Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Malware-gen trojan infection

Started by gregahoffman , Sep 24 2013 01:33 PM

  • Please log in to reply

#121
gregahoffman
Posted 12 October 2013 - 07:28 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
application log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2013 8:25:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/10/2013 1:20:35 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2728 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 14592 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


i also got this warning upon reboot

Attached Thumbnails

  • Capture1.PNG

  • 0

Advertisements

#122
gregahoffman
Posted 12 October 2013 - 07:30 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
system log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2013 8:30:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2013 1:21:30 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 13/10/2013 1:20:43 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/10/2013 1:20:43 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll
  • 0

#123
RKinner
Posted 12 October 2013 - 08:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Go into Device Manager again and right click everything under Universal Serial Bus Controllers and Uninstall then reboot. Do you still get the error?
  • 0

#124
gregahoffman
Posted 13 October 2013 - 06:32 AM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
there are quite a few entries in there, do i not need any of them??
  • 0

#125
RKinner
Posted 13 October 2013 - 03:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
They will all come back when it reboots. Windows will rediscover them and hopefully install them correctly this time.
  • 0

#126
gregahoffman
Posted 13 October 2013 - 05:30 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
it looks like everything is working, and no error at reboot this time
  • 0

#127
RKinner
Posted 13 October 2013 - 07:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Guess we just let it cook for a while and see if it stays happy.
  • 0

#128
gregahoffman
Posted 15 October 2013 - 06:53 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
ok, thanks Ron
  • 0

#129
gregahoffman
Posted 17 October 2013 - 05:13 AM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
got ready to go to work this morn, stopped to look at something on the web...the comp is turned off...turn it on, after all the start up stuff, it says windows recovered from...I don't remember again what it said, but it shutdown on its own again.
  • 0

#130
gregahoffman
Posted 17 October 2013 - 07:13 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
I tried to run the event viewer, but it won't run. this is a snip of what it says

Attached Thumbnails

  • Capture2.PNG

  • 0

Advertisements

#131
RKinner
Posted 17 October 2013 - 07:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You forgot to right click vew.exe and Run As Admin
  • 0

#132
gregahoffman
Posted 18 October 2013 - 05:09 AM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
ooops...I apologize system log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/10/2013 6:07:49 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2013 11:09:10 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/10/2013 5:21:48 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Validity Sensors (WBF) (PID=0018) (location Port_#0001.Hub_#0003) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 13/10/2013 5:21:48 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 13/10/2013 5:20:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2013 11:09:40 AM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8007cc6a10, 0xfffff80000b9c3d8, 0xfffffa8010cfb6c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101713-25428-01.

Log: 'System' Date/Time: 17/10/2013 11:09:28 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:01:59 PM on ?10/?16/?2013 was unexpected.

Log: 'System' Date/Time: 15/10/2013 2:08:08 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/10/2013 7:15:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/10/2013 7:15:33 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 13/10/2013 5:20:36 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80080a6a10, 0xfffff80000b9c3d8, 0xfffffa80103d7010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101313-27674-01.

Log: 'System' Date/Time: 13/10/2013 5:20:24 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:25:36 AM on ?10/?13/?2013 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/10/2013 11:06:58 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 18/10/2013 1:46:32 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 18/10/2013 12:32:06 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/10/2013 11:09:14 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 17/10/2013 3:03:07 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/10/2013 2:06:22 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name z-ecx.images-amazon.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/10/2013 12:56:18 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/10/2013 11:48:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/10/2013 11:11:10 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/10/2013 12:52:19 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/10/2013 10:58:08 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 15/10/2013 2:09:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 15/10/2013 2:09:11 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 15/10/2013 12:00:46 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/10/2013 11:24:04 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.mn.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/10/2013 11:21:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 13/10/2013 11:17:26 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/10/2013 11:17:26 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 13/10/2013 11:02:43 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\04a4745dff40.

Log: 'System' Date/Time: 13/10/2013 11:01:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

application log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/10/2013 6:09:00 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/10/2013 11:38:25 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 16/10/2013 1:31:40 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 14/10/2013 11:53:31 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 13/10/2013 1:19:50 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/10/2013 11:10:12 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2668 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000


Log: 'Application' Date/Time: 13/10/2013 11:01:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2760 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000


Log: 'Application' Date/Time: 13/10/2013 10:56:34 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\trust
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\trust
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Root
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Root
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Policies\Microsoft\SystemCertificates
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\My
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\My
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\CA
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\CA
Process 2864 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 13/10/2013 12:30:30 PM
Type: Warning Category: 0
Event: 0 Source: HP Client Services
The event description cannot be found.

Log: 'Application' Date/Time: 13/10/2013 12:30:29 PM
Type: Warning Category: 0
Event: 0 Source: HP Client Services
The event description cannot be found.

Log: 'Application' Date/Time: 13/10/2013 1:20:35 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2728 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
Process 14592 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • 0

#133
RKinner
Posted 18 October 2013 - 09:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Can you find the file, C:\Windows\MEMORY.DMP and attach it? The forum may not allow .dmp so you may need to rename it to memory.txt.

The bugcheck "0x0000009F"

This error occurs if drivers do not handle power state transition requests properly, usually during one of the following procedures:

Shutting down
Suspending or resuming from Standby mode
Suspending or resuming from hibernation





Right click on Command Prompt and run as Admin then type:

sigverif

Press on its Start button. Does it find anything it doesn't like?



We are still seeing the fingerprint driver causing errors too.

Also RealDownloader is causing problems so uninstall it if you can.

Kaspersky is still causing problems with the registry.
  • 0

#134
gregahoffman
Posted 18 October 2013 - 06:56 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
is this what i'm looking for?

Edited by gregahoffman, 18 October 2013 - 07:00 PM.

  • 0

#135
gregahoffman
Posted 18 October 2013 - 07:04 PM

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
I cannot upload the memory dump file
my files were all digitally signed, no problem there. got rid of real player and its extras

Edited by gregahoffman, 18 October 2013 - 07:09 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP