Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I think i have a virus.

19 Apr 2011   #11
JMurr

Win 7 Home Premium 32 bit
 
 

Antivirus Version Last Update Result AhnLab-V32011.04.20.002011.04.19-AntiVir7.11.6.1872011.04.19-Antiy-AVL2.0.3.72011.04.19-Avast4.8.1351.02011.04.19-Avast55.0.677.02011.04.19-AVG10.0.0.11902011.04.19-BitDefender7.22011.04.19-CAT-QuickHeal11.002011.04.19-ClamAV0.97.0.02011.04.19-Commtouch5.3.2.62011.04.19-Comodo84022011.04.19TrojWare.Win32.Trojan.Agent.GenDrWeb5.0.2.033002011.04.19Trojan.DownLoader2.3766 3eSafe7.0.17.02011.04.18-eTrust-Vet36.1.82792011.04.19-F-Prot4.6.2.1172011.04.19-F-Secure9.0.16440.02011.04.19-Fortinet4.2.257.02011.04.19-GData222011.04.19-IkarusT3.1.1.103.02011.04.19-Jiangmin13.0.9002011.04.18-K7AntiVirus9.97.44282011.04.19-McAfee5.400.0.11582011.04.19-McAfee-GW-Edition2010.1D2011.04.19-Microsoft1.68022011.04.19-NOD3260552011.04.19-Norman6.07.072011.04.19-Panda10.0.3.52011.04.19-PCTools7.0.3.52011.04.19-Prevx3.02011.04.19-Rising23.54.01.062011.04.19-Sophos4.64.02011.04.19-SUPERAntiSpyware4.40.0.10062011.04.19-Symantec20101.3.2.892011.04.19-TheHacker6.7.0.1.1772011.04.19-TrendMicro9.200.0.10122011.04.19-TrendMicro-HouseCall9.200.0.10122011.04.19-VBA323.12.16.02011.04.19-VIPRE90622011.04.19Virtool.Win32.Vbinject.Gen.2 (v)ViRobot2011.4.19.44182011.04.19-VirusBuster13.6.312.22011.04.19- Additional information

MD5 : ca280984d266cff2ca86ef7e4c5a0f95 SHA1 : 1b955dcbd7e470ae0ca60b6b97abc25c37ca1011 SHA256: 2ee72560b04e158476e28c5336f7d4dea209f8563d86a603ef4b057982d7a310 ssdeep: 12288:tWFZnukgF6iNdtUtVJ5XXZkCwO79zStkmLaQ5LlTNanopWV4n2G36OJceLFQUc8i:tTFj
DUtv5XJkCwO79 File size : 405504 bytes First seen: 2011-04-18 23:29:36

I ran ESET scanner and it reported no threats found but did not produce a log.
Last seen : 2011-04-19 19:18:29 TrID:
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%) sigcheck:
publisher....: EXRVXHNUDTSCDT
copyright....: wjhzvamf
product......: GPLVGUOBASEXRVXHNUD
description..: CMFLHWSPUOYJJKWZ
original name: qgoeewsj.exe
internal name: qgoeewsj
file version.: 7.02.0007
comments.....: QPAMZXYQRI
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1588
timedatestamp....: 0x4DAC7427 (Mon Apr 18 17:25:59 2011)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5FE08, 0x60000, 7.65, 7f4debd2152f426a94ba64b5166fe5fe
.data, 0x61000, 0x3258, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x65000, 0xA04, 0x1000, 2.31, 790c6f7a8cca947c258962c5fc53a385

[[ 1 import(s) ]]
MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaGosubReturn, _adj_fdiv_m64, -, _adj_fprem1, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaLenBstrB, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaCyErrVar, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaGosubFree, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaNew, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, __vbaFPException, __vbaUbound, -, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarAdd, __vbaAryLock, __vbaFpI4, _CIatan, __vbaCastObj, __vbaStrMove, __vbaI4Cy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 393216
Comments: QPAMZXYQRI
CompanyName: EXRVXHNUDTSCDT
EntryPoint: 0x1588
FileDescription: CMFLHWSPUOYJJKWZ
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 396 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 7.02.0007
FileVersionNumber: 7.2.0.7
ImageVersion: 7.2
InitializedDataSize: 20480
InternalName: qgoeewsj
LanguageCode: English (U.S.)
LegalCopyright: wjhzvamf
LegalTrademarks: bepgvncdlahrp
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: qgoeewsj.exe
PEType: PE32
ProductName: GPLVGUOBASEXRVXHNUD
ProductVersion: 7.02.0007
ProductVersionNumber: 7.2.0.7
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:04:18 19:25:59+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight


My System SpecsSystem Spec
.
19 Apr 2011   #12
JMurr

Win 7 Home Premium 32 bit
 
 

I ran ESET scanner and it reported no threats found but did not produce a log.
My System SpecsSystem Spec
20 Apr 2011   #13
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog. HijackThis - Trend Micro USA
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run

***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix
My System SpecsSystem Spec
.

20 Apr 2011   #14
JMurr

Win 7 Home Premium 32 bit
 
 

Wow, this system is really messed up.When I ran ComboFix I got the BSOD "IRQL not less or equal. Figured I would try it in safe mode but I can no longer boot into Safe Mode, the system freezes after loading WIndows\System32\Drivers\ClassPnP.sys

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:24 PM, on 4/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Everything\Everything.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
D:\Process Lasso\ProcessLasso.exe
D:\Process Lasso\ProcessGovernor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
C:\Program Files\ClipMate7\ClipMate.exe
D:\aws\WeatherBug\Weather.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\qigct.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\J. Murray\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301045433.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Everything] "d:\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] d:\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] d:\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [MediaFace Integration] D:\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Media Player ACM] C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [Weather] D:\aws\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\J. Murray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = D:\MagicDisc\MagicDisc.exe
O4 - Startup: Windows Media Player ACM.lnk = J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14ABCC-F8C8-4F45-8181-C8CB825FF5ED}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - d:\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10090 bytes
My System SpecsSystem Spec
20 Apr 2011   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Rescan with HJT, check this item:

O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe

Close all open windows except HJT, then click 'fix checked'. Exit out of HJT.

Now navigate to C:\Windows\system32\qigct.exe <---delete this file Don't reboot!!

Download and Run RKill
Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
After doing the above, see if you can run the Combofix.
My System SpecsSystem Spec
20 Apr 2011   #16
JMurr

Win 7 Home Premium 32 bit
 
 

I got the BSOD when I ran RKill. I was able to do the other items on the list before running RKill.
My System SpecsSystem Spec
21 Apr 2011   #17
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Reboot your computer ....

Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
and save it to your desktop

Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.

Click the check boxes next to Application and System located under Select log to query on the upper left
Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).

Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
Once it finishes it will display a log file in notepad
Please copy and paste its entire contents into your next reply
My System SpecsSystem Spec
21 Apr 2011   #18
JMurr

Win 7 Home Premium 32 bit
 
 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/04/2011 11:27:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/04/2011 3:38:58 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x434 Faulting application start time: 0x01cc003510aceb9c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7881cf9b-6c2d-11e0-9981-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 2:45:56 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x360 Faulting application start time: 0x01cc00311754101c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0fed6164-6c26-11e0-952a-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:59:12 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x41c Faulting application start time: 0x01cc00222cd2e5b2 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 26b57e63-6c17-11e0-b013-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 3:12:33 AM
Type: Error Category: 0
Event: 5051 Source: McLogEvent
A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4084 (0xff4) Thread address : 0x77CF70B4 Thread message : Build VSCORE.14.2.0.794 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mcupdmgr.exe by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Log: 'Application' Date/Time: 21/04/2011 2:53:06 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1154 Faulting application start time: 0x01cbffc998fb9022 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b51d24a-6bc2-11e0-a150-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 2:12:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbffc7f3944e91 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d242c441-6bbc-11e0-a150-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 1:57:49 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3754 Start Time: 01cbffc63cd2415a Termination Time: 78 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: bc0ab52f-6bba-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 1:57:44 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x35b0 Faulting application start time: 0x01cbffc78138f0c2 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: bf151728-6bba-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:57 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2b7c Start Time: 01cbffbdd8c6587b Termination Time: 73 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 20cab6e1-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:56 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e28 Faulting application start time: 0x01cbffbde5035e31 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 22d95346-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:26 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2658 Start Time: 01cbffbdb1f909cc Termination Time: 46 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 0ded5ca4-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:25 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e64 Faulting application start time: 0x01cbffbdd26ea6c5 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 1031d6e3-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:47:29 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4bc Start Time: 01cbffbd83d53778 Termination Time: 99 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: e914538b-6bb0-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 9:34:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1774 Faulting application start time: 0x01cbff9c68a86453 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0a7ac389-6b96-11e0-a4ec-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 8:49:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x428 Faulting application start time: 0x01cbff9ae9dfa183 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a3b17514-6b8f-11e0-a4ec-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 8:16:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x11e0 Faulting application start time: 0x01cbff914371c8f1 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 136f1a76-6b8b-11e0-a201-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 7:31:29 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "c:\VueScan\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win 32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 20/04/2011 7:30:14 PM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 20/04/2011 7:29:11 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbff8913cf2760 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7734d8ed-6b84-11e0-a201-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 12:24:56 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x14b4 Faulting application start time: 0x01cbff53e50ca047 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 32dc4681-6b49-11e0-b599-001bfc31f1ba

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 2:33:38 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 19/04/2011 12:58:17 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 19/04/2011 12:58:16 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:16 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/04/2011 5:00:38 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 3:36:03 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 4:30:08 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 3:09:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe' (pid 2680) cannot be restarted - Application SID does not match Conductor SID..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 3:01:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 2:33:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 12:46:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 2:00:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:43:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:34:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:31:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:15:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 8:37:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:30:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:20:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:07:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 12:29:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 11:52:10 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 4:17:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 12:15:00 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 9:10:25 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 6:51:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 12:59:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 1:49:25 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 4:28:59 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 4:28:58 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:41:12 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:41:07 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:40:07 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:39:08 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 4:29:17 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 3:52:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 3:14:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:45:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 12:54:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 72.83.16.199.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:35:49 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 101.139.121.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:12:18 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 55.216.172.69.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 11:03:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 152.1.228.129.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 10:38:22 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 9.224.171.66.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 8:49:39 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 7:41:18 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:24:45 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name VirusTotal - Free Online Virus, Malware and URL Scanner timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:23:41 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name gateway.messenger.hotmail.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:23:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 5:59:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 35.69.17.209.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 1:25:35 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:21:34 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 4:47:01 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:37:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pcdoctorreviews.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:32:09 AM
Type: Warning Category: 0
Event: 2512 Source: Server
The server service was unable to change the domain name from WORKGROUP to WORKGROUP.
My System SpecsSystem Spec
21 Apr 2011   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, found a badie ... BACKDOOR.Trojan
C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe

VirusTotal - Free Online Virus, Malware and URL Scanner

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately (using a known clean computer, not the infected one!) to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.
If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.
My System SpecsSystem Spec
21 Apr 2011   #20
JMurr

Win 7 Home Premium 32 bit
 
 

Should I re format and re install?
My System SpecsSystem Spec
Reply

 I think i have a virus.




Thread Tools




Similar help and support threads
Thread Forum
Possible Memory Leak Virus - Anti-virus detects nothing?
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
Performance & Maintenance
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
RPC Virus message in Action Center, though the virus seems to be gone?
So I was managing my Laptop (Compaq Presario CQ57 with Windows Home Premium SP1) after a long time away from it, I left it in the care of a friend of mine, I noticed a few strange things. 1) I couldn't update Windows. 2) I couldn't turn ON my firewall 3) Windows Security Center was missing....
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:13.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App