Hello, For about a week, when I turn on my computer, I get this Windows message: "You will be logged off. Windows encountered a critical problem and will automatically restart in one minute. Save your work now." Safe mode works. I managed to run an antivirus scan (1 virus removed) but nothing has changed. Sometimes I can also use the computer by restarting it ten times in a row and unplugging it, but that’s not a great solution... Thanks to everyone who can try to help me ;) - Lama Configuration: Windows 7, Dell XPS 17

/!\ ATTENTION FOLLOW THESE INSTRUCTIONS TO THE LETTER/!\ __________________________________________________________ >This software is to be used only as prescribed by a qualified helper trained in the tool.< >>>>>>>Do not use outside of this situation: dangerous!<<<<<<<< ===================================================== &#9654 Above all, when saving, change the name of Combofix to "whateveryouwant" before it is saved on your hard drive right-click on this link: Combofix =>save target as...=> on your desktop => whatever name you want Before using ComboFix: If you are using AVG, YOU MUST UNINSTALL IT before using Combofix as it can cause damage in interaction with the tool potentially leading to a complete system reinstallation. Simply disabling the resident version is not sufficient. Download the AVG uninstaller from this link: https://www.avg.com/fr-fr/avg-remover Choose the appropriate version (32 or 64 bits)/!\ CD emulation software like Daemon Tools can interfere with disinfection tools. Use Defogger to temporarily disable them: &#9654 Download Defogger (from jpshortstuff) to your Desktop &#9654 Run it A window appears: click on "Disable" &#9654 Restart the computer if the tool prompts you to do so Note: When we have finished disinfecting, you can reactivate these programs by relaunching Defogger and clicking on "Re-enable" _________________________________________________________ >> close the windows of all running programs. >> Temporarily disable only for the duration of using ComboFix, >> the real-time protection of your Antivirus and Anti-spyware, >> which can significantly interfere with the search and cleaning process of the tool. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° if you have XP => double click if you have Vista or Windows 7 => right click “run as....” on renamed combofix ¤¤¤¤¤¤¤¤¤¤ LET IT INSTALL THE RECOVERY CONSOLE IF IT ASKS YOU ¤¤¤¤¤¤¤¤¤¤ &#9654 !!!!!DO NOT TOUCH ANYTHING DURING COMBOFIX'S WORK (MOUSE/KEYBOARD.....)!!!!! &#9654 don't forget to reactivate your Antivirus and Anti-spyware protection before reconnecting to the internet. &#9654&#9654 Go back to the forum, and copy and paste the entire content of C:\Combofix.txt into your next message. &#9654&#9654&#9654 If, after your pc restarts by combofix, you have errors "Key marked for deletion" or internet connection issues, restart your computer again -- -- ¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

Close all windows and applications during installation and scanning. &#9654 Download here: Malwarebytes &#9654 Install it (make sure to choose "French"; do not change the installation settings) and update it. Restart Malwarebytes by strictly following these instructions: ! Disconnect and close all running applications! &#9654 Launch Malwarebytes. Perform a "Complete" scan. &#9654 Let the program work (and do not do anything else with the PC during the scan). &#9654 At the end, click on "Results." &#9654 Ensure that all infected items are selected, then click on "Remove." &#9654 Note: If your PC needs to be restarted to complete the cleanup, do it! &#9654 Post the saved report after removing the infected items (in the "Reports/Logs" tab of Malwarebytes, the latest one) -- ¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

Windows restarts after one minute : CCM

Réponse 1 / 15

Anonymous user

Close all windows and applications during installation and scanning.

▶ Download here:

Malwarebytes

▶ Install it (make sure to choose "French"; do not change the installation settings) and update it.

Restart Malwarebytes by strictly following these instructions:

! Disconnect and close all running applications!

▶ Launch Malwarebytes.

Perform a "Complete" scan.

▶ Let the program work (and do not do anything else with the PC during the scan).
▶ At the end, click on "Results."
▶ Ensure that all infected items are selected, then click on "Remove."

▶ Note: If your PC needs to be restarted to complete the cleanup, do it!

▶ Post the saved report after removing the infected items (in the "Reports/Logs" tab of Malwarebytes, the latest one)

--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Apparently, 4 malware were successfully removed while McAfee detected nothing. Lockup was detected as malware apparently.
That said, my reboot problem is still present :/

2012/08/14 01:03:27 +0200 NOVELLA-PC Novella MESSAGE Starting protection
2012/08/14 01:03:28 +0200 NOVELLA-PC Novella MESSAGE Protection started successfully
2012/08/14 01:03:31 +0200 NOVELLA-PC Novella MESSAGE Starting IP protection
2012/08/14 01:03:32 +0200 NOVELLA-PC Novella MESSAGE IP Protection started successfully
2012/08/14 01:13:00 +0200 NOVELLA-PC Novella MESSAGE Starting protection
2012/08/14 01:13:02 +0200 NOVELLA-PC Novella MESSAGE Protection started successfully
2012/08/14 01:13:05 +0200 NOVELLA-PC Novella MESSAGE Starting IP protection
2012/08/14 01:13:05 +0200 NOVELLA-PC Novella MESSAGE IP Protection started successfully
2012/08/14 01:32:58 +0200 NOVELLA-PC Novella MESSAGE Starting protection
2012/08/14 01:33:00 +0200 NOVELLA-PC Novella MESSAGE Protection started successfully
2012/08/14 01:33:03 +0200 NOVELLA-PC Novella MESSAGE Starting IP protection
2012/08/14 01:33:04 +0200 NOVELLA-PC Novella MESSAGE IP Protection started successfully

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

"I sometimes manage to use the computer by restarting it ten times in a row and unplugging it, but that's not a terrible solution...

What I find curious is that the PC runs properly after a certain number of restarts. If this were an infection causing it, this situation couldn't occur.
I don't see why a pest would stop being active after X restarts.

We're back to a hardware problem.
But the cleaning was not useless."

Réponse 2 / 15

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

problem, it seems to be hardware...
You still have to remove each peripheral from the PC one by one...
except for the video card, memory sticks, keyboard, and mouse.

--
The chair / keyboard interface is the most difficult to configure.

lamasutra Posted messages 15 Status Membre

It's a laptop! And if it's a hardware issue, how can you explain that it works in safe mode or sometimes by persevering and restarting it multiple times?

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

Safe mode does not load any device drivers.
Therefore, some are not started or used..

lamasutra Posted messages 15 Status Membre

And how can I explain that by restarting it a dozen times, I sometimes manage to get it to work without any issues?

ssbroly Posted messages 825 Registration date Status Membre Last intervention 15

Hi, try this: in the Start menu search, type "msconfig" in the "Startup" tab, uncheck all your programs that start with Windows, and restart ;)

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

Electronic components have properties that change with heat.
The most logical explanation:

The solder has poor contacts; heating the components makes the tin expand, which restores the contact, so after a certain point, it may work correctly again.

But it could also be something else... but with the same phenomenon due to heat.

A return to the service department might be more relevant.
Otherwise, in safe mode...

You need to go to the event viewer...

More details here:

https://www.pcastuces.com/pratique/windows/observateur_evenements/page1.htm

With this, we can possibly find the faulty hardware.

Réponse 3 / 15

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

see in Windows logs and enlarge the window...

--
The chair/keybord interface is the most difficult to configure.

Réponse 4 / 15

Anonymous user

I'm sorry, I can't assist with that.

lamasutra Posted messages 15 Status Membre

Sorry for the delay, I was in the countryside :)
I don't think pre_scan has done anything to my PC but after a few tries, I was able to get the file; https://pjjoint.malekal.com/files.php?id=20120812_x8k10h6m7t13

Is it serious, doctor? :)

Réponse 5 / 15

Anonymous user

I don't feel like pre_scan did anything to my PC

didn't understand..
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

"I've done good"
There are a lot of red lights that started flashing and error messages that popped up... Well, now it looks like it's doing a bit better, I don't have any more exclamation signs popping up everywhere.

Réponse 6 / 15

Anonymous user

and error messages that appeared.

be as specific as possible, I’m not going to pull teeth....
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Hmmm I can't remember exactly to be honest, I was planning to note them down if it didn't go away but after restarting the pre_scan several times and the computer, I haven't had any particular error messages anymore :/

lamasutra

However, my original problem is still there.

Réponse 7 / 15

Anonymous user

Uninstall your antivirus, it's because of it that your PC keeps restarting.
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

I already uninstalled McAfee before running the pre_scan, as you asked me to, and yet my PC keeps restarting in a loop!

Réponse 8 / 15

Anonymous user

/!\ ATTENTION FOLLOW THESE INSTRUCTIONS TO THE LETTER/!\

__________________________________________________________
>This software is to be used only as prescribed by a qualified helper trained in the tool.<
>>>>>>>Do not use outside of this situation: dangerous!<<<<<<<<
=====================================================

▶ Above all, when saving, change the name of Combofix to "whateveryouwant" before it is saved on your hard drive

right-click on this link: Combofix =>save target as...=> on your desktop => whatever name you want

Before using ComboFix:

If you are using AVG, YOU MUST UNINSTALL IT before using Combofix as it can cause damage in interaction with the tool potentially leading to a complete system reinstallation.
Simply disabling the resident version is not sufficient.
Download the AVG uninstaller from this link: https://www.avg.com/fr-fr/avg-remover
Choose the appropriate version (32 or 64 bits)/!\

CD emulation software like Daemon Tools can interfere with disinfection tools. Use Defogger to temporarily disable them:

▶ Download Defogger (from jpshortstuff) to your Desktop

▶ Run it

A window appears: click on "Disable"

▶ Restart the computer if the tool prompts you to do so

Note: When we have finished disinfecting, you can reactivate these programs by relaunching Defogger and clicking on "Re-enable"

_________________________________________________________
>> close the windows of all running programs.
>> Temporarily disable only for the duration of using ComboFix,
>> the real-time protection of your Antivirus and Anti-spyware,
>> which can significantly interfere with the search and cleaning process of the tool.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

if you have XP => double click
if you have Vista or Windows 7 => right click “run as....”

on renamed combofix

¤¤¤¤¤¤¤¤¤¤ LET IT INSTALL THE RECOVERY CONSOLE IF IT ASKS YOU ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!DO NOT TOUCH ANYTHING DURING COMBOFIX'S WORK (MOUSE/KEYBOARD.....)!!!!!

▶ don't forget to reactivate your Antivirus and Anti-spyware protection before reconnecting to the internet.

▶▶ Go back to the forum, and copy and paste the entire content of C:\Combofix.txt into your next message.

▶▶▶ If, after your pc restarts by combofix, you have errors "Key marked for deletion" or internet connection issues, restart your computer again

--

--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Know that I really appreciate your efforts to help me! :)
I'm a bit lost otherwise, should I reinstall McAfee or is it part of the problem?

ComboFix 12-08-10.02 - Novella 13/08/2012 1:29.1.8 - x64
Microsoft Windows 7 Home Premium Edition 6.1.7601.1.1252.33.1036.18.3990.2732 [GMT 2:00]
Launched from: c:\users\Novella\Desktop\cequejeveux.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Additional deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\6928cebe-dc61-4564-a488-e19724a8de68.dll
c:\programdata\PCDr\5907\Downloads\adb45b82-004f-4eed-bd54-d60d7eda1ff5.dll
c:\programdata\PCDr\5907\Downloads\e86f11dd-8b83-43cc-899e-f935ce0a1ea0.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\programdata\Roaming
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
F:\Autorun.inf
.
.
((((((((((((((((((((((((((((( Files created from 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-12 18:41 . 2012-08-12 19:40 -------- d-----w- C:\Pre_Scan
2012-08-12 11:16 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E43DC8C4-A6EC-40EA-8738-895FF6FF1D3F}\mpengine.dll
2012-08-04 13:42 . 2012-08-04 13:42 -------- d-----w- c:\users\Novella\AppData\Roaming\McAfee
2012-08-01 09:30 . 2012-08-01 09:30 -------- d-----w- c:\program files (x86)\MSECache
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\users\Novella\Access Manager
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-----w- c:\users\Novella\AppData\Local\Adobe
2012-07-16 12:50 . 2012-07-16 12:51 -------- d-----w- c:\program files (x86)\Botanicula
.
.
.
(((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 11:48 . 2012-04-20 15:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:48 . 2011-11-21 16:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 09:46 . 2012-06-12 11:40 710619 ----a-w- c:\windows\unins000.exe
2012-07-11 14:17 . 2011-12-02 15:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 14:38 . 2012-06-18 14:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-12 11:40 . 2012-06-12 11:40 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-06-12 03:08 . 2012-07-11 21:45 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 14:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 14:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 14:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 14:21 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 14:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 14:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 14:21 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 10:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 21:44 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 21:44 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 21:44 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 21:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 21:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 21:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 21:44 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 21:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 21:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 21:44 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 21:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 21:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 21:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 21:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 21:44 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 21:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 21:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 21:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 21:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 14:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 14:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 14:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 14:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 14:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 14:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 14:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 14:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 14:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 17:10 . 2012-02-21 17:10 485888 ----a-w- c:\program files (x86)\VisualBoyAdvance1.7.2.fix.exe
2004-05-25 18:47 . 2012-02-21 17:10 1757264 ----a-w- c:\program files (x86)\VisualBoyAdvance.exe
.
.
((((((((((((((((((((((((((((((((( Registry Load Points ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty items & initial legitimate items are not listed
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"NAF"="c:\program files (x86)\Parental Control\NetworkAdminFolder.exe" [2012-05-28 359761]
"Aquarius Soft PC Lockup"="c:\program files (x86)\PC Lockup\start.exe" [2008-04-03 402184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HomeGuard AMC;HomeGuard AMC;c:\program files (x86)\safeguard\HomeGuard_x64\vglset.exe [2012-06-19 1156096]
R2 PTWsvc;PCTimeWatch;c:\program files (x86)\PC TimeWatch\PTWsvc.exe [2012-03-06 950272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 PTWDrv;PTW - Process monitoring driver;c:\program files (x86)\PC TimeWatch\PTWatch64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-18 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2011-10-15 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 aslunts;aslunts;c:\program files (x86)\PC Lockup\svchost.exe [2008-04-03 328456]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0

Réponse 9 / 15

Anonymous user

Does this software ring a bell for you?

PC Lockup
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Yes, it's a parental control. I had installed 3-4 a few months ago without uninstalling all of them because uninstalling a parental control is always such a hassle. Maybe they have conflicted? It's strange that it's only showing up this late, though.

Réponse 10 / 15

Anonymous user

no no I was just wondering I didn't know...

I'm preparing a script for you

edit::

__________________________________________________
=>/!\The following script has been specifically written for this computer/!\ <=
=>it is highly advised not to transfer it to another computer!<=
----------------------------------------------------------------------------

Always with all protections disabled, do this:

▶ Open Notepad (Start menu --> programs --> accessories --> notepad)
▶ Copy/paste into Notepad what is between the lines below (excluding the lines):

----------------------------------------------------------
KillAll::

ClearJavaCache::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=-
"QuickTime Task"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

------------------------------------------------------------------

▶ Save this file on your Desktop (and not elsewhere!) under the name CFScript.txt
▶ Exit Notepad

▶ Drag and drop this CFScript file onto the ComboFix file like in this: illustration

▶ Wait for the scan to finish. The Desktop will disappear several times: this is normal! Do not touch anything until the scan is complete.
▶ Once the scan is complete, a report will appear: post its contents.
▶ If the file does not open, it is located here => C:\ComboFix.txt

¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Here is the file that was displayed, I won't hide from you that I understand it even less than in Latin class:

ComboFix 12-08-10.02 - Novella 13/08/2012 21:35:16.2.8 - x64
Microsoft Windows 7 Home Premium Edition 6.1.7601.1.1252.33.1036.18.3990.2184 [GMT 2:00]
Launched from: c:\users\Novella\Desktop\cequejeveux.exe
Switches used: c:\users\Novella\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* A new restore point has been created
.
.
(((((((((((((((((((((((((((((((((((( Other removals ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
.
((((((((((((((((((((((((((((( Files created from 2012-07-13 to 2012-08-13 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-13 19:41 . 2012-08-13 19:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-13 19:41 . 2012-08-13 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 23:27 . 2012-08-12 23:45 -------- d-----w- C:\cequejeveux
2012-08-12 18:41 . 2012-08-12 19:40 -------- d-----w- C:\Pre_Scan
2012-08-12 11:16 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E43DC8C4-A6EC-40EA-8738-895FF6FF1D3F}\mpengine.dll
2012-08-04 13:42 . 2012-08-04 13:42 -------- d-----w- c:\users\Novella\AppData\Roaming\McAfee
2012-08-01 09:30 . 2012-08-01 09:30 -------- d-----w- c:\program files (x86)\MSECache
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\users\Novella\Access Manager
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-----w- c:\users\Novella\AppData\Local\Adobe
2012-07-16 12:50 . 2012-07-16 12:51 -------- d-----w- c:\program files (x86)\Botanicula
.
.
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 11:48 . 2012-04-20 15:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 11:48 . 2011-11-21 16:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 09:46 . 2012-06-12 11:40 710619 ----a-w- c:\windows\unins000.exe
2012-07-11 14:17 . 2011-12-02 15:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 14:38 . 2012-06-18 14:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-12 11:40 . 2012-06-12 11:40 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-06-12 03:08 . 2012-07-11 21:45 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 14:28 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 14:28 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 14:28 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 14:21 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 14:28 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 14:28 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 14:21 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 10:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 10:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 10:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 10:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 10:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 21:44 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 21:44 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 21:44 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 21:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 21:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 21:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 21:44 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 21:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 21:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 21:44 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 21:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 21:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 21:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 21:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 21:44 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 21:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 21:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 21:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 21:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 14:28 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 14:28 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 14:28 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 14:28 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 14:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 14:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 14:28 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 14:28 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 14:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 17:10 . 2012-02-21 17:10 485888 ----a-w- c:\program files (x86)\VisualBoyAdvance1.7.2.fix.exe
2004-05-25 18:47 . 2012-02-21 17:10 1757264 ----a-w- c:\program files (x86)\VisualBoyAdvance.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-12_23.39.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-13 19:42 . 2012-08-13 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-12 23:39 . 2012-08-12 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 19:42 . 2012-08-13 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-12 23:39 . 2012-08-12 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-20 22:31 . 2012-08-13 18:59 210224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-13 19:42 261088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-12 23:38 261088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-30 17:06 . 2012-08-13 19:42 8727045 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-542641173-924427738-1030661178-1001-12288.dat
.
((((((((((((((((((((((((((((((((( Registry Load Points ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* Empty items & legitimate initial items are not listed
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Novella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NAF"="c:\program files (x86)\Controle_parental\NetworkAdminFolder.exe" [2012-05-28 359761]
"Aquarius Soft PC Lockup"="c:\program files (x86)\PC Lockup\start.exe" [2008-04-03 402184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"PreventItemCreationInUsersFilesFolder"= 0 (0x0)
"NoReadingPane"= 0 (0x0)
"NoPreviewPane"= 0 (0x0)
"DontSetAutoplayCheckbox"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"DisableThumbnails"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"AlwaysShowClassicMenu"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"TaskbarLockAll"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"RestrictWelcomeCenter"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoInplaceSharing"= 0 (0x0)
"UseFoldersInStartMenu"= 0 (0x0)
"TurnOffSPIAnimations"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HomeGuard AMC;HomeGuard AMC;c:\program files (x86)\safeguard\HomeGuard_x64\vglset.exe [2012-06-19 1156096]
R2 PTWsvc;PCTimeWatch;c:\program files (x86)\PC TimeWatch\PTWsvc.exe [2012-03-06 950272]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 PTWDrv;PTW - Process monitoring driver;c:\program files (x86)\PC TimeWatch\PTWatch64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology

Réponse 11 / 15

Anonymous user

it's not the right report
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

Réponse 12 / 15

lamasutra Posted messages 15 Status Membre

However, it is the only one dated 14/08/2012; the other two are dated 13 August. I'm copying and pasting them here just in case (I have the impression that the second one is identical to the third):

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Novella :: NOVELLA-PC [administrator]

Protection: Enabled

13/08/2012 23:17:47
mbam-log-2012-08-13 (23-17-47).txt

Scan type: Full scan (C:\|D:\|E:\|)
Enabled scan options: Memory | Startup | Registry | File system | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Disabled scan options: P2P
Element(s) scanned: 480091
Elapsed time: 1 hour(s), 27 minute(s), 31 second(s)

Detected memory processes: 1
C:\Program Files (x86)\PC Lockup\svchost.exe (Trojan.Dropper) -> 1220 -> Deleted on reboot.

Detected memory modules: 0
(No malicious items detected)

Detected Registry key(s): 1
HKLM\SYSTEM\CurrentControlSet\Services\aslunts (Trojan.Dropper) -> Quarantined and successfully deleted.

Detected Registry value(s): 0
(No malicious items detected)

Detected Registry data item(s): 0
(No malicious items detected)

Detected folder(s): 0
(No malicious items detected)

Detected file(s): 2
C:\Program Files (x86)\PC Lockup\svchost.exe (Trojan.Dropper) -> Deleted on reboot.
C:\Users\Novella\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and successfully deleted.

(end)

______________________________________________________

2012/08/13 23:16:38 +0200 NOVELLA-PC Novella MESSAGE Executing scheduled update: Daily
2012/08/13 23:16:38 +0200 NOVELLA-PC Novella MESSAGE Starting protection
2012/08/13 23:16:40 +0200 NOVELLA-PC Novella MESSAGE Protection started successfully
2012/08/13 23:16:43 +0200 NOVELLA-PC Novella MESSAGE Starting IP protection
2012/08/13 23:16:44 +0200 NOVELLA-PC Novella MESSAGE IP Protection started successfully
2012/08/13 23:16:58 +0200 NOVELLA-PC Novella MESSAGE Starting database refresh
2012/08/13 23:16:58 +0200 NOVELLA-PC Novella MESSAGE Scheduled update executed successfully: database updated from version v2012.07.03.05 to version v2012.08.13.06
2012/08/13 23:16:58 +0200 NOVELLA-PC Novella MESSAGE Stopping IP protection
2012/08/13 23:17:51 +0200 NOVELLA-PC Novella MESSAGE IP Protection stopped
2012/08/13 23:17:52 +0200 NOVELLA-PC Novella MESSAGE Database refreshed successfully
2012/08/13 23:17:52 +0200 NOVELLA-PC Novella MESSAGE Starting IP protection
2012/08/13 23:17:53 +0200 NOVELLA-PC Novella MESSAGE IP Protection started successfully

Réponse 13 / 15

Anonymous user

run Malwarebytes again please
--
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

lamasutra Posted messages 15 Status Membre

Well then, my computer crashed when I tried to open Chrome, so I only have old reports like the ones above.
However, what is certain: 0 pests detected :/
So I guess it only leaves the hardware or OS issue?

Réponse 14 / 15

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

go to the safe mode event viewer.

in the left panel click on:
windows logs

then click on "system"
there are two panels, the first one at the top shows the list of events
the second one at the bottom shows the details of the event
search for all events with a black cross on a red round background .. that are closest to the dates and times of the failures.
the bottom panel may eventually give us an error code or even the name of a file or a device.

and there we may possibly fix the problem or confirm the diagnosis.

it is possible to export these reports.

by right-clicking on them we can save them.
individually or by selecting several.
give a name and then possibly send them to us via a file sharing site.

do not take all of them, but only the critical errors from the last 20 startup attempts.

--
the keyboard / chair interface is the most difficult to configure.

Réponse 15 / 15

rafit jad kuldinger Posted messages 9193 Status Membre 1 155

Here, no news?
Has the PC died permanently?

--
The chair/keyboard interface is the most difficult to configure.

Windows restarts after one minute

15 réponses

Texture issues in enshrouded

Driver his

Peritel to hdmi conversion

How to access the bios on a compaq notebook

Dsi won't turn on anymore

Search for a song with the lyrics

Left mouse click, touchpad click inactive

Codes stronghold crusader

Stuck computer system repair

Disable write protection mp3 player