Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack.NoFolderOption System Infected HELP

Started by Jayli , Sep 30 2012 12:04 PM

  • This topic is locked This topic is locked

#1
Jayli
Posted 30 September 2012 - 12:04 PM

Jayli

    Member

  • Member
  • PipPip
  • 98 posts
Hello All and thanks in advance.

Here is my system info.
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 2045 Mb
Graphics Card: Standard VGA Graphics Adapter, 2 Mb
Hard Drives: C: Total - 76216 MB, Free - 25806 MB;
Motherboard: Dell Inc.,
Antivirus: avast! Antivirus, Updated and Enabled

I've been struggling with this PC I just purchased. I cannot view (Showall) hidden files / folders. When I click the radio button, then apply, then OK it reverts back to Hide when I go back and check it. Also get Explorer error when trying to access Credential Manager. Csrss is showing in Task Mgr (one time) without any User Name attached and cannot click on it to view properties and cannot open file location. Can't remember which one, but 1 anti-virus removed ssprs.dll and 1sprst7.dll. I've run plenty of different scans including AVG 2013 (which crashed and burned on my system so I uninstalled it), Combofix (found and disinfected catchme.dll and userinit.exe), RRT from Sergiwa (trial version found "malware" but must upgrade to full to remove), SuperAnti-Spyware, TDSS Killer and Malwarebytes. Nothing has fixed the problem...cannot see hidden files.

Ran OTL and will attach file. I also have Hijack this and dds on my system if needed. Thanks Again in Advance. Jayli

OTL logfile created on: 9/30/2012 1:27:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisette Miller\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: | Country: | Language: | Date Format:

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 63.95% Memory free
4.00 Gb Paging File | 2.84 Gb Available in Paging File | 70.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 25.20 Gb Free Space | 33.86% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: Lisette Miller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 13:24:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisette Miller\Desktop\OTL.exe
PRC - [2012/09/30 11:22:53 | 000,896,912 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/09/26 07:02:44 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/25 11:35:34 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/09/24 19:12:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/17 03:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/30 13:15:28 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/09/30 13:15:14 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/09/25 11:35:34 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012/09/24 19:11:24 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/09/24 19:11:24 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 20:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2012/09/29 11:21:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/09/24 19:12:27 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 20:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/10/17 03:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/04 10:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/27 07:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 09:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 09:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/17 03:41:16 | 000,450,248 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/14 09:29:48 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/10/12 21:15:28 | 000,305,168 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 21:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 39 55 8E C3 9E CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/08/30 19:38:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/30 19:40:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/09/05 17:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/30 04:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/09/22 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/28 16:22:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = batfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 11:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/09/30 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- \Mozilla
[2012/09/30 11:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/09/30 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/09/30 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/30 11:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/30 10:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/30 10:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/30 04:24:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/30 04:24:47 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012/09/30 04:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/30 04:17:32 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/09/30 04:17:31 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/09/30 04:17:25 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/09/30 04:17:23 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/09/30 04:17:20 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/09/30 04:17:14 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/09/30 04:16:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/30 04:16:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- \RRTVAULT
[2012/09/29 18:10:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/09/29 18:09:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/09/29 17:53:02 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012/09/29 11:43:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/09/29 11:01:43 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/09/25 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/25 11:07:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\MFAData
[2012/09/24 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/24 19:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/24 19:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/24 16:41:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/24 16:35:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 16:35:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 16:35:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 16:34:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 13:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/24 13:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/24 13:11:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/24 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/23 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi
[2012/09/23 19:52:12 | 000,086,016 | R--- | C] (SA International) -- C:\Windows\System32\SAiLicSvr.exe
[2012/09/23 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/09/23 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SignWarehouse
[2012/09/23 19:48:43 | 000,077,824 | ---- | C] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
[2012/09/23 19:48:43 | 000,065,536 | ---- | C] (SA International) -- C:\Windows\System32\SAiAdmin.exe
[2012/09/23 19:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAi
[2012/09/23 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\SignWarehouse
[2012/09/23 19:47:05 | 000,014,336 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\HotFldrUI.dll
[2012/09/22 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/22 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/22 01:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/21 17:09:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Templates
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Start Menu
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\SendTo
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Recent
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\PrintHood
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\NetHood
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Local Settings
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Cookies
[2012/09/16 13:43:12 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\Application Data
[2012/09/16 13:43:11 | 000,000,000 | -HSD | C] -- C:\Users\Lisette Miller\My Documents
[2012/09/16 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Lisette Miller\Adobe Flash Builder 4.5
[2012/09/16 13:42:16 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Desktop
[2012/09/16 13:42:16 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Contacts
[2012/09/16 13:42:16 | 000,000,000 | -H-D | C] -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/16 13:42:16 | 000,000,000 | -H-D | C] -- C:\Users\Lisette Miller\AppData
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Videos
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Searches
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Saved Games
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Pictures
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Music
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Links
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Favorites
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Downloads
[2012/09/16 13:42:15 | 000,000,000 | R--D | C] -- C:\Users\Lisette Miller\Documents
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- \Recovery
[2012/09/16 13:35:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/16 12:59:49 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/05 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/09/05 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012/09/05 17:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software
[2012/09/05 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2012/09/05 16:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2012/09/05 16:46:05 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2012/09/05 16:46:03 | 000,305,168 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/09/05 16:45:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2012/09/05 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/09/05 16:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/09/05 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/05 16:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

========== Files - Modified Within 30 Days ==========

[2012/09/30 13:19:26 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/30 13:19:26 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/30 13:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 13:14:10 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/30 13:13:31 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 13:13:31 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:56:45 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/09/30 11:22:53 | 000,000,937 | ---- | M] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/30 11:22:53 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/30 10:31:05 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/30 04:17:33 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/30 04:17:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/30 02:06:25 | 000,001,221 | ---- | M] () -- C:\Windows\System32\userawacs.cfg
[2012/09/30 02:02:14 | 000,004,131 | ---- | M] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/29 22:04:20 | 000,000,238 | ---- | M] () -- C:\Windows\System32\usergui.cfg
[2012/09/29 21:24:12 | 000,000,120 | ---- | M] () -- C:\Windows\System32\userguistate.cfg
[2012/09/29 18:37:37 | 003,775,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/29 11:47:24 | 000,001,407 | ---- | M] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/29 11:23:56 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/28 16:22:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/24 19:10:17 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/24 16:40:06 | 000,000,144 | ---- | M] () -- C:\Windows\System32\pdfl.dat
[2012/09/24 16:15:34 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/24 13:11:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 12:08:19 | 000,001,382 | RHS- | M] () -- C:\Users\Lisette Miller\ntuser.pol
[2012/09/23 19:56:06 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:56:06 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:46:38 | 000,001,485 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/22 01:28:39 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 13:39:50 | 000,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/16 12:59:59 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/09 23:37:00 | 000,000,139 | ---- | M] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 20:54:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\netwin.bat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/05 19:26:57 | 000,002,162 | ---- | M] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 19:26:57 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 18:03:10 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 18:03:09 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 18:03:09 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:17:23 | 000,000,144 | ---- | M] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | M] () -- C:\Windows\System32\ibfl.dat

========== Files Created - No Company Name ==========

[2012/09/30 11:56:45 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/09/30 11:22:53 | 000,000,937 | ---- | C] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/30 11:22:53 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/30 10:31:05 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/30 04:17:33 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/30 02:02:14 | 000,004,131 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/29 17:54:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/09/29 17:53:58 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/09/29 17:52:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/29 17:52:46 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012/09/29 17:52:40 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012/09/29 11:23:56 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/25 11:44:29 | 000,000,120 | ---- | C] () -- C:\Windows\System32\userguistate.cfg
[2012/09/24 19:10:17 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/24 16:35:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 16:35:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 16:35:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 16:35:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 16:35:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 13:11:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 11:59:56 | 000,001,221 | ---- | C] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 11:59:56 | 000,000,238 | ---- | C] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:55:20 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:55:20 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:28:39 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 01:28:39 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 13:42:22 | 000,002,162 | ---- | C] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/16 13:42:22 | 000,001,407 | ---- | C] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/16 13:42:22 | 000,000,290 | ---- | C] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/16 13:42:22 | 000,000,272 | ---- | C] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/16 13:42:15 | 000,001,382 | RHS- | C] () -- C:\Users\Lisette Miller\ntuser.pol
[2012/09/16 13:06:08 | 000,000,139 | ---- | C] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 21:28:16 | 000,000,027 | ---- | C] () -- C:\Windows\System32\netwin.bat
[2012/09/08 19:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 19:26:57 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 17:53:17 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 17:53:17 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 17:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 16:45:26 | 000,001,485 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2012/08/29 22:00:03 | 1609,015,296 | -HS- | C] () -- \hiberfil.sys
[2009/07/13 22:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/13 22:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 30 September 2012 - 05:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Could I see your Combofix log?

Also let's run TDSSKiller again:

but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Start, All Programs, Accessories, then right click on Command Prompt and Run As Admin. Type regedit and hit Enter to open the registry editor.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Look in the right pane for the value Hidden. Right click on it and Modify then in the little window that pops up, change the value to 1. OK. Then close regedit and reboot. Go back in and see if it stayed at 1. Let me know if you get an error when you try to change the key.

This next one is going to take some time. I like to let it run while I sleep.
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt

Ron
  • 0

#3
Jayli
Posted 30 September 2012 - 11:46 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thanks for your time Ron. Pls let me know if you need something else.

There was a problem with 1 of your requests. I couldn't navigate to the folder you needed b/c it wasn't there.

* ******* IMPORTANT ***** There is no "Advanced" sub folder inside the Explorer folder. Inside the Explorer folder is SessionInfo folder. Inside SessionInfo folder is a folder named 1. Inside the 1 folder are the following 4 folders: LogonSoundHasBeenPlayed folder, RunStuffHasBeenRun folder, StartupHasBeenRun folder and WHCIconStartup folder.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ (The 4 other folders)


ComboFix 12-09-30.01 - Lisette Miller 09/30/2012 23:04:27.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1141 [GMT -4:00]
Running from: c:\users\Lisette Miller\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\catchme.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 03:14 . 2012-10-01 03:14 -------- d-----w- c:\users\SYS\AppData\Local\temp
2012-09-30 15:56 . 2012-09-30 16:30 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-09-30 15:23 . 2012-09-30 15:23 -------- d-----w- C:\Mozilla
2012-09-30 15:23 . 2012-09-30 15:23 -------- d-----w- c:\program files\Conduit
2012-09-30 15:22 . 2012-09-30 15:22 -------- d-----w- c:\program files\uTorrent
2012-09-30 15:11 . 2012-09-30 15:11 -------- d-----w- c:\program files\VS Revo Group
2012-09-30 14:31 . 2012-09-30 14:31 -------- d-----w- c:\program files\CCleaner
2012-09-30 08:17 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-30 08:17 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-30 08:17 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-30 08:17 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-30 08:17 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-30 08:17 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-30 08:16 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-30 08:16 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-30 08:16 . 2012-09-30 08:16 -------- d-----w- c:\programdata\AVAST Software
2012-09-30 08:16 . 2012-09-30 08:16 -------- d-----w- c:\program files\AVAST Software
2012-09-30 06:02 . 2012-09-30 06:02 -------- d-----w- C:\RRTVAULT
2012-09-29 22:10 . 2012-09-29 22:10 -------- d-----w- c:\windows\system32\SPReview
2012-09-29 22:09 . 2012-09-29 22:09 -------- d-----w- c:\windows\system32\EventProviders
2012-09-29 21:53 . 2010-11-20 12:32 5066752 ----a-w- c:\windows\system32\AuthFWSnapin.dll
2012-09-29 21:52 . 2010-11-20 12:21 51200 ----a-w- c:\windows\twain_32.dll
2012-09-29 21:37 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-09-29 21:37 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-29 21:37 . 2010-11-20 12:17 219648 ----a-w- c:\windows\system32\fsquirt.exe
2012-09-29 21:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-29 21:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-29 18:00 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-09-29 18:00 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-09-29 17:11 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-29 17:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-29 17:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-29 17:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-29 17:08 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-09-29 17:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-09-29 17:04 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-29 15:43 . 2012-09-29 15:43 -------- d-----w- c:\windows\system32\Wat
2012-09-29 15:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-09-29 15:09 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-09-29 15:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-09-29 15:08 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-29 15:08 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-29 15:08 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-09-29 15:08 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-29 15:01 . 2012-09-29 15:01 -------- d-----w- c:\windows\CheckSur
2012-09-29 14:53 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-09-29 14:53 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-09-29 14:53 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-09-29 14:53 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-09-29 14:53 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-09-29 14:53 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-09-29 14:52 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-29 14:50 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-09-29 14:50 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-29 14:50 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2012-09-29 14:50 . 2010-11-20 10:21 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-09-29 14:50 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-29 14:50 . 2010-11-20 12:17 262656 ----a-w- c:\windows\system32\rstrui.exe
2012-09-29 14:50 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-09-29 14:50 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-09-29 14:50 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-09-29 14:50 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2012-09-29 14:04 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-09-29 14:04 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-09-29 14:04 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2012-09-29 07:17 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-09-29 07:17 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-09-29 07:05 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EA20281-625B-4B33-BE1D-E4703427DA68}\mpengine.dll
2012-09-29 07:05 . 2012-05-31 16:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-29 03:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-29 03:27 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-29 03:27 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-09-26 01:34 . 2012-09-26 01:34 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-25 15:07 . 2012-09-25 15:07 -------- d-----w- c:\windows\system32\MFAData
2012-09-24 23:10 . 2012-09-26 11:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-24 23:10 . 2012-09-24 23:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-24 23:07 . 2012-09-24 23:07 -------- d-----w- c:\windows\Sun
2012-09-24 23:07 . 2012-09-24 23:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-24 23:06 . 2012-09-24 23:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-24 23:06 . 2012-09-24 23:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 23:06 . 2012-09-24 23:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 23:06 . 2012-09-24 23:06 -------- d-----w- c:\program files\Java
2012-09-24 23:05 . 2012-09-24 23:05 -------- d-----w- c:\programdata\McAfee
2012-09-24 17:11 . 2012-09-24 17:11 -------- d-----w- c:\programdata\Malwarebytes
2012-09-24 17:11 . 2012-09-24 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-24 17:11 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 23:55 . 2000-05-22 18:58 244416 ------w- c:\windows\system32\MSFLXGRD.OCX
2012-09-23 23:52 . 2007-12-19 19:58 86016 ------r- c:\windows\system32\SAiLicSvr.exe
2012-09-23 23:51 . 2012-09-23 23:51 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2012-09-23 23:50 . 2012-09-23 23:50 -------- d-----w- c:\program files\Common Files\SignWarehouse
2012-09-23 23:48 . 2012-09-23 23:48 -------- d-----w- c:\program files\Common Files\SAi
2012-09-23 23:48 . 2011-10-12 12:38 77824 ----a-w- c:\windows\system32\SAiDownloaderVista.exe
2012-09-23 23:48 . 2011-10-12 12:28 65536 ----a-w- c:\windows\system32\SAiAdmin.exe
2012-09-23 23:48 . 2004-05-04 12:53 1645320 ------w- c:\windows\system32\gdiplus.dll
2012-09-23 23:47 . 2012-09-23 23:47 -------- d-----w- c:\program files\SignWarehouse
2012-09-23 23:47 . 2006-12-12 21:19 14336 ----a-r- c:\windows\system32\HotFldrUI.dll
2012-09-22 05:28 . 2012-09-22 05:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-21 21:09 . 2012-09-21 21:10 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-09-16 17:42 . 2012-09-24 16:08 -------- d-----w- c:\users\Lisette Miller
2012-09-16 17:40 . 2012-09-16 17:40 -------- d-----w- C:\Recovery
2012-09-16 17:06 . 2012-09-10 03:37 139 ----a-w- c:\windows\system32\devnum.vbs
2012-09-16 16:59 . 2012-09-16 16:59 44544 ----a-w- c:\windows\system32\agremove.exe
2012-09-09 01:28 . 2012-09-09 00:54 27 ----a-w- c:\windows\system32\netwin.bat
2012-09-08 23:16 . 2012-09-16 17:40 -------- d-----w- c:\users\Default
2012-09-05 23:26 . 2012-09-05 23:26 -------- d-----w- c:\program files\Xilisoft
2012-09-05 21:53 . 2012-09-05 21:53 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-09-05 21:53 . 2012-09-05 21:53 1025 ----a-w- c:\windows\system32\clauth2.dll
2012-09-05 21:53 . 2012-09-05 21:53 1025 ----a-w- c:\windows\system32\clauth1.dll
2012-09-05 21:53 . 2012-09-05 21:53 -------- d-----w- c:\programdata\Minnetonka Audio Software
2012-09-05 21:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-05 21:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-05 21:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-05 21:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-05 21:06 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-05 21:06 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-05 21:06 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-05 21:06 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-05 21:06 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-09-05 20:55 . 2012-09-05 20:55 -------- d-----w- c:\programdata\Kaspersky SDK
2012-09-05 20:46 . 2009-10-17 07:39 72584 ----a-w- c:\windows\zllsputility.exe
2012-09-05 20:46 . 2009-10-13 01:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2012-09-05 20:45 . 2009-10-17 07:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2012-09-05 20:45 . 2009-10-17 07:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2012-09-05 20:45 . 2009-10-17 07:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2012-09-05 20:45 . 2012-09-05 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 22:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-09-25 15:35 . 2012-08-30 23:24 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 15:35 . 2012-08-30 23:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-06 01:27 . 2012-09-22 05:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-09-30 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 22:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 22:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 15:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 14:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SAiAdmin;SAiAdmin;c:\windows\System32\SAiAdmin.exe [x]
S2 SAiDownloader;SAiDownloader;c:\program files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe [x]
S2 SAiDownloaderVista;SAiDownloaderVista;c:\windows\System32\SAiDownloaderVista.exe [x]
S2 SAiLicSvr;SAiLicSvr;c:\windows\System32\SAiLicSvr.exe [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:00,9f,a0,38,17,71,19,09,1a,d8,59,f2,c1,ed,5a,c2,7b,7c,87,b1,f0,
50,e6,89,55,5a,8c,1b,ca,5d,79,ae,05,9f,6e,41,aa,e0,de,90,e4,77,d2,82,91,5b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:00,9f,a0,38,17,71,19,09,1a,d8,59,f2,c1,ed,5a,c2,7b,7c,87,b1,f0,
50,e6,89,55,5a,8c,1b,ca,5d,79,ae,05,9f,6e,41,aa,e0,de,90,e4,77,d2,82,91,5b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 23:18:08
ComboFix-quarantined-files.txt 2012-10-01 03:18
ComboFix2.txt 2012-09-28 20:25
ComboFix3.txt 2012-09-26 12:48
ComboFix4.txt 2012-09-24 21:47
.
Pre-Run: 26,877,501,440 bytes free
Post-Run: 26,801,827,840 bytes free
.
- - End Of File - - 299BFA9B2248F35CE44974675DD2821B



23:21:56.0250 2440 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:21:56.0547 2440 ============================================================
23:21:56.0547 2440 Current date / time: 2012/09/30 23:21:56.0547
23:21:56.0547 2440 SystemInfo:
23:21:56.0547 2440
23:21:56.0547 2440 OS Version: 6.1.7601 ServicePack: 1.0
23:21:56.0547 2440 Product type: Workstation
23:21:56.0547 2440 ComputerName: LISETTEMILLER
23:21:56.0547 2440 UserName: Lisette Miller
23:21:56.0547 2440 Windows directory: C:\Windows
23:21:56.0547 2440 System windows directory: C:\Windows
23:21:56.0547 2440 Processor architecture: Intel x86
23:21:56.0547 2440 Number of processors: 2
23:21:56.0547 2440 Page size: 0x1000
23:21:56.0547 2440 Boot type: Normal boot
23:21:56.0547 2440 ============================================================
23:21:57.0717 2440 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:21:57.0717 2440 ============================================================
23:21:57.0717 2440 \Device\Harddisk0\DR0:
23:21:57.0717 2440 MBR partitions:
23:21:57.0717 2440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:21:57.0717 2440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
23:21:57.0717 2440 ============================================================
23:21:57.0763 2440 C: <-> \Device\Harddisk0\DR0\Partition2
23:21:57.0763 2440 ============================================================
23:21:57.0763 2440 Initialize success
23:21:57.0763 2440 ============================================================
23:24:53.0170 3408 ============================================================
23:24:53.0170 3408 Scan started
23:24:53.0170 3408 Mode: Manual; SigCheck; TDLFS;
23:24:53.0170 3408 ============================================================
23:24:53.0513 3408 ================ Scan system memory ========================
23:24:53.0513 3408 System memory - ok
23:24:53.0513 3408 ================ Scan services =============================
23:24:53.0591 3408 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:24:53.0701 3408 !SASCORE - ok
23:24:53.0841 3408 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:24:53.0872 3408 1394ohci - ok
23:24:53.0888 3408 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:24:53.0903 3408 ACPI - ok
23:24:53.0919 3408 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:24:54.0013 3408 AcpiPmi - ok
23:24:54.0059 3408 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:54.0122 3408 adp94xx - ok
23:24:54.0153 3408 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:24:54.0169 3408 adpahci - ok
23:24:54.0200 3408 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:24:54.0215 3408 adpu320 - ok
23:24:54.0247 3408 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:24:54.0309 3408 AeLookupSvc - ok
23:24:54.0340 3408 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:24:54.0387 3408 AFD - ok
23:24:54.0418 3408 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:24:54.0465 3408 agp440 - ok
23:24:54.0465 3408 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:24:54.0481 3408 aic78xx - ok
23:24:54.0512 3408 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:24:54.0543 3408 ALG - ok
23:24:54.0559 3408 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:24:54.0574 3408 aliide - ok
23:24:54.0590 3408 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:24:54.0605 3408 amdagp - ok
23:24:54.0621 3408 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:24:54.0637 3408 amdide - ok
23:24:54.0668 3408 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:24:54.0683 3408 AmdK8 - ok
23:24:54.0715 3408 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:24:54.0746 3408 AmdPPM - ok
23:24:54.0777 3408 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:24:54.0793 3408 amdsata - ok
23:24:54.0824 3408 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:54.0839 3408 amdsbs - ok
23:24:54.0855 3408 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:24:54.0871 3408 amdxata - ok
23:24:54.0917 3408 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:24:55.0011 3408 AppID - ok
23:24:55.0042 3408 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:24:55.0073 3408 AppIDSvc - ok
23:24:55.0120 3408 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:24:55.0198 3408 Appinfo - ok
23:24:55.0214 3408 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:24:55.0245 3408 AppMgmt - ok
23:24:55.0261 3408 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:24:55.0276 3408 arc - ok
23:24:55.0292 3408 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:24:55.0307 3408 arcsas - ok
23:24:55.0354 3408 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:24:55.0401 3408 aswFsBlk - ok
23:24:55.0417 3408 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:24:55.0432 3408 aswMonFlt - ok
23:24:55.0448 3408 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
23:24:55.0463 3408 aswRdr - ok
23:24:55.0510 3408 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:24:55.0557 3408 aswSnx - ok
23:24:55.0573 3408 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:24:55.0588 3408 aswSP - ok
23:24:55.0604 3408 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:24:55.0619 3408 aswTdi - ok
23:24:55.0651 3408 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:55.0729 3408 AsyncMac - ok
23:24:55.0760 3408 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:24:55.0775 3408 atapi - ok
23:24:55.0838 3408 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:24:55.0931 3408 AudioEndpointBuilder - ok
23:24:55.0963 3408 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:24:55.0994 3408 Audiosrv - ok
23:24:56.0087 3408 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:24:56.0119 3408 avast! Antivirus - ok
23:24:56.0150 3408 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:24:56.0197 3408 AxInstSV - ok
23:24:56.0243 3408 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:24:56.0321 3408 b06bdrv - ok
23:24:56.0353 3408 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:24:56.0384 3408 b57nd60x - ok
23:24:56.0431 3408 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:24:56.0509 3408 BCM43XX - ok
23:24:56.0540 3408 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:24:56.0555 3408 BDESVC - ok
23:24:56.0571 3408 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:24:56.0602 3408 Beep - ok
23:24:56.0665 3408 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:24:56.0727 3408 BFE - ok
23:24:56.0789 3408 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
23:24:56.0836 3408 BITS - ok
23:24:56.0883 3408 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:56.0914 3408 blbdrive - ok
23:24:56.0945 3408 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:24:56.0992 3408 bowser - ok
23:24:57.0023 3408 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:57.0055 3408 BrFiltLo - ok
23:24:57.0070 3408 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:57.0101 3408 BrFiltUp - ok
23:24:57.0148 3408 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:24:57.0195 3408 BridgeMP - ok
23:24:57.0242 3408 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:24:57.0273 3408 Browser - ok
23:24:57.0304 3408 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:24:57.0335 3408 Brserid - ok
23:24:57.0367 3408 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:57.0413 3408 BrSerWdm - ok
23:24:57.0429 3408 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:57.0491 3408 BrUsbMdm - ok
23:24:57.0523 3408 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:57.0538 3408 BrUsbSer - ok
23:24:57.0585 3408 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:24:57.0663 3408 BthEnum - ok
23:24:57.0694 3408 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:57.0725 3408 BTHMODEM - ok
23:24:57.0741 3408 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:24:57.0819 3408 BthPan - ok
23:24:57.0835 3408 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:24:57.0881 3408 BTHPORT - ok
23:24:57.0913 3408 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:24:57.0959 3408 bthserv - ok
23:24:57.0975 3408 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:24:58.0037 3408 BTHUSB - ok
23:24:58.0069 3408 catchme - ok
23:24:58.0100 3408 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:24:58.0147 3408 cdfs - ok
23:24:58.0193 3408 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:24:58.0209 3408 cdrom - ok
23:24:58.0256 3408 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:24:58.0334 3408 CertPropSvc - ok
23:24:58.0365 3408 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:24:58.0396 3408 circlass - ok
23:24:58.0427 3408 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:24:58.0443 3408 CLFS - ok
23:24:58.0505 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:58.0537 3408 clr_optimization_v2.0.50727_32 - ok
23:24:58.0630 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:58.0661 3408 clr_optimization_v4.0.30319_32 - ok
23:24:58.0677 3408 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:58.0708 3408 CmBatt - ok
23:24:58.0755 3408 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:24:58.0786 3408 cmdide - ok
23:24:58.0833 3408 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:24:58.0864 3408 CNG - ok
23:24:58.0895 3408 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:24:58.0911 3408 Compbatt - ok
23:24:58.0942 3408 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:24:58.0973 3408 CompositeBus - ok
23:24:58.0989 3408 COMSysApp - ok
23:24:59.0020 3408 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:59.0036 3408 crcdisk - ok
23:24:59.0098 3408 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:24:59.0176 3408 CryptSvc - ok
23:24:59.0207 3408 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:24:59.0254 3408 CSC - ok
23:24:59.0285 3408 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:24:59.0348 3408 CscService - ok
23:24:59.0363 3408 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:24:59.0395 3408 DcomLaunch - ok
23:24:59.0426 3408 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:24:59.0473 3408 defragsvc - ok
23:24:59.0519 3408 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:24:59.0597 3408 DfsC - ok
23:24:59.0644 3408 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:24:59.0738 3408 Dhcp - ok
23:24:59.0769 3408 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:24:59.0816 3408 discache - ok
23:24:59.0831 3408 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:24:59.0847 3408 Disk - ok
23:24:59.0878 3408 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:24:59.0956 3408 Dnscache - ok
23:24:59.0987 3408 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:25:00.0034 3408 dot3svc - ok
23:25:00.0065 3408 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:25:00.0143 3408 DPS - ok
23:25:00.0159 3408 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:25:00.0206 3408 drmkaud - ok
23:25:00.0253 3408 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:25:00.0299 3408 DXGKrnl - ok
23:25:00.0315 3408 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:25:00.0346 3408 EapHost - ok
23:25:00.0471 3408 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:25:00.0549 3408 ebdrv - ok
23:25:00.0580 3408 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:25:00.0596 3408 EFS - ok
23:25:00.0689 3408 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:25:00.0752 3408 ehRecvr - ok
23:25:00.0783 3408 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:25:00.0830 3408 ehSched - ok
23:25:00.0877 3408 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:25:00.0908 3408 elxstor - ok
23:25:00.0955 3408 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:25:01.0001 3408 ErrDev - ok
23:25:01.0033 3408 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:25:01.0079 3408 EventSystem - ok
23:25:01.0111 3408 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:25:01.0142 3408 exfat - ok
23:25:01.0142 3408 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:25:01.0173 3408 fastfat - ok
23:25:01.0235 3408 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:25:01.0282 3408 Fax - ok
23:25:01.0313 3408 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:25:01.0376 3408 fdc - ok
23:25:01.0407 3408 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:25:01.0454 3408 fdPHost - ok
23:25:01.0501 3408 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:25:01.0547 3408 FDResPub - ok
23:25:01.0579 3408 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:25:01.0594 3408 FileInfo - ok
23:25:01.0610 3408 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:25:01.0657 3408 Filetrace - ok
23:25:01.0735 3408 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:25:01.0781 3408 FLEXnet Licensing Service - ok
23:25:01.0828 3408 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:01.0875 3408 flpydisk - ok
23:25:01.0875 3408 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:25:01.0891 3408 FltMgr - ok
23:25:01.0953 3408 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:25:02.0031 3408 FontCache - ok
23:25:02.0078 3408 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:02.0109 3408 FontCache3.0.0.0 - ok
23:25:02.0125 3408 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:25:02.0140 3408 FsDepends - ok
23:25:02.0203 3408 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:25:02.0249 3408 Fs_Rec - ok
23:25:02.0281 3408 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
23:25:02.0312 3408 FTDIBUS - ok
23:25:02.0343 3408 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
23:25:02.0374 3408 FTSER2K - ok
23:25:02.0437 3408 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:25:02.0468 3408 fvevol - ok
23:25:02.0483 3408 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:02.0499 3408 gagp30kx - ok
23:25:02.0561 3408 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:25:02.0639 3408 gpsvc - ok
23:25:02.0655 3408 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:25:02.0717 3408 hcw85cir - ok
23:25:02.0780 3408 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:02.0827 3408 HdAudAddService - ok
23:25:02.0842 3408 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:25:02.0889 3408 HDAudBus - ok
23:25:02.0920 3408 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:02.0951 3408 HidBatt - ok
23:25:02.0983 3408 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:25:03.0014 3408 HidBth - ok
23:25:03.0029 3408 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:25:03.0061 3408 HidIr - ok
23:25:03.0107 3408 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:25:03.0170 3408 hidserv - ok
23:25:03.0232 3408 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:25:03.0279 3408 HidUsb - ok
23:25:03.0326 3408 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:25:03.0404 3408 hkmsvc - ok
23:25:03.0435 3408 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:03.0466 3408 HomeGroupListener - ok
23:25:03.0513 3408 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:03.0575 3408 HomeGroupProvider - ok
23:25:03.0591 3408 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:25:03.0607 3408 HpSAMD - ok
23:25:03.0669 3408 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:25:03.0747 3408 HTTP - ok
23:25:03.0778 3408 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:25:03.0825 3408 hwpolicy - ok
23:25:03.0856 3408 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:25:03.0887 3408 i8042prt - ok
23:25:03.0934 3408 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:25:03.0965 3408 iaStorV - ok
23:25:04.0028 3408 [ 267D0048AE39A5BB2A5EFFDD722BECC8 ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
23:25:04.0059 3408 icsak - ok
23:25:04.0137 3408 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:04.0215 3408 idsvc - ok
23:25:04.0246 3408 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:25:04.0262 3408 iirsp - ok
23:25:04.0309 3408 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:25:04.0387 3408 IKEEXT - ok
23:25:04.0449 3408 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:25:04.0480 3408 intelide - ok
23:25:04.0496 3408 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:25:04.0527 3408 intelppm - ok
23:25:04.0574 3408 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:25:04.0621 3408 IPBusEnum - ok
23:25:04.0667 3408 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:04.0730 3408 IpFilterDriver - ok
23:25:04.0792 3408 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:25:04.0855 3408 iphlpsvc - ok
23:25:04.0901 3408 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:25:04.0948 3408 IPMIDRV - ok
23:25:04.0979 3408 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:25:05.0026 3408 IPNAT - ok
23:25:05.0026 3408 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:25:05.0073 3408 IRENUM - ok
23:25:05.0073 3408 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:25:05.0089 3408 isapnp - ok
23:25:05.0120 3408 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:25:05.0135 3408 iScsiPrt - ok
23:25:05.0167 3408 [ 6C614B6FD20194835C77346F6C34156E ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:25:05.0198 3408 ISWKL - ok
23:25:05.0213 3408 [ 879A0211BD911FC4B411B1D14559A791 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
23:25:05.0245 3408 IswSvc - ok
23:25:05.0260 3408 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:25:05.0276 3408 kbdclass - ok
23:25:05.0307 3408 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:25:05.0369 3408 kbdhid - ok
23:25:05.0385 3408 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:25:05.0401 3408 KeyIso - ok
23:25:05.0432 3408 [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
23:25:05.0447 3408 kl1 - ok
23:25:05.0479 3408 [ 7DDE660590C459AAE9CAA3B84FF6549F ] KLIF C:\Windows\system32\DRIVERS\klif.sys
23:25:05.0494 3408 KLIF - ok
23:25:05.0525 3408 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:25:05.0541 3408 KSecDD - ok
23:25:05.0557 3408 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:25:05.0572 3408 KSecPkg - ok
23:25:05.0603 3408 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:25:05.0713 3408 KtmRm - ok
23:25:05.0728 3408 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
23:25:05.0791 3408 LanmanServer - ok
23:25:05.0806 3408 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:05.0837 3408 LanmanWorkstation - ok
23:25:05.0884 3408 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:25:05.0900 3408 lltdio - ok
23:25:05.0931 3408 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:25:05.0978 3408 lltdsvc - ok
23:25:06.0009 3408 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:25:06.0040 3408 lmhosts - ok
23:25:06.0056 3408 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:06.0071 3408 LSI_FC - ok
23:25:06.0087 3408 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:06.0103 3408 LSI_SAS - ok
23:25:06.0149 3408 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:06.0165 3408 LSI_SAS2 - ok
23:25:06.0196 3408 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:06.0212 3408 LSI_SCSI - ok
23:25:06.0243 3408 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:25:06.0290 3408 luafv - ok
23:25:06.0305 3408 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:25:06.0321 3408 MBAMProtector - ok
23:25:06.0399 3408 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:25:06.0430 3408 MBAMScheduler - ok
23:25:06.0461 3408 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:25:06.0477 3408 MBAMService - ok
23:25:06.0524 3408 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:25:06.0571 3408 Mcx2Svc - ok
23:25:06.0602 3408 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:25:06.0617 3408 megasas - ok
23:25:06.0649 3408 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:06.0664 3408 MegaSR - ok
23:25:06.0742 3408 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:25:06.0758 3408 Microsoft Office Groove Audit Service - ok
23:25:06.0789 3408 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:25:06.0851 3408 MMCSS - ok
23:25:06.0867 3408 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:25:06.0914 3408 Modem - ok
23:25:06.0945 3408 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:25:06.0961 3408 monitor - ok
23:25:06.0992 3408 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:25:07.0007 3408 mouclass - ok
23:25:07.0023 3408 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:25:07.0054 3408 mouhid - ok
23:25:07.0101 3408 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:25:07.0132 3408 mountmgr - ok
23:25:07.0179 3408 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:25:07.0210 3408 MozillaMaintenance - ok
23:25:07.0257 3408 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:25:07.0273 3408 mpio - ok
23:25:07.0288 3408 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:25:07.0319 3408 mpsdrv - ok
23:25:07.0382 3408 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:25:07.0507 3408 MpsSvc - ok
23:25:07.0538 3408 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:25:07.0569 3408 MRxDAV - ok
23:25:07.0616 3408 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:07.0694 3408 mrxsmb - ok
23:25:07.0709 3408 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:07.0725 3408 mrxsmb10 - ok
23:25:07.0741 3408 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:07.0756 3408 mrxsmb20 - ok
23:25:07.0772 3408 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:25:07.0787 3408 msahci - ok
23:25:07.0834 3408 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:25:07.0850 3408 msdsm - ok
23:25:07.0850 3408 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:25:07.0897 3408 MSDTC - ok
23:25:07.0928 3408 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:25:07.0959 3408 Msfs - ok
23:25:07.0975 3408 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:25:08.0021 3408 mshidkmdf - ok
23:25:08.0053 3408 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:25:08.0068 3408 msisadrv - ok
23:25:08.0099 3408 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:25:08.0146 3408 MSiSCSI - ok
23:25:08.0146 3408 msiserver - ok
23:25:08.0162 3408 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:25:08.0209 3408 MSKSSRV - ok
23:25:08.0224 3408 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:08.0255 3408 MSPCLOCK - ok
23:25:08.0271 3408 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:25:08.0349 3408 MSPQM - ok
23:25:08.0365 3408 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:25:08.0380 3408 MsRPC - ok
23:25:08.0427 3408 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:25:08.0474 3408 mssmbios - ok
23:25:08.0505 3408 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:25:08.0552 3408 MSTEE - ok
23:25:08.0567 3408 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:08.0599 3408 MTConfig - ok
23:25:08.0645 3408 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:25:08.0661 3408 Mup - ok
23:25:08.0708 3408 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:25:08.0801 3408 napagent - ok
23:25:08.0833 3408 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:25:08.0848 3408 NativeWifiP - ok
23:25:08.0879 3408 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:25:08.0895 3408 NDIS - ok
23:25:08.0911 3408 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:08.0973 3408 NdisCap - ok
23:25:08.0989 3408 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:09.0020 3408 NdisTapi - ok
23:25:09.0051 3408 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:09.0082 3408 Ndisuio - ok
23:25:09.0145 3408 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:09.0207 3408 NdisWan - ok
23:25:09.0238 3408 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:25:09.0269 3408 NDProxy - ok
23:25:09.0285 3408 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:25:09.0316 3408 NetBIOS - ok
23:25:09.0379 3408 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:25:09.0441 3408 NetBT - ok
23:25:09.0472 3408 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:25:09.0488 3408 Netlogon - ok
23:25:09.0519 3408 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:25:09.0550 3408 Netman - ok
23:25:09.0566 3408 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:25:09.0597 3408 netprofm - ok
23:25:09.0628 3408 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:25:09.0644 3408 NetTcpPortSharing - ok
23:25:09.0800 3408 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:25:09.0862 3408 netw5v32 - ok
23:25:09.0893 3408 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:09.0909 3408 nfrd960 - ok
23:25:09.0940 3408 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:25:09.0987 3408 NlaSvc - ok
23:25:10.0018 3408 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys
23:25:10.0049 3408 NPF - ok
23:25:10.0081 3408 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:25:10.0159 3408 Npfs - ok
23:25:10.0174 3408 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:25:10.0221 3408 nsi - ok
23:25:10.0237 3408 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:25:10.0299 3408 nsiproxy - ok
23:25:10.0377 3408 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:25:10.0471 3408 Ntfs - ok
23:25:10.0486 3408 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:25:10.0517 3408 Null - ok
23:25:10.0564 3408 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:25:10.0580 3408 nvraid - ok
23:25:10.0580 3408 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:25:10.0595 3408 nvstor - ok
23:25:10.0627 3408 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:25:10.0658 3408 nv_agp - ok
23:25:10.0720 3408 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:25:10.0751 3408 odserv - ok
23:25:10.0767 3408 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:25:10.0798 3408 ohci1394 - ok
23:25:10.0829 3408 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:10.0845 3408 ose - ok
23:25:10.0892 3408 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:25:10.0923 3408 p2pimsvc - ok
23:25:10.0954 3408 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:25:11.0017 3408 p2psvc - ok
23:25:11.0048 3408 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:25:11.0063 3408 Parport - ok
23:25:11.0095 3408 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:25:11.0141 3408 partmgr - ok
23:25:11.0157 3408 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:25:11.0188 3408 Parvdm - ok
23:25:11.0188 3408 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:25:11.0219 3408 PcaSvc - ok
23:25:11.0235 3408 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:25:11.0251 3408 pci - ok
23:25:11.0266 3408 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:25:11.0282 3408 pciide - ok
23:25:11.0329 3408 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:11.0375 3408 pcmcia - ok
23:25:11.0407 3408 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:25:11.0438 3408 pcw - ok
23:25:11.0453 3408 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:25:11.0516 3408 PEAUTH - ok
23:25:11.0594 3408 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:25:11.0672 3408 PeerDistSvc - ok
23:25:11.0765 3408 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:25:11.0875 3408 pla - ok
23:25:11.0937 3408 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:25:11.0999 3408 PlugPlay - ok
23:25:12.0015 3408 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:25:12.0062 3408 PNRPAutoReg - ok
23:25:12.0077 3408 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:25:12.0109 3408 PNRPsvc - ok
23:25:12.0124 3408 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:25:12.0233 3408 PolicyAgent - ok
23:25:12.0280 3408 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:25:12.0343 3408 Power - ok
23:25:12.0374 3408 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:25:12.0405 3408 PptpMiniport - ok
23:25:12.0436 3408 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:25:12.0452 3408 Processor - ok
23:25:12.0514 3408 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:25:12.0577 3408 ProfSvc - ok
23:25:12.0592 3408 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:12.0608 3408 ProtectedStorage - ok
23:25:12.0623 3408 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:25:12.0655 3408 Psched - ok
23:25:12.0686 3408 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:25:12.0701 3408 PxHelp20 - ok
23:25:12.0764 3408 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:25:12.0795 3408 ql2300 - ok
23:25:12.0811 3408 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:12.0826 3408 ql40xx - ok
23:25:12.0857 3408 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:25:12.0904 3408 QWAVE - ok
23:25:12.0935 3408 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:25:12.0951 3408 QWAVEdrv - ok
23:25:12.0967 3408 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:25:13.0013 3408 RasAcd - ok
23:25:13.0045 3408 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:13.0091 3408 RasAgileVpn - ok
23:25:13.0107 3408 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:25:13.0138 3408 RasAuto - ok
23:25:13.0169 3408 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:13.0201 3408 Rasl2tp - ok
23:25:13.0247 3408 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:25:13.0325 3408 RasMan - ok
23:25:13.0325 3408 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:13.0372 3408 RasPppoe - ok
23:25:13.0388 3408 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:25:13.0419 3408 RasSstp - ok
23:25:13.0450 3408 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:25:13.0497 3408 rdbss - ok
23:25:13.0513 3408 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:13.0528 3408 rdpbus - ok
23:25:13.0575 3408 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:13.0637 3408 RDPCDD - ok
23:25:13.0669 3408 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:25:13.0700 3408 RDPDR - ok
23:25:13.0747 3408 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:25:13.0809 3408 RDPENCDD - ok
23:25:13.0840 3408 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:25:13.0856 3408 RDPREFMP - ok
23:25:13.0903 3408 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:25:13.0934 3408 RdpVideoMiniport - ok
23:25:13.0965 3408 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:25:14.0012 3408 RDPWD - ok
23:25:14.0059 3408 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:25:14.0090 3408 rdyboost - ok
23:25:14.0121 3408 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:25:14.0168 3408 RemoteAccess - ok
23:25:14.0199 3408 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:25:14.0230 3408 RemoteRegistry - ok
23:25:14.0277 3408 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:25:14.0308 3408 RFCOMM - ok
23:25:14.0339 3408 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:25:14.0355 3408 rpcapd - ok
23:25:14.0371 3408 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:25:14.0402 3408 RpcEptMapper - ok
23:25:14.0417 3408 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:25:14.0449 3408 RpcLocator - ok
23:25:14.0464 3408 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
23:25:14.0495 3408 RpcSs - ok
23:25:14.0527 3408 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:25:14.0573 3408 rspndr - ok
23:25:14.0620 3408 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:25:14.0667 3408 s3cap - ok
23:25:14.0698 3408 [ E7D22DF3D3DF3D6B16117225C7F46EFD ] SAiAdmin C:\Windows\System32\SAiAdmin.exe
23:25:14.0698 3408 SAiAdmin ( UnsignedFile.Multi.Generic ) - warning
23:25:14.0698 3408 SAiAdmin - detected UnsignedFile.Multi.Generic (1)
23:25:14.0776 3408 [ 3ED40039A91E5B1DD310AB3C922160D8 ] SAiDownloader C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
23:25:14.0792 3408 SAiDownloader ( UnsignedFile.Multi.Generic ) - warning
23:25:14.0792 3408 SAiDownloader - detected UnsignedFile.Multi.Generic (1)
23:25:14.0823 3408 [ 100AC9047AE9F4F4315B7A4AD2DCD71F ] SAiDownloaderVista C:\Windows\System32\SAiDownloaderVista.exe
23:25:14.0839 3408 SAiDownloaderVista ( UnsignedFile.Multi.Generic ) - warning
23:25:14.0839 3408 SAiDownloaderVista - detected UnsignedFile.Multi.Generic (1)
23:25:14.0870 3408 [ 626FF246CAEB4761978FF3A0790B97B2 ] SAiLicSvr C:\Windows\System32\SAiLicSvr.exe
23:25:14.0885 3408 SAiLicSvr ( UnsignedFile.Multi.Generic ) - warning
23:25:14.0885 3408 SAiLicSvr - detected UnsignedFile.Multi.Generic (1)
23:25:14.0901 3408 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:25:14.0917 3408 SamSs - ok
23:25:14.0963 3408 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:25:14.0979 3408 SASDIFSV - ok
23:25:15.0010 3408 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:25:15.0026 3408 SASKUTIL - ok
23:25:15.0073 3408 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:25:15.0119 3408 sbp2port - ok
23:25:15.0151 3408 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:25:15.0213 3408 SCardSvr - ok
23:25:15.0244 3408 [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
23:25:15.0260 3408 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
23:25:15.0260 3408 SCDEmu - detected UnsignedFile.Multi.Generic (1)
23:25:15.0307 3408 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:25:15.0369 3408 scfilter - ok
23:25:15.0431 3408 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:25:15.0494 3408 Schedule - ok
23:25:15.0556 3408 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:25:15.0603 3408 SCPolicySvc - ok
23:25:15.0619 3408 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:25:15.0650 3408 SDRSVC - ok
23:25:15.0665 3408 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:25:15.0712 3408 secdrv - ok
23:25:15.0728 3408 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:25:15.0775 3408 seclogon - ok
23:25:15.0806 3408 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:25:15.0837 3408 SENS - ok
23:25:15.0853 3408 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:25:15.0868 3408 SensrSvc - ok
23:25:15.0931 3408 [ E11D5A8852A383D4BE26356B87BFAB55 ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
23:25:15.0977 3408 SentinelKeysServer - ok
23:25:16.0009 3408 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:25:16.0024 3408 Serenum - ok
23:25:16.0071 3408 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:25:16.0102 3408 Serial - ok
23:25:16.0133 3408 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:25:16.0180 3408 sermouse - ok
23:25:16.0227 3408 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:25:16.0274 3408 SessionEnv - ok
23:25:16.0305 3408 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:25:16.0336 3408 sffdisk - ok
23:25:16.0352 3408 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:25:16.0367 3408 sffp_mmc - ok
23:25:16.0367 3408 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:25:16.0383 3408 sffp_sd - ok
23:25:16.0399 3408 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:16.0445 3408 sfloppy - ok
23:25:16.0492 3408 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:25:16.0555 3408 SharedAccess - ok
23:25:16.0586 3408 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:16.0617 3408 ShellHWDetection - ok
23:25:16.0664 3408 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:25:16.0695 3408 sisagp - ok
23:25:16.0711 3408 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:16.0726 3408 SiSRaid2 - ok
23:25:16.0757 3408 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:16.0773 3408 SiSRaid4 - ok
23:25:16.0820 3408 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:25:16.0867 3408 Smb - ok
23:25:16.0898 3408 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:25:16.0913 3408 SNMPTRAP - ok
23:25:16.0929 3408 [ 928310CFD08FA17F6AD8D63E53B395AD ] SNTNLUSB C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
23:25:16.0945 3408 SNTNLUSB - ok
23:25:16.0976 3408 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:25:16.0991 3408 spldr - ok
23:25:17.0038 3408 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:25:17.0069 3408 Spooler - ok
23:25:17.0210 3408 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:25:17.0288 3408 sppsvc - ok
23:25:17.0335 3408 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:25:17.0366 3408 sppuinotify - ok
23:25:17.0397 3408 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:25:17.0459 3408 srv - ok
23:25:17.0506 3408 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:25:17.0569 3408 srv2 - ok
23:25:17.0631 3408 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:25:17.0678 3408 SrvHsfHDA - ok
23:25:17.0709 3408 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:25:17.0740 3408 SrvHsfV92 - ok
23:25:17.0771 3408 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:25:17.0803 3408 SrvHsfWinac - ok
23:25:17.0818 3408 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:25:17.0865 3408 srvnet - ok
23:25:17.0912 3408 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:25:17.0943 3408 SSDPSRV - ok
23:25:17.0943 3408 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:25:18.0021 3408 SstpSvc - ok
23:25:18.0037 3408 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:25:18.0052 3408 stexstor - ok
23:25:18.0099 3408 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:25:18.0161 3408 StiSvc - ok
23:25:18.0177 3408 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:25:18.0208 3408 storflt - ok
23:25:18.0239 3408 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:25:18.0255 3408 storvsc - ok
23:25:18.0271 3408 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:25:18.0286 3408 swenum - ok
23:25:18.0364 3408 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:25:18.0411 3408 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
23:25:18.0411 3408 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
23:25:18.0458 3408 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:25:18.0520 3408 swprv - ok
23:25:18.0536 3408 Synth3dVsc - ok
23:25:18.0614 3408 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:25:18.0692 3408 SysMain - ok
23:25:18.0739 3408 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:18.0801 3408 TabletInputService - ok
23:25:18.0832 3408 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:25:18.0895 3408 TapiSrv - ok
23:25:18.0926 3408 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:25:18.0957 3408 TBS - ok
23:25:19.0035 3408 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:25:19.0113 3408 Tcpip - ok
23:25:19.0160 3408 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:25:19.0191 3408 TCPIP6 - ok
23:25:19.0238 3408 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:25:19.0300 3408 tcpipreg - ok
23:25:19.0347 3408 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:25:19.0378 3408 TDPIPE - ok
23:25:19.0394 3408 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:25:19.0425 3408 TDTCP - ok
23:25:19.0487 3408 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:25:19.0534 3408 tdx - ok
23:25:19.0581 3408 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:25:19.0612 3408 TermDD - ok
23:25:19.0690 3408 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:25:19.0753 3408 TermService - ok
23:25:19.0784 3408 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:25:19.0799 3408 Themes - ok
23:25:19.0815 3408 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:25:19.0862 3408 THREADORDER - ok
23:25:19.0862 3408 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:25:19.0909 3408 TrkWks - ok
23:25:19.0955 3408 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
23:25:19.0971 3408 TrojanKillerDriver - ok
23:25:20.0065 3408 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:20.0143 3408 TrustedInstaller - ok
23:25:20.0189 3408 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:20.0252 3408 tssecsrv - ok
23:25:20.0267 3408 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:25:20.0314 3408 TsUsbFlt - ok
23:25:20.0314 3408 tsusbhub - ok
23:25:20.0361 3408 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:25:20.0392 3408 tunnel - ok
23:25:20.0439 3408 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:25:20.0470 3408 uagp35 - ok
23:25:20.0501 3408 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:25:20.0533 3408 udfs - ok
23:25:20.0564 3408 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:25:20.0595 3408 UI0Detect - ok
23:25:20.0626 3408 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:25:20.0642 3408 uliagpkx - ok
23:25:20.0673 3408 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:25:20.0720 3408 umbus - ok
23:25:20.0751 3408 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:25:20.0798 3408 UmPass - ok
23:25:20.0829 3408 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:25:20.0860 3408 UmRdpService - ok
23:25:20.0876 3408 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:25:20.0923 3408 upnphost - ok
23:25:20.0954 3408 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
23:25:20.0969 3408 usbccgp - ok
23:25:21.0001 3408 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:25:21.0016 3408 usbcir - ok
23:25:21.0032 3408 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:25:21.0063 3408 usbehci - ok
23:25:21.0094 3408 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
23:25:21.0125 3408 usbhub - ok
23:25:21.0141 3408 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:25:21.0172 3408 usbohci - ok
23:25:21.0203 3408 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:25:21.0219 3408 usbprint - ok
23:25:21.0235 3408 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
23:25:21.0250 3408 USBSTOR - ok
23:25:21.0266 3408 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:25:21.0297 3408 usbuhci - ok
23:25:21.0344 3408 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:25:21.0391 3408 UxSms - ok
23:25:21.0406 3408 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:25:21.0422 3408 VaultSvc - ok
23:25:21.0422 3408 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:25:21.0437 3408 vdrvroot - ok
23:25:21.0500 3408 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:25:21.0609 3408 vds - ok
23:25:21.0656 3408 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:21.0671 3408 vga - ok
23:25:21.0703 3408 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:25:21.0734 3408 VgaSave - ok
23:25:21.0734 3408 VGPU - ok
23:25:21.0781 3408 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:25:21.0796 3408 vhdmp - ok
23:25:21.0812 3408 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:25:21.0827 3408 viaagp - ok
23:25:21.0843 3408 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:25:21.0874 3408 ViaC7 - ok
23:25:21.0921 3408 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:25:21.0968 3408 viaide - ok
23:25:21.0983 3408 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:25:22.0030 3408 vmbus - ok
23:25:22.0046 3408 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:25:22.0061 3408 VMBusHID - ok
23:25:22.0077 3408 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:25:22.0093 3408 volmgr - ok
23:25:22.0124 3408 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:25:22.0139 3408 volmgrx - ok
23:25:22.0171 3408 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:25:22.0186 3408 volsnap - ok
23:25:22.0233 3408 [ BE06BC4BA3CCF82C88E2981745A2F0D9 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
23:25:22.0280 3408 Vsdatant - ok
23:25:22.0311 3408 vsmon - ok
23:25:22.0342 3408 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:22.0358 3408 vsmraid - ok
23:25:22.0420 3408 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:25:22.0483 3408 VSS - ok
23:25:22.0498 3408 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:22.0529 3408 vwifibus - ok
23:25:22.0529 3408 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:22.0561 3408 vwififlt - ok
23:25:22.0576 3408 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:25:22.0623 3408 W32Time - ok
23:25:22.0639 3408 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:25:22.0670 3408 WacomPen - ok
23:25:22.0717 3408 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:25:22.0779 3408 WANARP - ok
23:25:22.0795 3408 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:22.0826 3408 Wanarpv6 - ok
23:25:22.0919 3408 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:25:22.0997 3408 WatAdminSvc - ok
23:25:23.0044 3408 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:25:23.0091 3408 wbengine - ok
23:25:23.0122 3408 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:25:23.0169 3408 WbioSrvc - ok
23:25:23.0200 3408 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:23.0247 3408 wcncsvc - ok
23:25:23.0263 3408 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:23.0294 3408 WcsPlugInService - ok
23:25:23.0325 3408 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:25:23.0341 3408 Wd - ok
23:25:23.0372 3408 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:23.0403 3408 Wdf01000 - ok
23:25:23.0419 3408 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:23.0465 3408 WdiServiceHost - ok
23:25:23.0465 3408 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:23.0481 3408 WdiSystemHost - ok
23:25:23.0512 3408 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:25:23.0575 3408 WebClient - ok
23:25:23.0606 3408 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:23.0637 3408 Wecsvc - ok
23:25:23.0653 3408 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:23.0684 3408 wercplsupport - ok
23:25:23.0715 3408 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:23.0746 3408 WerSvc - ok
23:25:23.0762 3408 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:23.0793 3408 WfpLwf - ok
23:25:23.0809 3408 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:25:23.0824 3408 WIMMount - ok
23:25:23.0887 3408 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:25:23.0933 3408 WinDefend - ok
23:25:23.0949 3408 WinHttpAutoProxySvc - ok
23:25:24.0011 3408 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:24.0058 3408 Winmgmt - ok
23:25:24.0136 3408 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:24.0230 3408 WinRM - ok
23:25:24.0292 3408 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\drivers\WinUSB.sys
23:25:24.0355 3408 WinUsb - ok
23:25:24.0417 3408 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:24.0495 3408 Wlansvc - ok
23:25:24.0526 3408 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:25:24.0557 3408 WmiAcpi - ok
23:25:24.0589 3408 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:24.0620 3408 wmiApSrv - ok
23:25:24.0713 3408 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:24.0791 3408 WMPNetworkSvc - ok
23:25:24.0807 3408 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:24.0854 3408 WPCSvc - ok
23:25:24.0885 3408 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:24.0932 3408 WPDBusEnum - ok
23:25:24.0979 3408 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:25.0041 3408 ws2ifsl - ok
23:25:25.0088 3408 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:25:25.0135 3408 wscsvc - ok
23:25:25.0135 3408 WSearch - ok
23:25:25.0213 3408 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:25.0337 3408 wuauserv - ok
23:25:25.0369 3408 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:25:25.0447 3408 WudfPf - ok
23:25:25.0509 3408 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
23:25:25.0571 3408 WUDFRd - ok
23:25:25.0603 3408 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:25.0634 3408 wudfsvc - ok
23:25:25.0665 3408 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:25:25.0696 3408 WwanSvc - ok
23:25:25.0712 3408 ================ Scan global ===============================
23:25:25.0805 3408 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:25:25.0852 3408 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:25:25.0883 3408 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:25:25.0915 3408 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:25:25.0946 3408 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:25:25.0946 3408 [Global] - ok
23:25:25.0946 3408 ================ Scan MBR ==================================
23:25:25.0961 3408 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:26.0211 3408 \Device\Harddisk0\DR0 - ok
23:25:26.0211 3408 ================ Scan VBR ==================================
23:25:26.0211 3408 [ 7456AC93898768802EE7A87086029C52 ] \Device\Harddisk0\DR0\Partition1
23:25:26.0211 3408 \Device\Harddisk0\DR0\Partition1 - ok
23:25:26.0242 3408 [ F390C335C8B1F599A2CA5CDD4AF70FA0 ] \Device\Harddisk0\DR0\Partition2
23:25:26.0242 3408 \Device\Harddisk0\DR0\Partition2 - ok
23:25:26.0242 3408 ============================================================
23:25:26.0242 3408 Scan finished
23:25:26.0242 3408 ============================================================
23:25:26.0273 2708 Detected object count: 6
23:25:26.0273 2708 Actual detected object count: 6
23:27:58.0249 2708 SAiAdmin ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SAiAdmin ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:58.0249 2708 SAiDownloader ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SAiDownloader ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:58.0249 2708 SAiDownloaderVista ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SAiDownloaderVista ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:58.0249 2708 SAiLicSvr ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SAiLicSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:58.0249 2708 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:27:58.0249 2708 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:58.0249 2708 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:35.0776 2600 Deinitialize success

ASWBoot---------------------

---------------------------------------
10/01/2012 00:17
Scan of all local drives

File C:\Users\Default\AppData\Local\Adobe\Updater6\Install\encore4\Encore-4.0.1-mul-AdobeUpdate.zip|>extensions\AdobeEncore4All-121108114212\Assets\1163 Error 42125 {ZIP archive is corrupted.}
File C:\Users\Lisette Miller\AppData\Local\Adobe\Updater6\Install\encore4\Encore-4.0.1-mul-AdobeUpdate.zip|>extensions\AdobeEncore4All-121108114212\Assets\1163 Error 42125 {ZIP archive is corrupted.}
File C:\Users\Lisette Miller\Downloads\setup_11.0.0.1245.x01_2012_09_26_02_53.exe.part|>6562746rar.exe Error 42126 {RAR archive is corrupted.}
Number of searched folders: 36587
Number of tested files: 1040013
Number of infected files: 0
  • 0

#4
RKinner
Posted 01 October 2012 - 01:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Navigate to this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

and right click on Advanced and Export the key to your desktop. Call it hklmadv This will create a file hklmadv.reg on your desktop. See if you can attach it to your next post. You may have to zip it up if the forum won't allow you to attach .reg files tho it just let me do it.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
Jayli
Posted 01 October 2012 - 10:04 AM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ron. Here's some background. I just purchased this on that "famous" auction site about 10 days ago so all the problems are new to me. None of the driver dates are recent, so I'm going to attach the log. Thanks.

********************************

Microsoft Signature Verification

Log file generated on 10/1/2012 at 11:03 AM
OS Platform: Windows (x86), Version: 6.1, Build: 7601, CSDVersion: Service Pack 1
Scan Results: Total Files: 130, Signed: 129, Unsigned: 0, Not Scanned: 1

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\checkpoint\zaforcefield]
iswkl.sys 10/14/2009 None Signed N/A
[c:\program files\checkpoint\zaforcefield\ak]
icsak.sys 10/14/2009 None Signed N/A
[c:\program files\superantispyware]
sasdifsv.sys 7/22/2011 None Signed N/A
saskutil.sys 7/12/2011 None Signed N/A
[c:\windows\system32]
batt.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
clfs.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
fsquirt.exe 11/20/2010 2:5.1 Signed Package_1_for_KB2532Microsoft Windows
storprop.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
streamci.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
sysfxui.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
wmalfxgfxdsp.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
wudfcoinstaller.dll 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
[c:\windows\system32\drivers]
1394ohci.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
acpi.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
afd.sys 4/24/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2503Microsoft Windows
agilevpn.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
aswrdr2.sys 8/21/2012 None Signed N/A
asyncmac.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
atapi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ataport.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
b57nd60x.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
battc.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
blbdrive.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
bthenum.sys 7/13/2009 2:5.1 Signed Package_1_for_KB2532Microsoft Windows
bthpan.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
bthport.sys 4/27/2011 2:5.1 Signed Package_1_for_KB2532Microsoft Windows
bthusb.sys 4/27/2011 2:5.1 Signed Package_1_for_KB2532Microsoft Windows
cdrom.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cmbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cng.sys 6/2/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2655Microsoft Windows
compbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
compositebus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
csc.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-OfMicrosoft Windows
discache.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
disk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
drmk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
drmkaud.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
fvevol.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows
hdaudbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hdaudio.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hidclass.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidparse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidusb.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
http.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
hwpolicy.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
i8042prt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
intelide.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
intelppm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kl1.sys 10/12/2009 None Signed N/A
ksecdd.sys 6/2/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2655Microsoft Windows
ksecpkg.sys 6/2/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2655Microsoft Windows
lltdio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
modem.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
monitor.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
mouclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mouhid.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mountmgr.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
mpsdrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
msisadrv.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mskssrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspclock.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspqm.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mssmbios.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mstee.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndis.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
ndistapi.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndisuio.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
ndiswan.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
netbt.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
netw5v32.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
npf.sys 10/20/2009 None Signed N/A
nsiproxy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
nwifi.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows
pacer.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
pci.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciidex.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pcmcia.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
pcw.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
peauth.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
portcls.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rasl2tp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
raspppoe.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
raspptp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rassstp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rdpcdd.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
rdpencdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdprefmp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rfcomm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rspndr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
serenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
serial.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
sermouse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
swenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tcpip.sys 8/22/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2735Microsoft Windows
tcpipreg.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
tdx.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
termdd.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tunnel.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
umbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbd.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbehci.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbhub.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbport.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbuhci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vdrvroot.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vga.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
vgapnp.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
vmbus.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-CoMicrosoft Windows
vmstorfl.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-GuMicrosoft Windows
volmgr.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
volmgrx.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
volsnap.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vsdatant.sys 10/17/2009 None Signed N/A
vstazl3.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vstcnxt3.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vstdpv3.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vstprof.cty 6/10/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vwififlt.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows
wanarp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
wdf01000.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
wfplwf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
winusb.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
wmiacpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ws2ifsl.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
wudfpf.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
wudfrd.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
[c:\windows\system32\drivers\umdf]
wudfusbcciddriver.dl 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

Unscanned Files:
------------------
[c:\windows\c:\windows\temp]
catchme.sys The directory name is invalid.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 11:53:22 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 3:52:55 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:52:54 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:47:41 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:47:41 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:40:23 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:27:34 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process id: 0x210 Faulting application start time: 0x01cd9fe93cd20a14 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8593cebf-0bdc-11e2-a574-001a6bf9aff0

Log: 'Application' Date/Time: 01/10/2012 2:51:47 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 2:51:47 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 10:00:16 AM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 3:40:25 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 01/10/2012 10:00:18 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 11:48:46 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 3:49:07 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:06 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:04 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:04 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:03 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:02 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:02 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:01 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:01 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:00 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:49:00 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:59 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:59 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:58 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:57 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 3:48:57 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 3:40:18 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 3:40:17 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 3:39:42 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/10/2012 10:00:09 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 10:00:08 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 9:14:55 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Attached Files


  • 0

#6
RKinner
Posted 01 October 2012 - 10:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

"Log: 'Application' Date/Time: 01/10/2012 3:52:55 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified."


This is a major problem which needs to be fixed. Some major damage to the registry. Supposedly the FixIt here:
http://support.microsoft.com/kb/886549
will help. At least that's what they say here:
http://answers.micro...65-16b9ceeb5631

You are having major problems with Zone Alarm. Possibly because of the missing registry entries tho you never know with Zone Alarm. I quit using it years ago because of constant hangs at boot. I find the free version of Online Armor to be better and more reliable. http://www.online-ar...-armor-free.php


Log: 'Application' Date/Time: 01/10/2012 3:40:25 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.


You will need to re-activate your copy of Windows. Hopefully it has a valid sticker on it somewhere.

http://www.sevenforu...s-7-online.html
  • 0

#7
Jayli
Posted 01 October 2012 - 11:54 AM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ok. So now I'm worried. Should I just Uninstall Zone Alarm? That would at least get rid of that problem, right?

And then take the other steps as directed.

Edited by Jayli, 01 October 2012 - 12:09 PM.

  • 0

#8
RKinner
Posted 01 October 2012 - 12:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
It's not working from the log says so it doesn't matter. I'm more worried about the registry issue so let's try to fix that first.
  • 0

#9
Jayli
Posted 01 October 2012 - 12:24 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Went to the fix and click on FIX It. Got this message. Thanks.

C:\Windows\TEMP\PY0Rk2uI.msi.part could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location.
  • 0

#10
RKinner
Posted 01 October 2012 - 01:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Sometimes you can get it to work by running IE as Admin. (Right click on the IE icon on the task bar then right click again on Internet Explorer then Run As Admin.)

If that doesn't help then:

Right click on Start and select Explore and navigate to C:\Windows\TEMP

Right click on Temp and select Properties then Security. Click on System. Verify that it has Full Control checked in the lower pane under Allow.

Now click on Administrators and do the same.

Now click on Users. Normally it does not have any permissions but it won't hurt to give it Full Control too. To change Permissions: Click on EDIT then select the correct user group then check the Full Control box under Allow then OK.

Close the Properties box then go back in and check that it took. Reboot and try again.
  • 0

Advertisements

#11
Jayli
Posted 01 October 2012 - 01:05 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ok. Did a bit of research and changed form Temp to download folder. Ran FIX IT software and restarted the Laptop. What next? Thanks.
  • 0

#12
RKinner
Posted 01 October 2012 - 01:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Let's see if it helped.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#13
Jayli
Posted 01 October 2012 - 01:19 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Here they are. Thanks.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 3:10:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 7:10:42 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:42 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:41 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:40 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:40 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:39 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:38 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:38 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:37 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:37 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:36 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:36 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:35 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:35 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:34 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:34 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:33 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/10/2012 7:10:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Zone Alarm Firewall Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 7:00:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 7:00:53 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 7:00:16 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/10/2012 5:55:25 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 5:55:25 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 4:10:26 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/10/2012 3:40:18 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 3:40:17 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 3:39:42 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/10/2012 10:00:09 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 01/10/2012 10:00:08 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/10/2012 9:14:55 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 3:13:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 7:13:01 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:13:01 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:09:44 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:09:44 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:07:18 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:07:18 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 7:01:05 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 6:52:48 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 6:52:00 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 5:58:20 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 5:58:20 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 5:55:29 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:52:55 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:52:54 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:47:41 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:47:41 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:40:23 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 3:27:34 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 9.0.8112.16450, time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process id: 0x210 Faulting application start time: 0x01cd9fe93cd20a14 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8593cebf-0bdc-11e2-a574-001a6bf9aff0

Log: 'Application' Date/Time: 01/10/2012 2:51:47 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

Log: 'Application' Date/Time: 01/10/2012 2:51:47 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 7:01:06 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 01/10/2012 5:55:30 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 01/10/2012 3:40:25 PM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 01/10/2012 10:00:18 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.
  • 0

#14
RKinner
Posted 01 October 2012 - 01:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Log: 'Application' Date/Time: 01/10/2012 7:13:01 PM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.


Still there unfortunately.

Can you do a system restore to an earlier time?
  • 0

#15
Jayli
Posted 01 October 2012 - 01:34 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Sure. If you walk me through it, I'll be happy to try it. Will that bring any virus that were deleted back into my system? Anyway, nothing to lose, let's go for it! I trust you Ron. :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP