I think i have a virus.

Page 2 of 3 FirstFirst 123 LastLast

  1. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #11

    Antivirus Version Last Update Result AhnLab-V32011.04.20.002011.04.19-AntiVir7.11.6.1872011.04.19-Antiy-AVL2.0.3.72011.04.19-Avast4.8.1351.02011.04.19-Avast55.0.677.02011.04.19-AVG10.0.0.11902011.04.19-BitDefender7.22011.04.19-CAT-QuickHeal11.002011.04.19-ClamAV0.97.0.02011.04.19-Commtouch5.3.2.62011.04.19-Comodo84022011.04.19TrojWare.Win32.Trojan.Agent.GenDrWeb5.0.2.033002011.04.19Trojan.DownLoader2.3766 3eSafe7.0.17.02011.04.18-eTrust-Vet36.1.82792011.04.19-F-Prot4.6.2.1172011.04.19-F-Secure9.0.16440.02011.04.19-Fortinet4.2.257.02011.04.19-GData222011.04.19-IkarusT3.1.1.103.02011.04.19-Jiangmin13.0.9002011.04.18-K7AntiVirus9.97.44282011.04.19-McAfee5.400.0.11582011.04.19-McAfee-GW-Edition2010.1D2011.04.19-Microsoft1.68022011.04.19-NOD3260552011.04.19-Norman6.07.072011.04.19-Panda10.0.3.52011.04.19-PCTools7.0.3.52011.04.19-Prevx3.02011.04.19-Rising23.54.01.062011.04.19-Sophos4.64.02011.04.19-SUPERAntiSpyware4.40.0.10062011.04.19-Symantec20101.3.2.892011.04.19-TheHacker6.7.0.1.1772011.04.19-TrendMicro9.200.0.10122011.04.19-TrendMicro-HouseCall9.200.0.10122011.04.19-VBA323.12.16.02011.04.19-VIPRE90622011.04.19Virtool.Win32.Vbinject.Gen.2 (v)ViRobot2011.4.19.44182011.04.19-VirusBuster13.6.312.22011.04.19- Additional information

    MD5 : ca280984d266cff2ca86ef7e4c5a0f95 SHA1 : 1b955dcbd7e470ae0ca60b6b97abc25c37ca1011 SHA256: 2ee72560b04e158476e28c5336f7d4dea209f8563d86a603ef4b057982d7a310 ssdeep: 12288:tWFZnukgF6iNdtUtVJ5XXZkCwO79zStkmLaQ5LlTNanopWV4n2G36OJceLFQUc8i:tTFj
    DUtv5XJkCwO79 File size : 405504 bytes First seen: 2011-04-18 23:29:36

    I ran ESET scanner and it reported no threats found but did not produce a log.
    Last seen : 2011-04-19 19:18:29 TrID:
    Win32 Executable Microsoft Visual Basic 6 (86.2%)
    Win32 Executable Generic (5.8%)
    Win32 Dynamic Link Library (generic) (5.1%)
    Generic Win/DOS Executable (1.3%)
    DOS Executable Generic (1.3%) sigcheck:
    publisher....: EXRVXHNUDTSCDT
    copyright....: wjhzvamf
    product......: GPLVGUOBASEXRVXHNUD
    description..: CMFLHWSPUOYJJKWZ
    original name: qgoeewsj.exe
    internal name: qgoeewsj
    file version.: 7.02.0007
    comments.....: QPAMZXYQRI
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1588
    timedatestamp....: 0x4DAC7427 (Mon Apr 18 17:25:59 2011)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x5FE08, 0x60000, 7.65, 7f4debd2152f426a94ba64b5166fe5fe
    .data, 0x61000, 0x3258, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
    .rsrc, 0x65000, 0xA04, 0x1000, 2.31, 790c6f7a8cca947c258962c5fc53a385

    [[ 1 import(s) ]]
    MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaGosubReturn, _adj_fdiv_m64, -, _adj_fprem1, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaLenBstrB, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaCyErrVar, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaGosubFree, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaNew, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, __vbaFPException, __vbaUbound, -, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarAdd, __vbaAryLock, __vbaFpI4, _CIatan, __vbaCastObj, __vbaStrMove, __vbaI4Cy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 393216
    Comments: QPAMZXYQRI
    CompanyName: EXRVXHNUDTSCDT
    EntryPoint: 0x1588
    FileDescription: CMFLHWSPUOYJJKWZ
    FileFlagsMask: 0x0000
    FileOS: Win32
    FileSize: 396 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 7.02.0007
    FileVersionNumber: 7.2.0.7
    ImageVersion: 7.2
    InitializedDataSize: 20480
    InternalName: qgoeewsj
    LanguageCode: English (U.S.)
    LegalCopyright: wjhzvamf
    LegalTrademarks: bepgvncdlahrp
    LinkerVersion: 6.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Executable application
    OriginalFilename: qgoeewsj.exe
    PEType: PE32
    ProductName: GPLVGUOBASEXRVXHNUD
    ProductVersion: 7.02.0007
    ProductVersionNumber: 7.2.0.7
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2011:04:18 19:25:59+02:00
    UninitializedDataSize: 0
    Symantec reputation:Suspicious.Insight
      My Computer
    Quote Quote

  3. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #12

    I ran ESET scanner and it reported no threats found but did not produce a log.
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #13

    Download Combofix from any of the links below, and save it to your desktop.<--Important
    Link 1
    Link 2
    Link 3

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
    Please be patient while the scan runs, at times it may appear to stall.
    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
    Post this log in your next reply together with a new hijackthislog. HijackThis - Trend Micro USA
    After rebooting ensure your Security applications have been re-enabled.

    In your next reply post:
    ComboFix.txt
    New HJT log taken after the above scan has run
    ***A guide and tutorial on "How to use Combofix" can be found here:
    A guide and tutorial on using ComboFix
      My Computer
    Quote Quote

  6. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #14

    Wow, this system is really messed up.When I ran ComboFix I got the BSOD "IRQL not less or equal. Figured I would try it in safe mode but I can no longer boot into Safe Mode, the system freezes after loading WIndows\System32\Drivers\ClassPnP.sys

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:27:24 PM, on 4/20/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    D:\Everything\Everything.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    D:\Process Lasso\ProcessLasso.exe
    D:\Process Lasso\ProcessGovernor.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
    C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
    C:\Program Files\ClipMate7\ClipMate.exe
    D:\aws\WeatherBug\Weather.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Windows\System32\qigct.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\J. Murray\Desktop\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301045433.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Everything] "d:\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
    O4 - HKLM\..\Run: [ProcessLassoManagementConsole] d:\Process Lasso\processlasso.exe
    O4 - HKLM\..\Run: [ProcessGovernor] d:\Process Lasso\processgovernor.exe
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [MediaFace Integration] D:\MediaFACE 5.0\SetHook.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Windows Media Player ACM] C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
    O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe
    O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
    O4 - HKCU\..\Run: [Weather] D:\aws\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\J. Murray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\TomTom HOME 2\TomTomHOMERunner.exe" -s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: MagicDisc.lnk = D:\MagicDisc\MagicDisc.exe
    O4 - Startup: Windows Media Player ACM.lnk = J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14ABCC-F8C8-4F45-8181-C8CB825FF5ED}: NameServer = 68.94.156.1,68.94.157.1
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TomTomHOMEService - TomTom - d:\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

    --
    End of file - 10090 bytes
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #15

    Rescan with HJT, check this item:

    O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe

    Close all open windows except HJT, then click 'fix checked'. Exit out of HJT.

    Now navigate to C:\Windows\system32\qigct.exe <---delete this file Don't reboot!!

    Download and Run RKill
    Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
    Link 1
    Link 2
    Link 3
    Link 4
    • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    • If nothing happens or if the tool does not run, please let me know in your next reply

    After doing the above, see if you can run the Combofix.
      My Computer
    Quote Quote

  8. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #16

    I got the BSOD when I ran RKill. I was able to do the other items on the list before running RKill.
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #17

    Reboot your computer ....

    Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
    and save it to your desktop

    Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.

    Click the check boxes next to Application and System located under Select log to query on the upper left
    Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).

    Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
    Once it finishes it will display a log file in notepad
    Please copy and paste its entire contents into your next reply
      My Computer
    Quote Quote

  11. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #18

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 21/04/2011 11:27:30 AM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 21/04/2011 3:38:58 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x434 Faulting application start time: 0x01cc003510aceb9c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7881cf9b-6c2d-11e0-9981-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 2:45:56 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x360 Faulting application start time: 0x01cc00311754101c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0fed6164-6c26-11e0-952a-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:59:12 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x41c Faulting application start time: 0x01cc00222cd2e5b2 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 26b57e63-6c17-11e0-b013-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 3:12:33 AM
    Type: Error Category: 0
    Event: 5051 Source: McLogEvent
    A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4084 (0xff4) Thread address : 0x77CF70B4 Thread message : Build VSCORE.14.2.0.794 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mcupdmgr.exe by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

    Log: 'Application' Date/Time: 21/04/2011 2:53:06 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1154 Faulting application start time: 0x01cbffc998fb9022 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b51d24a-6bc2-11e0-a150-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 2:12:35 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbffc7f3944e91 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d242c441-6bbc-11e0-a150-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 1:57:49 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3754 Start Time: 01cbffc63cd2415a Termination Time: 78 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: bc0ab52f-6bba-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 1:57:44 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x35b0 Faulting application start time: 0x01cbffc78138f0c2 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: bf151728-6bba-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:48:57 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2b7c Start Time: 01cbffbdd8c6587b Termination Time: 73 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 20cab6e1-6bb1-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:48:56 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e28 Faulting application start time: 0x01cbffbde5035e31 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 22d95346-6bb1-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:48:26 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2658 Start Time: 01cbffbdb1f909cc Termination Time: 46 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 0ded5ca4-6bb1-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:48:25 AM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e64 Faulting application start time: 0x01cbffbdd26ea6c5 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 1031d6e3-6bb1-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 21/04/2011 12:47:29 AM
    Type: Error Category: 101
    Event: 1002 Source: Application Hang
    The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4bc Start Time: 01cbffbd83d53778 Termination Time: 99 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: e914538b-6bb0-11e0-887d-001bfc31f1ba

    Log: 'Application' Date/Time: 20/04/2011 9:34:59 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1774 Faulting application start time: 0x01cbff9c68a86453 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0a7ac389-6b96-11e0-a4ec-001bfc31f1ba

    Log: 'Application' Date/Time: 20/04/2011 8:49:10 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x428 Faulting application start time: 0x01cbff9ae9dfa183 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a3b17514-6b8f-11e0-a4ec-001bfc31f1ba

    Log: 'Application' Date/Time: 20/04/2011 8:16:30 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x11e0 Faulting application start time: 0x01cbff914371c8f1 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 136f1a76-6b8b-11e0-a201-001bfc31f1ba

    Log: 'Application' Date/Time: 20/04/2011 7:31:29 PM
    Type: Error Category: 0
    Event: 33 Source: SideBySide
    Activation context generation failed for "c:\VueScan\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Log: 'Application' Date/Time: 20/04/2011 7:30:14 PM
    Type: Error Category: 0
    Event: 63 Source: SideBySide
    Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Log: 'Application' Date/Time: 20/04/2011 7:29:11 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbff8913cf2760 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7734d8ed-6b84-11e0-a201-001bfc31f1ba

    Log: 'Application' Date/Time: 20/04/2011 12:24:56 PM
    Type: Error Category: 100
    Event: 1000 Source: Application Error
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x14b4 Faulting application start time: 0x01cbff53e50ca047 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 32dc4681-6b49-11e0-b599-001bfc31f1ba

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
    Type: Warning Category: 0
    Event: 6001 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <Profiles> failed a notification event.

    Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 21/04/2011 3:00:52 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 21/04/2011 2:33:38 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
    Type: Warning Category: 0
    Event: 6001 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> failed a notification event.

    Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 19/04/2011 12:58:17 PM
    Type: Warning Category: 0
    Event: 6001 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> failed a notification event.

    Log: 'Application' Date/Time: 19/04/2011 12:58:16 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 18/04/2011 3:17:16 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
    Type: Warning Category: 0
    Event: 6003 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

    Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
    Type: Warning Category: 0
    Event: 6001 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> failed a notification event.

    Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
    Type: Warning Category: 0
    Event: 6000 Source: Microsoft-Windows-Winlogon
    The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

    Log: 'Application' Date/Time: 14/04/2011 5:00:38 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


    Log: 'Application' Date/Time: 14/04/2011 3:36:03 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


    Log: 'Application' Date/Time: 14/04/2011 4:30:08 AM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
    Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


    Log: 'Application' Date/Time: 14/04/2011 3:09:54 AM
    Type: Warning Category: 0
    Event: 10010 Source: Microsoft-Windows-RestartManager
    Application 'C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe' (pid 2680) cannot be restarted - Application SID does not match Conductor SID..

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 21/04/2011 3:01:45 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 21/04/2011 2:33:22 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 21/04/2011 12:46:15 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 21/04/2011 2:00:20 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 10:43:49 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 10:34:27 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 10:31:07 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 10:15:24 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 8:37:57 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 6:30:24 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 6:20:26 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 6:07:22 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 12:29:00 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 11:52:10 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 4:17:27 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 20/04/2011 12:15:00 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 19/04/2011 9:10:25 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 19/04/2011 6:51:54 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 19/04/2011 12:59:27 PM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    Log: 'System' Date/Time: 19/04/2011 1:49:25 AM
    Type: Critical Category: 63
    Event: 41 Source: Microsoft-Windows-Kernel-Power
    The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 21/04/2011 4:28:59 PM
    Type: Error Category: 0
    Event: 1012 Source: Microsoft-Windows-DNS-Client
    There was an error while attempting to read the local hosts file.

    Log: 'System' Date/Time: 21/04/2011 4:28:58 PM
    Type: Error Category: 0
    Event: 1012 Source: Microsoft-Windows-DNS-Client
    There was an error while attempting to read the local hosts file.

    Log: 'System' Date/Time: 21/04/2011 3:41:12 PM
    Type: Error Category: 0
    Event: 1012 Source: Microsoft-Windows-DNS-Client
    There was an error while attempting to read the local hosts file.

    Log: 'System' Date/Time: 21/04/2011 3:41:07 PM
    Type: Error Category: 0
    Event: 7032 Source: Service Control Manager
    The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

    Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
    Type: Error Category: 0
    Event: 7032 Source: Service Control Manager
    The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

    Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
    Type: Error Category: 0
    Event: 7032 Source: Service Control Manager
    The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

    Log: 'System' Date/Time: 21/04/2011 3:40:07 PM
    Type: Error Category: 0
    Event: 7032 Source: Service Control Manager
    The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

    Log: 'System' Date/Time: 21/04/2011 3:39:08 PM
    Type: Error Category: 0
    Event: 1012 Source: Microsoft-Windows-DNS-Client
    There was an error while attempting to read the local hosts file.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 21/04/2011 4:29:17 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 3:52:19 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 3:14:26 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 2:45:29 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 12:54:38 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 72.83.16.199.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 2:35:49 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 101.139.121.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 21/04/2011 2:12:18 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 55.216.172.69.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 11:03:14 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 152.1.228.129.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 10:38:22 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 9.224.171.66.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 8:49:39 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 7:41:18 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 6:24:45 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name VirusTotal - Free Online Virus, Malware and URL Scanner timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 6:23:41 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name gateway.messenger.hotmail.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 6:23:26 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 5:59:38 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 35.69.17.209.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 1:25:35 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 12:21:34 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 4:47:01 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 12:37:39 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name pcdoctorreviews.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 20/04/2011 12:32:09 AM
    Type: Warning Category: 0
    Event: 2512 Source: Server
    The server service was unable to change the domain name from WORKGROUP to WORKGROUP.
      My Computer
    Quote Quote

  12. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #19

    Okay, found a badie ... BACKDOOR.Trojan
    C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe

    VirusTotal - Free Online Virus, Malware and URL Scanner

    Warning! Backdoor Trojans

    These are the most dangerous, and most widespread, type of Trojan.
    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately (using a known clean computer, not the infected one!) to include those used for email, eBay and forums.
    You should consider them to be compromised.
    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
    Banking and credit card institutions should be notified of the possible security breech.

    More info can be found below:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
    When should I re-format? How should I reinstall?
    When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

    Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

    Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.
    If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.
      My Computer
    Quote Quote

  13. JMurr
    Posts : 19
    Win 7 Home Premium 32 bit
    Thread Starter
       New #20

    Should I re format and re install?
      My Computer
    Quote Quote

 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
http://i.imgur.com/8bE5b4I.jpg What steps should I take ? How do I resolve this issue
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
my windows infected ramnit virus and virut virus,how to clean them?
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:03.
Find Us