procexp.exe
[2012/08/22 09:01:25 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Historic Inn\Desktop\TFC.exe
[2012/08/20 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Historic Inn\AppData\Local\Downloaded Installations
[2012/08/19 21:41:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Historic Inn\Desktop\OTL.exe
[2012/02/27 18:52:20 | 006,221,896 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/09/13 21:24:15 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 21:24:15 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 21:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 21:18:36 | 116,449,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/13 21:09:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-835331429-2790312560-2244690709-1001UA.job
[2012/09/13 17:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-835331429-2790312560-2244690709-1001Core.job
[2012/09/13 17:05:39 | 000,002,361 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Google Chrome.lnk
[2012/09/12 23:57:41 | 000,002,070 | ---- | M] () -- C:\Users\Historic Inn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/12 23:41:22 | 000,221,555 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/09/12 23:40:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/12 23:40:33 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/12 23:40:33 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/12 23:32:57 | 000,002,059 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/09/12 23:09:40 | 000,058,780 | ---- | M] () -- C:\Users\Historic Inn\Desktop\HP Installation Error - Windows 7.hta
[2012/09/11 15:38:49 | 004,009,167 | ---- | M] () -- C:\Users\Historic Inn\Desktop\ServicesRepair.exe
[2012/09/11 15:08:12 | 415,726,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/05 13:13:48 | 000,113,734 | ---- | M] () -- C:\Users\Historic Inn\Desktop\cmd prompt message.PNG
[2012/09/05 13:00:19 | 000,077,438 | ---- | M] () -- C:\Users\Historic Inn\Desktop\avast p2p exclusions.PNG
[2012/09/05 12:58:35 | 000,077,346 | ---- | M] () -- C:\Users\Historic Inn\Desktop\avast file exclsions 2.PNG
[2012/09/05 12:57:14 | 000,118,781 | ---- | M] () -- C:\Users\Historic Inn\Desktop\avast file exclusions 1.PNG
[2012/09/04 12:54:11 | 002,193,184 | ---- | M] () -- C:\Users\Historic Inn\Desktop\tdsskiller.zip
[2012/09/04 12:42:55 | 000,043,789 | ---- | M] () -- C:\Users\Historic Inn\Desktop\2012-08-15 11.34.14-1.jpg
[2012/09/03 12:33:03 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/09/03 12:27:08 | 000,029,278 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Avastthdrbirdwarning.PNG
[2012/09/03 12:20:54 | 000,000,512 | ---- | M] () -- C:\Users\Historic Inn\Desktop\MBR.dat
[2012/09/03 12:04:30 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Historic Inn\Desktop\FSS.exe
[2012/09/03 11:58:03 | 000,006,181 | ---- | M] () -- C:\Users\Historic Inn\Desktop\free_av_7.0.1466_2012-9-3_11-57-54.avastconfig
[2012/09/03 11:43:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Historic Inn\Desktop\aswMBR.exe
[2012/09/03 10:02:36 | 000,006,141 | ---- | M] () -- C:\Users\Historic Inn\Desktop\free_av_7.0.1466_2012-9-3_9-57-1.avastconfig
[2012/09/01 19:26:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/01 11:34:58 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/01 11:29:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/01 11:26:37 | 093,654,616 | ---- | M] () -- C:\Users\Historic Inn\Desktop\avast_free_antivirus_setup.exe
[2012/09/01 11:15:47 | 000,001,224 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Revo Uninstaller.lnk
[2012/08/30 20:33:44 | 000,001,915 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Microsoft Security Essentials.lnk
[2012/08/30 20:28:43 | 005,523,485 | ---- | M] () -- C:\Users\Historic Inn\AppData\Local\census.cache
[2012/08/30 20:24:01 | 000,094,602 | ---- | M] () -- C:\Users\Historic Inn\AppData\Local\ars.cache
[2012/08/28 21:26:05 | 000,007,605 | ---- | M] () -- C:\Users\Historic Inn\AppData\Local\Resmon.ResmonCfg
[2012/08/28 19:49:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/28 19:48:50 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Users\Historic Inn\Desktop\ccsetup322.exe
[2012/08/28 16:30:22 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 15:39:44 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2012/08/28 15:35:28 | 001,458,415 | ---- | M] (Old McDonald's Farm) -- C:\Users\Historic Inn\Desktop\aesetup2.6.exe
[2012/08/28 15:34:21 | 001,426,020 | ---- | M] () -- C:\Users\Historic Inn\Desktop\aesetup2.6.zip
[2012/08/27 21:31:21 | 000,000,036 | ---- | M] () -- C:\Users\Historic Inn\AppData\Local\housecall.guid.cache
[2012/08/27 21:30:34 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Historic Inn\Desktop\HousecallLauncher64.exe
[2012/08/26 15:44:09 | 000,029,322 | ---- | M] () -- C:\Users\Historic Inn\Desktop\ESET Proxy Configured.PNG
[2012/08/26 14:56:20 | 000,061,440 | ---- | M] ( ) -- C:\Users\Historic Inn\Desktop\VEW.exe
[2012/08/26 10:47:28 | 001,479,536 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Historic Inn\Desktop\procexp64.exe
[2012/08/25 18:49:27 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Historic Inn\Desktop\revosetup.exe
[2012/08/25 17:54:13 | 000,484,445 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Silent Runners.vbs
[2012/08/23 07:35:23 | 000,018,050 | ---- | M] () -- C:\Users\Historic Inn\Desktop\fieewall event gap.PNG
[2012/08/22 22:28:38 | 009,506,816 | ---- | M] () -- C:\Users\Historic Inn\Documents\cleared application log.evtx
[2012/08/22 22:27:45 | 020,975,616 | ---- | M] () -- C:\Users\Historic Inn\Documents\cleared system log.evtx
[2012/08/22 21:54:36 | 000,250,639 | ---- | M] () -- C:\Users\Historic Inn\Desktop\geekstogo.PNG
[2012/08/22 20:30:11 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Historic Inn\Desktop\procexp.exe
[2012/08/22 09:01:26 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Historic Inn\Desktop\TFC.exe
[2012/08/22 08:51:42 | 000,233,880 | ---- | M] () -- C:\Users\Historic Inn\Desktop\Comodo blocks 08 21and22 2012.PNG
[2012/08/22 00:56:49 | 000,063,861 | ---- | M] () -- C:\Users\Historic Inn\Desktop\2kodak uninstall.PNG
[2012/08/22 00:56:08 | 000,063,809 | ---- | M] () -- C:\Users\Historic Inn\Desktop\kodak uninstall.PNG
[2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 05:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/21 04:08:10 | 000,335,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/19 21:41:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Historic Inn\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/09/13 17:05:39 | 000,002,361 | ---- | C] () -- C:\Users\Historic Inn\Desktop\Google Chrome.lnk
[2012/09/13 17:04:37 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-835331429-2790312560-2244690709-1001UA.job
[2012/09/13 17:04:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-835331429-2790312560-2244690709-1001Core.job
[2012/09/12 23:32:57 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/09/12 23:23:45 | 000,221,555 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/09/12 23:23:45 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/09/12 23:09:38 | 000,058,780 | ---- | C] () -- C:\Users\Historic Inn\Desktop\HP Installation Error - Windows 7.hta
[2012/09/11 15:38:49 | 004,009,167 | ---- | C] () -- C:\Users\Historic Inn\Desktop\ServicesRepair.exe
[2012/09/05 13:13:47 | 000,113,734 | ---- | C] () -- C:\Users\Historic Inn\Desktop\cmd prompt message.PNG
[2012/09/05 13:00:19 | 000,077,438 | ---- | C] () -- C:\Users\Historic Inn\Desktop\avast p2p exclusions.PNG
[2012/09/05 12:58:35 | 000,077,346 | ---- | C] () -- C:\Users\Historic Inn\Desktop\avast file exclsions 2.PNG
[2012/09/05 12:57:14 | 000,118,781 | ---- | C] () -- C:\Users\Historic Inn\Desktop\avast file exclusions 1.PNG
[2012/09/04 12:54:06 | 002,193,184 | ---- | C] () -- C:\Users\Historic Inn\Desktop\tdsskiller.zip
[2012/09/04 12:42:55 | 000,043,789 | ---- | C] () -- C:\Users\Historic Inn\Desktop\2012-08-15 11.34.14-1.jpg
[2012/09/03 12:33:03 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/09/03 12:27:08 | 000,029,278 | ---- | C] () -- C:\Users\Historic Inn\Desktop\Avastthdrbirdwarning.PNG
[2012/09/03 11:59:34 | 000,000,512 | ---- | C] () -- C:\Users\Historic Inn\Desktop\MBR.dat
[2012/09/03 11:58:03 | 000,006,181 | ---- | C] () -- C:\Users\Historic Inn\Desktop\free_av_7.0.1466_2012-9-3_11-57-54.avastconfig
[2012/09/03 10:02:36 | 000,006,141 | ---- | C] () -- C:\Users\Historic Inn\Desktop\free_av_7.0.1466_2012-9-3_9-57-1.avastconfig
[2012/09/01 11:34:58 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/01 11:34:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/09/01 11:25:02 | 093,654,616 | ---- | C] () -- C:\Users\Historic Inn\Desktop\avast_free_antivirus_setup.exe
[2012/08/30 20:33:44 | 000,001,915 | ---- | C] () -- C:\Users\Historic Inn\Desktop\Microsoft Security Essentials.lnk
[2012/08/28 20:50:33 | 000,007,605 | ---- | C] () -- C:\Users\Historic Inn\AppData\Local\Resmon.ResmonCfg
[2012/08/28 19:49:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/28 15:39:44 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2012/08/28 15:34:18 | 001,426,020 | ---- | C] () -- C:\Users\Historic Inn\Desktop\aesetup2.6.zip
[2012/08/27 23:06:08 | 005,523,485 | ---- | C] () -- C:\Users\Historic Inn\AppData\Local\census.cache
[2012/08/27 23:03:29 | 000,094,602 | ---- | C] () -- C:\Users\Historic Inn\AppData\Local\ars.cache
[2012/08/27 21:31:21 | 000,000,036 | ---- | C] () -- C:\Users\Historic Inn\AppData\Local\housecall.guid.cache
[2012/08/26 15:44:09 | 000,029,322 | ---- | C] () -- C:\Users\Historic Inn\Desktop\ESET Proxy Configured.PNG
[2012/08/26 14:56:10 | 000,061,440 | ---- | C] ( ) -- C:\Users\Historic Inn\Desktop\VEW.exe
[2012/08/25 18:49:50 | 000,001,224 | ---- | C] () -- C:\Users\Historic Inn\Desktop\Revo Uninstaller.lnk
[2012/08/23 07:35:23 | 000,018,050 | ---- | C] () -- C:\Users\Historic Inn\Desktop\fieewall event gap.PNG
[2012/08/22 22:28:38 | 009,506,816 | ---- | C] () -- C:\Users\Historic Inn\Documents\cleared application log.evtx
[2012/08/22 22:27:44 | 020,975,616 | ---- | C] () -- C:\Users\Historic Inn\Documents\cleared system log.evtx
[2012/08/22 21:54:36 | 000,250,639 | ---- | C] () -- C:\Users\Historic Inn\Desktop\geekstogo.PNG
[2012/08/22 08:51:42 | 000,233,880 | ---- | C] () -- C:\Users\Historic Inn\Desktop\Comodo blocks 08 21and22 2012.PNG
[2012/08/22 00:56:49 | 000,063,861 | ---- | C] () -- C:\Users\Historic Inn\Desktop\2kodak uninstall.PNG
[2012/08/22 00:56:08 | 000,063,809 | ---- | C] () -- C:\Users\Historic Inn\Desktop\kodak uninstall.PNG
[2012/04/04 14:11:40 | 000,540,672 | ---- | C] () -- C:\Windows\SysWow64\TX32.dll
[2012/04/04 14:11:40 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2012/04/04 14:11:38 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\reg.dll
[2012/02/23 05:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/23 05:57:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/02/23 05:53:00 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/21 23:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/02/28 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Historic Inn\AppData\Roaming\OpenOffice.org
[2012/02/23 03:31:28 | 000,000,000 | ---D | M] -- C:\Users\Historic Inn\AppData\Roaming\Synaptics
[2012/04/07 09:20:48 | 000,000,000 | ---D | M] -- C:\Users\Historic Inn\AppData\Roaming\Thunderbird
[2012/08/23 17:11:43 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Doesn't look like anything broke.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#18
thisstinks

thisstinks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
If things look good I'll be thrilled because boot time is about 45 seconds. If I need to do an inplace reinstall to clean some of this up I would need to get a disk with W7 home prem 54 bit SP1 because this laptop only comes with a recovery partition and my carbonite mirror which I suppose would both contain my original problem.

Thank you again for all of the attention.



========================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2012 9:06:40 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2012 12:34:06 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: aswSnx

Log: 'System' Date/Time: 14/09/2012 12:34:05 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Diagnostic Service Host service hung on starting.

Log: 'System' Date/Time: 14/09/2012 12:32:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Routing and Remote Access service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 14/09/2012 12:32:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/09/2012 12:32:23 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/09/2012 12:32:16 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.

Log: 'System' Date/Time: 14/09/2012 12:31:38 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.




Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2012 9:07:11 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/09/2012 12:33:56 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
We are making some progress anyway if the boot time is less.

Still have three services unhappy.

Log: 'System' Date/Time: 14/09/2012 12:34:05 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Diagnostic Service Host service hung on starting.

Log: 'System' Date/Time: 14/09/2012 12:32:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Routing and Remote Access service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 14/09/2012 12:32:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Right click on Computer and select Manage (Continue) then Services and Applications then Services.

Find Diagnostic Service Host service and right click and select Properties. Verify the Startup Type: Manual (Don't think it will let you change it). Is it already running? If not, see if you can Start the service. Do you get an error? What does the error say?

Now go to Routing and Remote Access service and right click and select Properties. The default Startup for this service is Disabled. Change to Disabled and Apply.

Now go to Remote Access Auto Connection Manager service and right click and select Properties. The default Startup for this service is Manual. If it's not set to Manual, change it and Apply.

Log: 'System' Date/Time: 14/09/2012 12:32:23 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Double Click on Application. Find the above error and then click on Details, XML View and then Copy. Go to a reply and Paste (Ctrl + v). Add Reply.

Now download a new version of Avast installer and Save it but don't run it.


http://www.avast.com...ivirus-download
Also download the Avast Uninstall Utility
http://www.avast.com/uninstall-utility and save it.

Disconnect from the internet. Uninstall Avast. Run the Avast uninstaller by right clicking and Run As Admin. Reboot. Right click on the save Avast installer and Run As Admin. Reconnect to the Internet. Register Avast and make sure it is up to date.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#20
thisstinks

thisstinks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The Diagnostic Service Host was set to Automatic and was running. It allowed me to change it to manual but I cannot Start or Stop the service they are greyed out.

I stopped your instructions and rebooted.

After the reboot the Diagnostic Service Host was set to manual and was started.

Made other services changes sucessfully.

In the Windows Logs under application there were no events with ID = 11

However under Administrative Events I found several EventId=11

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 9/14/2012 8:27:49 PM
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: HistoricInn
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-09-15T00:27:49.275274600Z" />
<EventRecordID>88669</EventRecordID>
<Correlation />
<Execution ProcessID="476" ThreadID="512" />
<Channel>System</Channel>
<Computer>HistoricInn</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">0</Data>
<Data Name="String">
</Data>
</EventData>
</Event>



Uninstalled then Reinstalled AVAST

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2012 9:27:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2012 1:25:58 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:24:38 PM on ?9/?14/?2012 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2012 1:26:06 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/09/2012 1:25:59 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/09/2012 9:28:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/09/2012 1:27:37 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



I still see there are some problems but boot time is under 20 seconds better than 6 months ago when it was new.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
No errors from Avast so that is good.

Log: 'System' Date/Time: 15/09/2012 1:26:06 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.


Finally found an answer to this one. It's really stupid. There is a registry entry in

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
called
LoadAppInit_DLLs which has to be set to 0

Download the attached appfix.reg file and save it to your desktop. Right click on it and Merge. IF you clear your events and reboot it should not have the Event 11 alarm any more.

The other alarms aren't anything to worry about.

Log: 'System' Date/Time: 15/09/2012 1:25:59 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.


Since you are not using this it doesn't matter that it can't get through the firewall. You might check in services to see if the Storage Service has gotten turned on. It should normally be Manual and Off.

This one:

Log: 'Application' Date/Time: 15/09/2012 1:27:37 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Supposedly has a fixit:

http://support.micro...b;en-US;2545227

If it doesn't work I would not worry about it.

So how is it running now? Any problems?
  • 0

#22
thisstinks

thisstinks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Did everything you said above
EXCEPT - I cannot find anything in services for ISNS - services listing attached

Was still getting several errors that did not show up before for kernel error eventid=3

----------------------------------------------------------------------------

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 9/15/2012 5:42:40 PM
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: HistoricInn
Description:
Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2012-09-15T21:42:40.471613900Z" />
<EventRecordID>1121</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="148" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>HistoricInn</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">Microsoft Security Client OOBE</Data>
<Data Name="FileName">C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl</Data>
<Data Name="ErrorCode">3221225485</Data>
<Data Name="LoggingMode">5</Data>
</EventData>
</Event>




So I ran the chkdisk utility on C drive and waited Here is the log:



Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 9/15/2012 5:29:07 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: HistoricInn
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
224000 file records processed. File verification completed.
406 large file records processed. 0 bad file records processed. 0 EA records processed.

76 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
277930 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
224000 file SDs/SIDs processed. Cleaning up 187 unused index entries from index $SII of file 0x9.
Cleaning up 187 unused index entries from index $SDH of file 0x9.
Cleaning up 187 unused security descriptors.
Security descriptor verification completed.
26966 data files processed. CHKDSK is verifying Usn Journal...
37697392 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
223984 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
90523358 free clusters processed. Free space verification is complete.
Windows has checked the file system and found no problems.

473475071 KB total disk space.
110975380 KB in 104780 files.
64048 KB in 26967 indexes.
0 KB in bad sectors.
342211 KB in use by the system.
65536 KB occupied by the log file.
362093432 KB available on disk.

4096 bytes in each allocation unit.
118368767 total allocation units on disk.
90523358 allocation units available on disk.

Internal Info:
00 6b 03 00 af 02 02 00 22 ba 03 00 00 00 00 00 .k......".......
fc 01 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 ....L...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-15T21:29:07.000000000Z" />
<EventRecordID>20220</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>HistoricInn</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
224000 file records processed. File verification completed.
406 large file records processed. 0 bad file records processed. 0 EA records processed.

76 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
277930 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
224000 file SDs/SIDs processed. Cleaning up 187 unused index entries from index $SII of file 0x9.
Cleaning up 187 unused index entries from index $SDH of file 0x9.
Cleaning up 187 unused security descriptors.
Security descriptor verification completed.
26966 data files processed. CHKDSK is verifying Usn Journal...
37697392 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
223984 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
90523358 free clusters processed. Free space verification is complete.
Windows has checked the file system and found no problems.

473475071 KB total disk space.
110975380 KB in 104780 files.
64048 KB in 26967 indexes.
0 KB in bad sectors.
342211 KB in use by the system.
65536 KB occupied by the log file.
362093432 KB available on disk.

4096 bytes in each allocation unit.
118368767 total allocation units on disk.
90523358 allocation units available on disk.

Internal Info:
00 6b 03 00 af 02 02 00 22 ba 03 00 00 00 00 00 .k......".......
fc 01 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 ....L...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>



Cleared logs, rebooted, re-ran Vino's Event Viewer

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/09/2012 6:13:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/09/2012 6:12:23 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2012 9:42:49 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 5:41:25 PM on ?9/?15/?2012 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2012 9:42:53 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.



Updated ran
avast
bootscan
reboot
ran full scan
rebooted
ran silent runners



Avast all clean

So I would think I am in good shape.......


BUT 2 things

1. Process Explorer locks up the system for a bit, then fails now


- <Event xmlns="http://schemas.micro.../events/event">
- <System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-09-16T04:01:56.000000000Z" />
<EventRecordID>20351</EventRecordID>
<Channel>Application</Channel>
<Computer>HistoricInn</Computer>
<Security />
</System>
- <EventData>
<Data />
<Data>0</Data>
<Data>APPCRASH</Data>
<Data>Not available</Data>
<Data>0</Data>
<Data>procexp64.exe</Data>
<Data>15.22.0.0</Data>
<Data>4ff5cf90</Data>
<Data>StackHash_254c</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>000000000008000a</Data>
<Data />
<Data />
<Data>C:\Users\Historic Inn\AppData\Local\Temp\WER149.tmp.appcompat.txt C:\Users\Historic Inn\AppData\Local\Temp\WER1A7.tmp.WERInternalMetadata.xml C:\Users\Historic Inn\AppData\Local\Temp

\WER1A8.tmp.hdmp C:\Users\Historic Inn\AppData\Local\Temp\WER2E1.tmp.mdmp</Data>
<Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_procexp64.exe_ed1bece35924bf466ec14ba8f61b4f6bb4402a_cab_0c0e03a9</Data>
<Data />
<Data>0</Data>
<Data>3b0e519e-ffb3-11e1-b654-ac81128f7455</Data>
<Data>6</Data>
</EventData>
</Event>




and
2. Silentrunners now shows some new things. They may not be any issue but if you would peruse and let me know.



<<!>>: Suspicious data at a malware launch point.

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

*********

Potential Spyware from Non-disabled startup task or suspicious data but not at a usual malware launch point
(thisstinks - do not appear in msconfig.exe or in cccleaner startup items/windows sidebar gadgets are turned off in turn on/off windows features)

MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [CyberLink]
C:\Users\Historic Inn\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C:\Users\Historic Inn\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"


**********

Each grouping contains Unexpected Data but does not indicate malware or infection without further investigation

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]


C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Microsoft Security Client OOBE error means something is wrong with Microsoft Security Essential which should no longer be installed.

Try the fixit on this page:
http://support.micro....com/kb/2483120

Not sure why process explorer is crashing all of a sudden. Make sure Avast is not trying to run it in the sandbox. Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK Download a new copy. Don't forget when running it you should right click and Run As Admin.


Mirage Client is something to do with a webcam:

YCMMirage.exe is a background process which will monitor if any AP is using our virtual driver.
Once it is detected, YCMMirage will launch YouCam, and then YouCam will provide and share the webcam video to client APs.

The rest are all from Microsoft => [MS}
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP