I think i have a virus.

[JMurr]

I think I have a virus. I deleted a program with Revo Uninstaller and it could not set a restore point as it always does. Further investigation revealed System Restore was turned off by the Administrator (that would be me) and I could not get it turned on. More strange things, Cmd. Prompt would only display in safe mode. SFC found no errors, “restore to last good config” did not help. Windows update errors with 80072efe. I get a blue screen msg. “Internal Power Error” when I shut down and the system restarts, I could no disable the automatic restart feature as un checking the box does not hold. I tried that in Safe and Reg. Mode.

I have done a full virus scan w/McAfee, run Malware Bytes and Super AntiSpyware all in safe mode and MalwareBytes found a tracking cookie but nothing else.

Early on McAfee froze at “goto assist Download Helper.exe, I have no idea what that is and I deleted the folder it was in.
I am running Win7 Home Premium.

Sorry for the long post but I am the point where I am out of ideas. Any help would be appreciated.

 

[Jacee]

Download DDS from one of these links:
Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.

 

[JMurr]

Mirror 1 asks if i want to save file but file is not saved, mirror 2 is "page not found" mirror 3 fills screen with strange characters. sorry, I can not get file.

 

[SIW2]

Mirror1 should be fine - you may have to click Save button a couple of times.

 

[Jacee]

Yes, you want to save the file. Let it download, don't click run. Open the folder that you saved it to...it will look like this
Right click to run as Administrator.

 

[JMurr]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2010 4:13:31 PM
System Uptime: 4/18/2011 2:37:09 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5GC-MX
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | LGA 775 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 99.359 GiB free.
D: is FIXED (NTFS) - 455 GiB total, 454.072 GiB free.
E: is FIXED (NTFS) - 476 GiB total, 462.015 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Aiseesoft Blu-ray Ripper
Aiseesoft MP4 Converter Suite
AMD Drag and Drop Transcoding
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 2010 Advanced
ATI Catalyst Registration
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Belarc Advisor 8.1
Bullzip PDF Printer 7.1.0.1195
CameraHelperMsi
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
ClipMate 7
Clone2Go Video Converter Free Version 1.9.2
ConvertXtoDVD 3.3.4.107
D3DX10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EMDB 1.21
EndItAll 2.0
erLT
Everything 1.2.1.371
FastStone Image Viewer 3.7
Feedback Tool
ffdshow
FLV Player 2.0 (build 25)
Foxit Creator
Foxit PDF IFilter
Foxit Reader
Free Video Joiner 1.1
Google Talk Plugin
Google Update Helper
GPL Ghostscript Lite 8.70
HamsterFreeVideoConverter
ImgBurn
Java Auto Updater
Java(TM) 6 Update 24
Kyodai Mahjongg 2006 v1.42
Logitech Harmony Remote Software 7
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
Media Browser
MediaFACE
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MozBackup 1.4.9
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MySQL Connector/ODBC 3.51
NewsLeecher v4.0 Final
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
OpenAL
PerfectDisk 10 Professional
Pivot Software
Process Lasso
PVSonyDll
QuickPar 0.9
QuickTime
RegistryFix v8.0
Remote Control USB Driver
Revo Uninstaller Pro 2.5.1
SDK
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Sid Meier's Civilization V
Skype Toolbars
Skype™ 5.0
SpywareBlaster 4.4
Steam
SUPERAntiSpyware
TeraCopy 2.12
The Lord of the Rings FREE Trial
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
VLC media player 1.1.8
VueScan
WeatherBug
Windows 7 Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
WMV9/VC-1 Video Playback
WordPerfect Office 11
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/18/2011 8:56:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 8:56:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 8:55:53 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 8:44:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86674020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-40716-01.
4/18/2011 8:34:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x852590f8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-34523-01.
4/18/2011 8:22:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86264630, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-35193-01.
4/18/2011 8:00:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86260ae0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-42432-01.
4/18/2011 7:32:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
4/18/2011 7:32:22 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 3:57:58 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/18/2011 3:57:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 3:57:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 3:57:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 3:56:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/18/2011 3:55:53 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 2:39:09 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
4/18/2011 2:39:09 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
4/18/2011 2:39:09 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
4/18/2011 2:38:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UimBus Uim_IM
4/18/2011 2:37:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86e74800, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-30560-01.
4/18/2011 2:25:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86e74508, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-38797-01.
4/18/2011 2:22:31 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
4/18/2011 2:22:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/18/2011 2:18:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
4/18/2011 2:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/18/2011 2:02:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
4/18/2011 2:02:59 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 2:02:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
4/18/2011 2:02:29 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 2:01:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.
4/18/2011 2:01:29 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 12:35:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86263370, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-25350-01.
4/18/2011 12:04:41 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
4/18/2011 11:52:30 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/18/2011 11:52:30 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/18/2011 11:52:30 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/18/2011 11:19:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
4/18/2011 11:19:33 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 11:17:44 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 11:17:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/18/2011 11:17:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/18/2011 11:17:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/18/2011 11:17:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr UimBus Uim_IM Wanarpv6
4/18/2011 11:17:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
4/18/2011 11:17:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/18/2011 11:17:18 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 11:17:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86e75aa0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-23166-01.
4/18/2011 11:10:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86e75208, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-35303-01.
4/18/2011 10:57:11 AM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/18/2011 10:18:59 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85e57708, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-29000-01.
4/18/2011 10:09:16 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 10:06:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx UimBus Uim_IM Wanarpv6 WfpLwf
4/18/2011 10:06:41 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:41 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:41 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:41 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7022] - The User Profile Service service hung on starting.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:06:11 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/18/2011 10:02:12 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
4/18/2011 1:59:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
4/18/2011 1:59:37 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:59:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:57:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
4/18/2011 1:57:15 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:56:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.
4/18/2011 1:56:45 PM, Error: Service Control Manager [7000] - The Remote Desktop Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:56:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/18/2011 1:55:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
4/18/2011 1:55:44 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:55:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
4/18/2011 1:55:14 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:54:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
4/18/2011 1:54:44 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:54:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
4/18/2011 1:54:14 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/18/2011 1:53:42 PM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.
4/18/2011 1:52:12 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/18/2011 1:07:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: labpborv UimBus Uim_IM
4/18/2011 1:06:20 PM, Error: Microsoft-Windows-Eventlog [106] - Corruption was detected in the log for the Application channel and some data was erased.
4/18/2011 1:06:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85e6a020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041811-37268-01.
4/18/2011 1:04:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/17/2011 11:44:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86264bf8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-29343-01.
4/17/2011 11:40:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x86261b28, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-29094-01.
4/17/2011 11:32:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85e65800, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041711-38844-01.
4/17/2011 11:00:03 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{5ae98c13-8c77-11df-b82b-806e6f6e6963} cannot be read.
.
==== End Of File ===========================

DDS (Ver_11-03-05.01) - NTFSx86
Run by J. Murray at 17:17:01.90 on Mon 04/18/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.991 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
D:\Everything\Everything.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
D:\Process Lasso\ProcessLasso.exe
D:\Process Lasso\ProcessGovernor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
d:\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
D:\aws\WeatherBug\Weather.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\qigct.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
D:\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\J. Murray\Desktop\dds.com
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110301045433.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - c:\progra~1\clipma~1\CLIPMA~1.DLL
uRun: [ClipMate7] c:\program files\clipmate7\ClipMate.exe
uRun: [Weather] d:\aws\weatherbug\Weather.exe 1
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\j. murray\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "d:\tomtom home 2\TomTomHOMERunner.exe" -s
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Everything] "d:\everything\Everything.exe" -startup
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [ProcessLassoManagementConsole] d:\process lasso\processlasso.exe
mRun: [ProcessGovernor] d:\process lasso\processgovernor.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [MediaFace Integration] d:\mediaface 5.0\SetHook.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Media Player ACM] c:\users\j. murray\appdata\roaming\microsoft\windows media\12.0\wmpacm.exe
mRun: [cftmon] c:\windows\system32\qigct.exe
StartupFolder: c:\users\j2bba~1.mur\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\users\j. murray\appdata\roaming\microsoft\windows media\12.0\wmpacm.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {6F14ABCC-F8C8-4F45-8181-C8CB825FF5ED} = 68.94.156.1,68.94.157.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\j2bba~1.mur\appdata\roaming\mozilla\firefox\profiles\0fhecy32.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\j. murray\appdata\roaming\mozilla\firefox\profiles\0fhecy32.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\j. murray\appdata\roaming\mozilla\firefox\profiles\0fhecy32.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\j. murray\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\j. murray\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\j. murray\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-1 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-1 164840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-3 176128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-7-10 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-1 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-8-20 109168]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TomTomHOMEService;TomTomHOMEService;d:\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2009-6-10 29184]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 55840]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-4-1 20448]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-10 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-10 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 313288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 136176]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-3 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-3 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-1-3 102416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-10 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-10 40552]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-19 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-10 1343400]
.
=============== Created Last 30 ================
.
2011-04-18 18:49:29 405504 ----a-w- c:\windows\system32\qigct.exe
2011-04-18 18:07:49 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{0C896934-EC5C-4FF2-9451-A180E650209E}
2011-04-18 05:47:49 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{6C833206-37AE-4040-8796-C821A3992F7A}
2011-04-18 04:18:58 -------- d-----w- c:\program files\Search Toolbar
2011-04-18 04:18:45 129536 ----a-w- c:\users\j2bba~1.mur\appdata\roaming\microsoft\windows media\12.0\wmpacm.exe
2011-04-18 04:18:34 -------- d-----w- C:\Temp
2011-04-18 04:18:19 254464 --sha-r- c:\windows\system32\d3dim7003.dll
2011-04-18 04:18:18 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
2011-04-17 18:36:08 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\Microsoft Help
2011-04-17 17:47:08 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{40B81EB1-C182-4966-B0AC-C3199F58947F}
2011-04-17 01:19:48 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{5195E87E-E1D7-47F7-B9AC-3F22165C5991}
2011-04-16 13:19:23 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{9C968D5B-A383-4FEE-8F75-82C88169FE5D}
2011-04-15 15:57:18 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{CD083303-686D-4382-A308-6CAC54FE3BBE}
2011-04-15 03:56:39 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{DDCDF254-576A-4E16-89D8-BC6F1E5BA02B}
2011-04-15 03:47:28 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{CF7635A9-047C-42D7-9888-DF7FACA78EB2}
2011-04-14 13:28:39 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{9D4E3B2D-BDEE-470E-A792-1569631FC82E}
2011-04-14 03:11:21 -------- d-----w- c:\program files\Help
2011-04-14 02:48:35 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 02:48:32 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 02:48:31 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 02:48:18 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 02:48:00 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 02:48:00 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 02:47:59 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 02:47:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 02:47:57 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 02:47:54 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 02:47:51 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 02:47:51 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 02:47:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 02:47:32 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 02:47:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 02:47:32 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 02:47:32 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 01:27:11 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{C3765AB2-2B5D-4045-A97F-1ACA2ECE8D45}
2011-04-12 13:26:33 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{9D502D34-181C-4397-83FA-2623C150E8CF}
2011-04-12 02:47:27 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-12 01:25:54 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{54A2C61C-8033-4F84-B39A-A819B86F6096}
2011-04-11 13:25:16 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{32F937FF-2C47-457F-9C71-EEA90BD4AFDF}
2011-04-11 01:17:14 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{AE19BFE7-3406-4759-BA36-462982107884}
2011-04-10 00:38:57 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{C590D389-E855-4C92-BD8F-E61D2B1B9F91}
2011-04-08 12:27:44 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{F2E7254F-6B96-4A81-9DE0-AF51C739F94F}
2011-04-07 14:27:13 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{190A1BBB-284F-4601-9927-657B8AB81881}
2011-04-07 02:26:28 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{FED643B7-7333-423F-AAA3-62E9A958B2C0}
2011-04-06 14:25:38 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{ECAC4129-A9B4-4B62-B137-5A142725E19F}
2011-04-05 23:26:11 -------- d-----w- C:\VueScan
2011-04-05 14:24:32 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{DF491593-9FFF-4B76-A5CD-F64D61F2D5F5}
2011-04-05 03:18:31 -------- d-----w- c:\windows\system32\SPReview
2011-04-05 03:17:21 -------- d-----w- c:\windows\system32\EventProviders
2011-04-05 03:11:59 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-04-05 03:10:59 89600 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
2011-04-05 03:09:51 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-05 03:09:51 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-04-05 03:09:51 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-05 03:09:51 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-05 03:09:33 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-05 03:09:19 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-05 03:09:19 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-04-05 03:08:23 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-05 03:08:23 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-05 02:23:52 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{372EAB8B-5C65-408A-AE98-E64417BACD04}
2011-04-05 02:12:31 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-05 02:12:31 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-03 23:00:38 -------- d-----w- c:\users\j2bba~1.mur\appdata\roaming\The Complete Genealogy Reporter
2011-04-03 23:00:08 372736 ----a-w- c:\windows\system32\ijl15.dll
2011-04-03 14:22:22 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{7C12317F-9182-4E8E-A8A3-114BE6CA8C24}
2011-04-03 02:21:32 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{13E62D8B-7EB9-4178-B579-072DC444A271}
2011-04-02 14:20:54 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{3B068E25-7073-4B7F-BEA1-9A2905126413}
2011-04-02 02:20:15 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{A5A9F4CF-AEA2-4D85-A445-A0A156786AB6}
2011-04-02 00:33:23 -------- d-----w- c:\users\j2bba~1.mur\appdata\roaming\ThumbGen
2011-04-02 00:30:50 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\IsolatedStorage
2011-04-01 14:19:36 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{B36F8EDE-EAB9-4898-8433-C1AA9DD5254E}
2011-04-01 05:09:48 291424 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-04-01 05:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:07:52 20448 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-04-01 02:18:58 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{5A14A2E6-345B-4DD9-87CC-EFD444C1BC15}
2011-03-31 14:18:19 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{97150094-6B74-4B67-B1C6-BFD647F53C42}
2011-03-30 14:17:15 -------- d-----w- c:\users\j2bba~1.mur\appdata\local\{22A49CA8-D2CD-4831-A314-E7B8409667BF}
2011-03-25 00:18:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 00:18:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-25 00:18:41 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-25 00:18:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-25 00:18:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-25 00:18:41 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-25 00:18:40 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-25 00:18:40 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-23 04:58:22 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
.
==================== Find3M ====================
.
2011-04-05 03:26:09 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\LVCodec2.dll
2011-02-23 13:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 13:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 13:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 13:27:00 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-23 13:27:00 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 13:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 13:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 13:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 13:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 13:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 13:27:00 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:23:45.63 ===============

 

[nchoma]

I am so glad you posted this - just happened to me as well only on shut down. All the other links show a problem with hibernating not shutdown.

Hope someone can solve this for you, and it works for me too.

 

[Jacee]

JMurr, go to VirusTotal - Free Online Virus, Malware and URL Scanner and upload this file to be scanned:
C:\Windows\System32\qigct.exe
Save the results and post them back in your next reply.

Next,
I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[nchoma]

not to steal his thread but i dont have qigct.exe

 

[Jacee]

nchoma, you most likely don't have exactly the same thing as JMurr.

It's always best to start your own topic so that you can get individual help

 

[JMurr]

Antivirus Version Last Update Result AhnLab-V32011.04.20.002011.04.19-AntiVir7.11.6.1872011.04.19-Antiy-AVL2.0.3.72011.04.19-Avast4.8.1351.02011.04.19-Avast55.0.677.02011.04.19-AVG10.0.0.11902011.04.19-BitDefender7.22011.04.19-CAT-QuickHeal11.002011.04.19-ClamAV0.97.0.02011.04.19-Commtouch5.3.2.62011.04.19-Comodo84022011.04.19TrojWare.Win32.Trojan.Agent.GenDrWeb5.0.2.033002011.04.19Trojan.DownLoader2.37663eSafe7.0.17.02011.04.18-eTrust-Vet36.1.82792011.04.19-F-Prot4.6.2.1172011.04.19-F-Secure9.0.16440.02011.04.19-Fortinet4.2.257.02011.04.19-GData222011.04.19-IkarusT3.1.1.103.02011.04.19-Jiangmin13.0.9002011.04.18-K7AntiVirus9.97.44282011.04.19-McAfee5.400.0.11582011.04.19-McAfee-GW-Edition2010.1D2011.04.19-Microsoft1.68022011.04.19-NOD3260552011.04.19-Norman6.07.072011.04.19-Panda10.0.3.52011.04.19-PCTools7.0.3.52011.04.19-Prevx3.02011.04.19-Rising23.54.01.062011.04.19-Sophos4.64.02011.04.19-SUPERAntiSpyware4.40.0.10062011.04.19-Symantec20101.3.2.892011.04.19-TheHacker6.7.0.1.1772011.04.19-TrendMicro9.200.0.10122011.04.19-TrendMicro-HouseCall9.200.0.10122011.04.19-VBA323.12.16.02011.04.19-VIPRE90622011.04.19Virtool.Win32.Vbinject.Gen.2 (v)ViRobot2011.4.19.44182011.04.19-VirusBuster13.6.312.22011.04.19- Additional information

MD5 : ca280984d266cff2ca86ef7e4c5a0f95 SHA1 : 1b955dcbd7e470ae0ca60b6b97abc25c37ca1011 SHA256: 2ee72560b04e158476e28c5336f7d4dea209f8563d86a603ef4b057982d7a310 ssdeep: 12288:tWFZnukgF6iNdtUtVJ5XXZkCwO79zStkmLaQ5LlTNanopWV4n2G36OJceLFQUc8i:tTFj
DUtv5XJkCwO79 File size : 405504 bytes First seen: 2011-04-18 23:29:36

I ran ESET scanner and it reported no threats found but did not produce a log.
Last seen : 2011-04-19 19:18:29 TrID:
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%) sigcheck:
publisher....: EXRVXHNUDTSCDT
copyright....: wjhzvamf
product......: GPLVGUOBASEXRVXHNUD
description..: CMFLHWSPUOYJJKWZ
original name: qgoeewsj.exe
internal name: qgoeewsj
file version.: 7.02.0007
comments.....: QPAMZXYQRI
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1588
timedatestamp....: 0x4DAC7427 (Mon Apr 18 17:25:59 2011)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5FE08, 0x60000, 7.65, 7f4debd2152f426a94ba64b5166fe5fe
.data, 0x61000, 0x3258, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x65000, 0xA04, 0x1000, 2.31, 790c6f7a8cca947c258962c5fc53a385

[[ 1 import(s) ]]
MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaGosubReturn, _adj_fdiv_m64, -, _adj_fprem1, __vbaCopyBytes, __vbaStrCat, __vbaSetSystemError, __vbaLenBstrB, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, __vbaCyErrVar, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaCyStr, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, __vbaGosubFree, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaNew, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, __vbaFPException, __vbaUbound, -, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarAdd, __vbaAryLock, __vbaFpI4, _CIatan, __vbaCastObj, __vbaStrMove, __vbaI4Cy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaFreeStr
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 393216
Comments: QPAMZXYQRI
CompanyName: EXRVXHNUDTSCDT
EntryPoint: 0x1588
FileDescription: CMFLHWSPUOYJJKWZ
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 396 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 7.02.0007
FileVersionNumber: 7.2.0.7
ImageVersion: 7.2
InitializedDataSize: 20480
InternalName: qgoeewsj
LanguageCode: English (U.S.)
LegalCopyright: wjhzvamf
LegalTrademarks: bepgvncdlahrp
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: qgoeewsj.exe
PEType: PE32
ProductName: GPLVGUOBASEXRVXHNUD
ProductVersion: 7.02.0007
ProductVersionNumber: 7.2.0.7
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:04:18 19:25:59+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

 

[JMurr]

I ran ESET scanner and it reported no threats found but did not produce a log.

 

[Jacee]

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog. HijackThis - Trend Micro USA
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

 

[JMurr]

Wow, this system is really messed up.When I ran ComboFix I got the BSOD "IRQL not less or equal. Figured I would try it in safe mode but I can no longer boot into Safe Mode, the system freezes after loading WIndows\System32\Drivers\ClassPnP.sys

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:27:24 PM, on 4/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Everything\Everything.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
D:\Process Lasso\ProcessLasso.exe
D:\Process Lasso\ProcessGovernor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
C:\Program Files\ClipMate7\ClipMate.exe
D:\aws\WeatherBug\Weather.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\qigct.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\J. Murray\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301045433.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Everything] "d:\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] d:\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] d:\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [MediaFace Integration] D:\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Media Player ACM] C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [Weather] D:\aws\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\J. Murray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = D:\MagicDisc\MagicDisc.exe
O4 - Startup: Windows Media Player ACM.lnk = J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F14ABCC-F8C8-4F45-8181-C8CB825FF5ED}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - d:\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 10090 bytes

 

[Jacee]

Rescan with HJT, check this item:

O4 - HKLM\..\Run: [cftmon] C:\Windows\system32\qigct.exe

Close all open windows except HJT, then click 'fix checked'. Exit out of HJT.

Now navigate to C:\Windows\system32\qigct.exe <---delete this file Don't reboot!!

Download and Run RKill
Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4

• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply

After doing the above, see if you can run the Combofix.

 

[JMurr]

I got the BSOD when I ran RKill. I was able to do the other items on the list before running RKill.

 

[Jacee]

Reboot your computer ....

Please download VEW by Vino Rosso http://images.malwareremoval.com/vino/VEW.exe
and save it to your desktop

Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.

Click the check boxes next to Application and System located under Select log to query on the upper left
Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).

Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
Once it finishes it will display a log file in notepad
Please copy and paste its entire contents into your next reply

 

[JMurr]

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/04/2011 11:27:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/04/2011 3:38:58 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x434 Faulting application start time: 0x01cc003510aceb9c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7881cf9b-6c2d-11e0-9981-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 2:45:56 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x360 Faulting application start time: 0x01cc00311754101c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0fed6164-6c26-11e0-952a-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:59:12 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x41c Faulting application start time: 0x01cc00222cd2e5b2 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 26b57e63-6c17-11e0-b013-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 3:12:33 AM
Type: Error Category: 0
Event: 5051 Source: McLogEvent
A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4084 (0xff4) Thread address : 0x77CF70B4 Thread message : Build VSCORE.14.2.0.794 / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mcupdmgr.exe by C:\Windows\system32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Log: 'Application' Date/Time: 21/04/2011 2:53:06 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1154 Faulting application start time: 0x01cbffc998fb9022 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b51d24a-6bc2-11e0-a150-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 2:12:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbffc7f3944e91 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d242c441-6bbc-11e0-a150-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 1:57:49 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3754 Start Time: 01cbffc63cd2415a Termination Time: 78 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: bc0ab52f-6bba-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 1:57:44 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x35b0 Faulting application start time: 0x01cbffc78138f0c2 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: bf151728-6bba-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:57 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2b7c Start Time: 01cbffbdd8c6587b Termination Time: 73 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 20cab6e1-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:56 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e28 Faulting application start time: 0x01cbffbde5035e31 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 22d95346-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:26 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2658 Start Time: 01cbffbdb1f909cc Termination Time: 46 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 0ded5ca4-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:48:25 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 2.0.0.4094, time stamp: 0x4d8374f3 Faulting module name: IMM32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b845 Exception code: 0xc0000005 Fault offset: 0x000013b2 Faulting process id: 0x2e64 Faulting application start time: 0x01cbffbdd26ea6c5 Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe Faulting module path: C:\Windows\system32\IMM32.dll Report Id: 1031d6e3-6bb1-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 21/04/2011 12:47:29 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 2.0.0.4094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4bc Start Time: 01cbffbd83d53778 Termination Time: 99 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: e914538b-6bb0-11e0-887d-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 9:34:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x1774 Faulting application start time: 0x01cbff9c68a86453 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0a7ac389-6b96-11e0-a4ec-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 8:49:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x428 Faulting application start time: 0x01cbff9ae9dfa183 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: a3b17514-6b8f-11e0-a4ec-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 8:16:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x11e0 Faulting application start time: 0x01cbff914371c8f1 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 136f1a76-6b8b-11e0-a201-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 7:31:29 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "c:\VueScan\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 20/04/2011 7:30:14 PM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 20/04/2011 7:29:11 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x424 Faulting application start time: 0x01cbff8913cf2760 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7734d8ed-6b84-11e0-a201-001bfc31f1ba

Log: 'Application' Date/Time: 20/04/2011 12:24:56 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00068aca Faulting process id: 0x14b4 Faulting application start time: 0x01cbff53e50ca047 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 32dc4681-6b49-11e0-b599-001bfc31f1ba

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 3:00:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 2:33:38 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 21/04/2011 12:44:37 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 19/04/2011 12:58:17 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 19/04/2011 12:58:16 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:17 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:17:16 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/04/2011 3:05:23 PM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> failed a notification event.

Log: 'Application' Date/Time: 18/04/2011 12:30:37 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/04/2011 5:00:38 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2164 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 3:36:03 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2280 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 4:30:08 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-3976758132-2769972021-118469255-1001:
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\My
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2032 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3976758132-2769972021-118469255-1001\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 14/04/2011 3:09:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe' (pid 2680) cannot be restarted - Application SID does not match Conductor SID..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 3:01:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 2:33:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 12:46:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/04/2011 2:00:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:43:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:34:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:31:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 10:15:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 8:37:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:30:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:20:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 6:07:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 12:29:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 11:52:10 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 4:17:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/04/2011 12:15:00 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 9:10:25 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 6:51:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 12:59:27 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/04/2011 1:49:25 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 4:28:59 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 4:28:58 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:41:12 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:41:07 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:41:06 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:40:07 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 21/04/2011 3:39:08 PM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:07 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 21/04/2011 3:39:06 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/04/2011 4:29:17 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 3:52:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 3:14:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:45:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 12:54:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 72.83.16.199.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:35:49 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 101.139.121.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/04/2011 2:12:18 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 55.216.172.69.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 11:03:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 152.1.228.129.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 10:38:22 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 9.224.171.66.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 8:49:39 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 7:41:18 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:24:45 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name VirusTotal - Free Online Virus, Malware and URL Scanner timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:23:41 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name gateway.messenger.hotmail.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 6:23:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 5:59:38 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 35.69.17.209.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 1:25:35 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:21:34 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 102.199.117.74.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 4:47:01 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 78.171.221.67.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:37:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pcdoctorreviews.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/04/2011 12:32:09 AM
Type: Warning Category: 0
Event: 2512 Source: Server
The server service was unable to change the domain name from WORKGROUP to WORKGROUP.

 

[Jacee]

Okay, found a badie ... BACKDOOR.Trojan
C:\Users\J. Murray\AppData\Roaming\Microsoft\Windows Media\12.0\wmpacm.exe

VirusTotal - Free Online Virus, Malware and URL Scanner

Warning! Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately (using a known clean computer, not the infected one!) to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security | DSLReports.com, ISP Information
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security | DSLReports.com, ISP Information

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.
If you decide to reformat, you should still download the protection on the newly formatted PC, or else you will have a high chance of reinfection.

 

[JMurr]

Should I re format and re install?