Solved Heuristics.reserved.word.exploit

[TrunkMonkey]

Ok, it directed me to scan this way, with an additional download. Running now...

 

[TrunkMonkey]

Different UI than what you had intended, here is the only .txt file in the Panda program folder. It had me clean off 2 reg entries which it didn't like. I should have copy pasted the jumble of characters which were their file names or directories. I have a current registry back up from yesterday which I'm attaching in case that helps. Sorry.


Analyze.txt
0;C:\Users\Justin Sidwell\Videos
0;C:\Users\Justin Sidwell\Templates
0;C:\Users\Justin Sidwell\Start Menu
0;C:\Users\Justin Sidwell\SendTo
0;C:\Users\Justin Sidwell\Searches
0;C:\Users\Justin Sidwell\Saved Games
0;C:\Users\Justin Sidwell\Recent
0;C:\Users\Justin Sidwell\PrintHood
0;C:\Users\Justin Sidwell\Pictures
0;C:\Users\Justin Sidwell\NetHood
0;C:\Users\Justin Sidwell\My Documents
0;C:\Users\Justin Sidwell\Music
0;C:\Users\Justin Sidwell\Local Settings
0;C:\Users\Justin Sidwell\Links
0;C:\Users\Justin Sidwell\Favorites
0;C:\Users\Justin Sidwell\Downloads
0;C:\Users\Justin Sidwell\Documents
0;C:\Users\Justin Sidwell\Desktop
0;C:\Users\Justin Sidwell\Cookies
0;C:\Users\Justin Sidwell\Contacts
0;C:\Users\Justin Sidwell\Application Data
0;C:\Users\Justin Sidwell\AppData
0;C:\Users\Justin Sidwell\04A55A344DC549198B88FFA6CC7D6D20.TMP
0;C:\Users\Justin Sidwell
0;C:\Users\Justin Sidwell\AppData\Roaming\vlc
0;C:\Users\Justin Sidwell\AppData\Roaming\Mozilla
0;C:\Users\Justin Sidwell\AppData\Roaming\Microsoft
0;C:\Users\Justin Sidwell\AppData\Roaming\Media Center Programs
0;C:\Users\Justin Sidwell\AppData\Roaming\Malwarebytes
0;C:\Users\Justin Sidwell\AppData\Roaming\Macromedia
0;C:\Users\Justin Sidwell\AppData\Roaming\Identities
0;C:\Users\Justin Sidwell\AppData\Roaming\ATI
0;C:\Users\Justin Sidwell\AppData\Roaming\Adobe
0;C:\Users\Justin Sidwell\AppData\Roaming
0;C:\ProgramData\Templates
0;C:\ProgramData\Start Menu
0;C:\ProgramData\Mozilla
0;C:\ProgramData\Microsoft
0;C:\ProgramData\Malwarebytes
0;C:\ProgramData\Favorites
0;C:\ProgramData\Documents
0;C:\ProgramData\Desktop
0;C:\ProgramData\ATI
0;C:\ProgramData\Application Data
0;C:\ProgramData\AMD
0;C:\ProgramData\Adobe
0;C:\ProgramData
0;C:\Users\Justin Sidwell\AppData\Local\VirtualStore
0;C:\Users\Justin Sidwell\AppData\Local\Temporary Internet Files
0;C:\Users\Justin Sidwell\AppData\Local\Temp
0;C:\Users\Justin Sidwell\AppData\Local\Programs
0;C:\Users\Justin Sidwell\AppData\Local\Mozilla
0;C:\Users\Justin Sidwell\AppData\Local\Microsoft
0;C:\Users\Justin Sidwell\AppData\Local\Macromedia
0;C:\Users\Justin Sidwell\AppData\Local\History
0;C:\Users\Justin Sidwell\AppData\Local\Google
0;C:\Users\Justin Sidwell\AppData\Local\ElevatedDiagnostics
0;C:\Users\Justin Sidwell\AppData\Local\Downloaded Installations
0;C:\Users\Justin Sidwell\AppData\Local\Diagnostics
0;C:\Users\Justin Sidwell\AppData\Local\Deployment
0;C:\Users\Justin Sidwell\AppData\Local\ATI
0;C:\Users\Justin Sidwell\AppData\Local\Apps
0;C:\Users\Justin Sidwell\AppData\Local\Application Data
0;C:\Users\Justin Sidwell\AppData\Local\AMD
0;C:\Users\Justin Sidwell\AppData\Local
0;C:\Program Files (x86)\Windows Sidebar
0;C:\Program Files (x86)\Windows Portable Devices
0;C:\Program Files (x86)\Windows Photo Viewer
0;C:\Program Files (x86)\Windows NT
0;C:\Program Files (x86)\Windows Media Player
0;C:\Program Files (x86)\Windows Mail
0;C:\Program Files (x86)\Windows Defender
0;C:\Program Files (x86)\VIA
0;C:\Program Files (x86)\Uninstall Information
0;C:\Program Files (x86)\Reference Assemblies
0;C:\Program Files (x86)\Radeon RAMDisk
0;C:\Program Files (x86)\Panda Security
0;C:\Program Files (x86)\MSBuild
0;C:\Program Files (x86)\Mozilla Maintenance Service
0;C:\Program Files (x86)\Mozilla Firefox
0;C:\Program Files (x86)\Microsoft.NET
0;C:\Program Files (x86)\Microsoft Silverlight
0;C:\Program Files (x86)\Microsoft Security Client
0;C:\Program Files (x86)\Malwarebytes' Anti-Malware
0;C:\Program Files (x86)\Internet Explorer
0;C:\Program Files (x86)\InstallShield Installation Information
0;C:\Program Files (x86)\Google
0;C:\Program Files (x86)\FileASSASSIN
0;C:\Program Files (x86)\Common Files
0;C:\Program Files (x86)\ATI Technologies
0;C:\Program Files (x86)\AMD AVT
0;C:\Program Files (x86)
0;C:\Windows\system32\drivers
0;C:\Windows\system32
0;C:\Windows
1;C:\Windows\Temp

 

[TrunkMonkey]

Here is reg export for right now so you can compare.

 

[TrunkMonkey]

I'm_getting_this_everytime_iStart_gmail.Probably_nothing.Space_bar_is_dead.but_thats_notunusal_for_this_keyboard.

 

[Jay Pfoutz]

So far, it's clean...Next:

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

 

[TrunkMonkey]

Running now. The image you posted has Trace disk IO calls checked. I will uncheck as stated.

 

[TrunkMonkey]

Here ya go. Hey, 1 just tried to start Windows Backup for the first time and it won't run. GIves this error popup with a red X. Right after clicking ok on the error box, it reappears a second time, then disappears after


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-19 15:01:57
-----------------------------
15:01:57.809 OS Version: Windows x64 6.1.7601 Service Pack 1
15:01:57.810 Number of processors: 6 586 0xA00
15:01:57.810 ComputerName: TOWEROFPOWER10 UserName: Justin Sidwell
15:01:59.094 Initialize success
15:03:31.363 AVAST engine defs: 13011900
15:06:25.624 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000058
15:06:25.626 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 11
15:06:25.629 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000005a
15:06:25.631 Disk 1 Vendor: ST2000DM CC24 Size: 1907729MB BusType: 11
15:06:25.640 Disk 1 MBR read successfully
15:06:25.643 Disk 1 MBR scan
15:06:25.647 Disk 1 Windows 7 default MBR code
15:06:25.651 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:06:25.684 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
15:06:25.737 Disk 1 scanning C:\Windows\system32\drivers
15:06:32.932 Service scanning
15:06:48.424 Modules scanning
15:06:49.831 AVAST engine scan C:\Windows
15:06:52.581 AVAST engine scan C:\Windows\system32
15:09:22.413 AVAST engine scan C:\Windows\system32\drivers
15:09:30.622 AVAST engine scan C:\Users\Justin Sidwell
15:14:29.342 AVAST engine scan C:\ProgramData
15:14:54.722 Scan finished successfully
15:15:54.582 Disk 1 MBR has been saved successfully to "C:\Users\Justin Sidwell\Desktop\MBR.dat"
15:15:54.632 The log file has been saved successfully to "C:\Users\Justin Sidwell\Desktop\aswMBR.txt"

 

[TrunkMonkey]

Now I'm getting redirect warnings from Firefox. It's flagging them and I'm not allowing, obviously.

 

[Jay Pfoutz]

Did you wipe the hard drive clean (and/or boot-n-nuke) before reinstalling the OS?

 

[TrunkMonkey]

It was factory fresh Seagate. However...

If you recall the old C: was put back in to transfer files. My impression was that as long as I didn't boot from this drive,there will be no issues with confusing windows having 2 boot able drives. Today researching the back up problem, I came a Ross this at sevenforums :
www.sevenforums.com/backup-restore/61840-backup-error-server-execution-failed-0x80080005-5.html

This may be the major issue here with random weirdness and possibly reinfection ? You tell me what your thoughts are on that.
So now I'm in process of shrinking current primary boot volume (new C, creating new basic volume with that space, assigning G: letter, formatting and moving all the 600gb of media from old C: there. Then I can do a full reformat of old C:, and feel better about the world. Could system reserved on old C: explain the reinfection? Oh lord pls say yes Edit : I scanned all files being moved with MB.

 

[Jay Pfoutz]

I would think it indeed has a chance of moving over files from the backup drive and executing them. A new start over is in order, unfortunately.

 

[TrunkMonkey]

Okay then, after I get everything off of the old drive and scan and move anything on the new drive I want to keep, over to the new partition, I will reinstall windows on the current primary boot partition on the new drive and format it beforehand. Sound good?honestly I feel much worse for you having to start again for the third time. Thank you so much for all your work and I think we will have a real fresh start this time.

 

[TrunkMonkey]

Back in business with 2 fresh drives and clean windows install.

 

[Jay Pfoutz]

Let me know if things work out...

 

[TrunkMonkey]

Will do. I'm running a free trial of Bit defender along with MB.

 

[TrunkMonkey]

That didn't go well. I disconnected the network first thing so I could install some drivers I had saved on the newly formatted backup drive. By the time I was ready to enable the network to run windows update, I had lost access to that and windows update. And the browser was getting hammered by port attacks. Booted into windows DVD and restored back to a seemingly good point very early on and windows is happily in update land, just now restarting after 133 updates were installed. Is there any way to secure my router to block stuff? it was amazing how quickly they found me and ruined my day.I will report back after all of the pending Windows updates are finished or my computer has a meltdown whichever comes first.

 

[Jay Pfoutz]

[LEFT]Did you reset your router? What authentication level are you on? (What security level...is there a password or key?)[/LEFT]

 

[TrunkMonkey]

Wpa2 psk with passphrase. No haven't reset. You mean stick the pin in the tiny hole reset? Can I restore settings if I back them up? I have several static IP addresses. I've messed around in the menu and could have changed something I shouldn't have. It's netgear wgr614v10.

Service pack 1 just installed and is rebooting

 

[TrunkMonkey]

Fr5 Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.21.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SuperUser :: TOWEROFPOWER10 [administrator]
Protection: Enabled
1/21/2013 4:23:37 PM
mbam-log-2013-01-21 (16-23-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 202742
Time elapsed: 1 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[TrunkMonkey]

Reset router with the pin. Double checked that all security items I'm aware of were turned on. PC is running pretty good and security software is running and up to date. I see csrss.exe, winlogon.exe, and atieclxx.exe are all 3 running in task manager as before and without username or description.

MB Full Scan:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SuperUser :: TOWEROFPOWER10 [administrator]

Protection: Enabled

1/22/2013 4:49:07 AM
mbam-log-2013-01-22 (04-49-07).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 361450
Time elapsed: 20 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

FSS

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:25:12
Running from "C:\Users\SuperUser\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:30:21
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*csrss.exe*" =========

C:\Windows\System32\csrss.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\System32\en-US\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:30] - 0002048 ____A (Microsoft Corporation) 4E93457645E5B70920ABFB8565DBA004

C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:09] - 0002048 ____A (Microsoft Corporation) EA2C607C908AEB268FB76FE278085443

C:\Windows\winsxs\Backup\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss.exe_06529458
[2009-07-13 20:59] - [2009-07-13 20:56] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72

C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:30] - 0002048 ____A (Microsoft Corporation) 4E93457645E5B70920ABFB8565DBA004

C:\Windows\SysWOW64\en-US\csrss.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:09] - 0002048 ____A (Microsoft Corporation) EA2C607C908AEB268FB76FE278085443

====== End Of Search ======

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:33:24
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*winlogon.exe*" =========

C:\Windows\System32\winlogon.exe
[2013-01-21 15:09] - [2010-11-20 07:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\en-US\winlogon.exe.mui
[2013-01-21 15:09] - [2010-11-20 07:00] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b_winlogon.exe.mui_3280fc46
[2013-01-21 15:38] - [2013-01-21 15:36] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe_ac37d0c5
[2013-01-21 15:38] - [2013-01-21 15:36] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013-01-21 15:09] - [2010-11-20 07:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013-01-21 13:52] - [2009-10-28 01:01] - 0389632 ____A (Microsoft Corporation) A93D41A4D4B0D91C072D11DD8AF266DE

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2013-01-21 13:52] - [2009-10-28 00:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-07-13 17:52] - [2009-07-13 19:39] - 0389120 ____A (Microsoft Corporation) 132328DF455B0028F13BF0ABEE51A63A

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2013-01-21 15:09] - [2010-11-20 07:00] - 0023040 ____A (Microsoft Corporation) 34C7D2E30868EDAFB191341D963ABA5F

C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
[2009-07-13 23:35] - [2009-07-13 20:29] - 0022528 ____A (Microsoft Corporation) 56D03B64B8C483C1D12A8E4577B3B332

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2013-01-21 16:05] - [2012-12-14 16:49] - 0216424 ____A () 22101A85B3CA2FE2BE05FE9A61A7A83D

====== End Of Search ======

Farbar Service Scanner Version: 16-01-2013
Ran by SuperUser (administrator) on 22-01-2013 at 05:36:20
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "*atieclxx.exe*" =========

C:\Windows\System32\atieclxx.exe
[2012-12-19 13:56] - [2012-12-19 13:56] - 0550912 ____A (AMD) 0620FE89F70FC0895DC312EEBAA62B06

C:\Windows\System32\DriverStore\FileRepository\c7151592.inf_amd64_neutral_073058ea1b23e425\B151068\atieclxx.exe
[2012-12-19 13:56] - [2012-12-19 13:56] - 0550912 ____A (AMD) 0620FE89F70FC0895DC312EEBAA62B06

C:\Windows\System32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atieclxx.exe
[2011-04-20 02:04] - [2011-04-20 02:04] - 0480256 ____A (AMD) 4EFC5F29CA5CF912C09BD5586468A945

====== End Of Search ======

I ran TSS this morning just before restoring system (after fresh win7 install, when things went badly)

*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:46
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(309)Entering RCMSysPrepRestore
sysprep.cpp(314)ERROR: ResetTSPublicPrivateKeys() FAILED: 2
sysprep.cpp(316)Leaving RCMSysPrepRestore
logmsg.cpp(38)********Terminating Log.


*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:46
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(283)Entering LSMSysPrepRestore
sysprep.cpp(511)WARNING: RestoreTSCustomSercurity - NameSIDList.LoadAndDelete FAILED.
sysprep.cpp(512)If no Names/SIDs were saved during LSMSysPrepBackup, this is NOT an error. Otherwise, it IS an error, saved names and SIDs were NOT restored.
sysprep.cpp(513)Please verify that no Names/SIDs were saved during backup
sysprep.cpp(288)WARNING: RestoreTSCustomSercurity() FAILED: 2. To see if this is an error, please see message(s) above.
sysprep.cpp(291)Leaving LSMSysPrepRestore
logmsg.cpp(38)********Terminating Log.


*******Initializing Message Log:TSSysprep.dll 01/21/13 10:52:47
*******Version:Major=6, Minor=1, Build=7600, PlatForm=2, CSDVer=, Free

sysprep.cpp(330)Entering RdpSysPrepRestore
sysprep.cpp(358)Leaving RdpSysPrepRestore
logmsg.cpp(38)********Terminating Log.


********************************

Microsoft Signature Verification

Log file generated on 1/22/2013 at 5:45 AM
OS Platform: Windows (x64), Version: 6.1, Build: 7601, CSDVersion: Service Pack 1
Scan Results: Total Files: 215, Signed: 215, Unsigned: 0, Not Scanned: 0

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\ati technologies\ati.ace\fuel\amd64]
aoddriver2.sys 4/9/2012 None Signed N/A
[c:\program files\via\viaaud]
viaaud.exe 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
atiogl.xml 11/15/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
amdpcom64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiadlxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.blb 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atibtmon.exe 5/11/2009 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalcl64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticaldd64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalrt64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticfx64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidemgy.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidxx64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiedu64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atig6pxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atig6txx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiglpxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiicdxx.dat 11/29/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimpc64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimuixx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atio6axx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiodcli.exe 6/22/2009 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiode.exe 8/27/2010 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atipblag.dat 9/12/2011 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atitmm64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiu9p64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd6a.cap 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumd6a.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiuxp64.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativce02.dat 9/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvaxy_cik.dat 9/4/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvaxy_cik_nd.dat 9/4/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsva.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsvl.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
clfs.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
coinst_9.012.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
dts2apo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
dts2proppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eea64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eea64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eed64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eed64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eeg64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eeg64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eel64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eel64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eep64a.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
eep64h.dll 12/15/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudioapo30.dll 7/15/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudioaposhell64. 9/5/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
maxxaudiovia64.dll 9/24/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
nqapo.dll 6/8/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
nqproppageext.dll 6/28/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
proppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
rtnicprop.dll 12/3/2009 2:6.1 Signed g311n6.cat Microsoft Windows Hardware Compatibility Publisher
storprop.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
streamci.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
sysfxui.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
viakaraokeapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viakaraokeproppageex 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viakaraokesrv.exe 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viamicarrayapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viamicarrayproppagee 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viaproppageext.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viasysfx.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmapo64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmppcn64.dll 10/26/2010 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmppld64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmthx64.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmwrp64.dll 10/26/2010 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vtsrdapo.dll 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
wavesguilib64.dll 9/24/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
[c:\windows\system32\drivers]
acpi.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
afd.sys 12/27/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2645Microsoft Windows
agilevpn.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
amd_sata.sys 4/10/2012 2:6.1 Signed amd_sata.cat Microsoft Windows Hardware Compatibility Publisher
amd_xata.sys 4/10/2012 2:6.1 Signed amd_sata.cat Microsoft Windows Hardware Compatibility Publisher
amdppm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
asacpi.sys 1/21/2013 2:5.00 Signed asacpi.cat Microsoft Windows Hardware Compatibility Publisher
asyncmac.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
atapi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ataport.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ati2erec.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atihdw76.sys 11/6/2012 2:6.1 Signed atihdw76.cat Microsoft Windows Hardware Compatibility Publisher
atikmdag.sys 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atikmpag.sys 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
blbdrive.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cdrom.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cng.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
compositebus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
csc.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-OfMicrosoft Windows
discache.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
disk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
drmk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
drmkaud.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
dxgkrnl.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
fvevol.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows
g311n6.sys 5/5/2010 2:6.1 Signed g311n6.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hidclass.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidparse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidusb.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
http.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
hwpolicy.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
i8042prt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdhid.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
ksecdd.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
ksecpkg.sys 6/1/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2655Microsoft Windows
lltdio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
lycosa.sys 1/17/2008 2:6.0 Signed lyokbcat.cat Microsoft Windows Hardware Compatibility Publisher
monitor.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
mouclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mouhid.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mountmgr.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
mpsdrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
msahci.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-CoMicrosoft Windows
msisadrv.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mskssrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspclock.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspqm.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
mssmbios.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mstee.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndis.sys 8/22/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2719Microsoft Windows
ndistapi.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndiswan.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
netbt.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
nisdrvwfp.sys 8/30/2012 2:6.0,2:6.1 Signed NisDrvWFP.cat Microsoft Windows Hardware Compatibility Publisher
nsiproxy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
nusb3hub.sys 1/22/2010 2:5.1 Signed nusb3drv.cat Microsoft Windows Hardware Compatibility Publisher
nusb3xhc.sys 1/22/2010 2:5.1 Signed nusb3drv.cat Microsoft Windows Hardware Compatibility Publisher
pacer.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
pci.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciide.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciidex.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pcw.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
peauth.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
portcls.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rasl2tp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
raspppoe.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
raspptp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
rassstp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rdpcdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpencdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdprefmp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
rspndr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
sermouse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
swenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tcpip.sys 10/3/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_4_for_KB2750Microsoft Windows
tcpipreg.sys 10/3/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_4_for_KB2750Microsoft Windows
tdx.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
termdd.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tunnel.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
umbus.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbccgp.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbd.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbehci.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbhub.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbohci.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbport.sys 3/24/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
vdrvroot.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vga.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
viahduaa.sys 10/22/2012 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmbus.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-CoMicrosoft Windows
vmfilt64.sys 7/31/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmstorfl.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-GuMicrosoft Windows
volmgr.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
volmgrx.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
volsnap.sys 11/20/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
wanarp.sys 11/20/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
wdf01000.sys 7/25/2012 2:5.1,2:5.2,2:6.0,2:Signed Package_76_for_KB268Microsoft Windows
wfplwf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows
wmiacpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
[c:\windows\system32\srslabs\{176f4e15-8f7c-4833-aded-81fae8ccd186}]
slcshp64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slcsii64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slgeq64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slh36064.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slinit64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slmaxv64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slprop64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sltshd64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sluapo64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slvipp64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slviq64.dll 6/12/2009 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\syswow64]
amdpcom32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ati2edxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiadlxy.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiapfxx.blb 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalcl.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticaldd.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticalrt.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
aticfx32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atidxx32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atigktxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiglpxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atimpc32.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atioglxx.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atipblag.dat 9/12/2011 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiu9pag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.cap 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
atiuxpag.dll 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsva.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
ativvsvl.dat 12/19/2012 2:6.0 Signed c7151592.cat Microsoft Windows Hardware Compatibility Publisher
vmapo32.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
vmthx32.dll 9/27/2011 2:6.1 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\syswow64\drivers]
asio.sys 1/21/2013 None Signed N/A

 

[Jay Pfoutz]

All of that looks to be good! (y)How is the system running? Manageable? Redirects?

 

[TrunkMonkey]

Only bouts of paranoid delusions. The rapid fire browser status bar URLs haven't shown up and the machine is very responsive. I have been creating system images and backups like a mad man. A poorly placed usb receiver for wireless keyboard/mouse in living room gave me a good panic. Neither device simply cut out, instead imitated a slow agonizing death similar to a malware attack. after moving it off of the main power center it worked fine again.


What does the Google IP error mean in the above logs? That was there last time I ran it. And the three running processes (csrss.exe, etc, with blank username or description? Normal? Any final super duper scans I should do for that extra warm feeling of security?

PS. what do you use for malware and virus software? Bit defender seemed like a high quality program, however didn't get to use it long before the reinfection.

Thanks

 

[Jay Pfoutz]

Google, from time to time, does not allow people to ping them. Therefore, there is a ping error in the log. If you're not able to ping them, it means their server firewall blocked your request. It does this randomly, in which I haven't been able sometimes. Their rules in the firewall are too strict, and if they don't want to approve the ping, they won't. It's weird, tbh.

Those are normal for the blank username, it means that the hidden super administrator account in Windows is not unlocked. If you don't unlock the super hidden administrator, the system will be safe and prevent anything from taking root access so easily. It will give your system more control to manage itself.

I think with the scans above, you can get that super duper warm feeling. But, if you need to, you can run the Kaspersky Virus Removal Tool (find instructions earlier in this thread). That finds most serious issues.

I use avast! Internet Security, SpywareBlaster, and have a couple of scan-only tools (like MBAM).

For the paid/premium antivirus program I most recommend is Kaspersky Antivirus. It yields the highest results in antivirus testing groups, and is one of the most trusted. It's antivirus product is well worth its cost.

Otherwise, if you go free, Avira or Avast free would do really well. Coupled with Windows Firewall, you should be able to keep your head out of most traps. Just avoid dodgy links and torrents/P2P.

If you end up wanting to donate to me, then go with free stuff. I don't want you racking up a ton of cost. But, if you go with free, be much more careful browsing. It seems like you have enough sense to do that compared to a lot of others I see around here.

See this page for more info about malware and prevention.

 

[Jay Pfoutz]

Topic solved.