-
ComboFix log
Combofix.log
ComboFix 11-01-31.02 - Sanjana 02/03/2011 22:55:11.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2301 [GMT -5:00]
Running from: c:\users\Sanjana\Desktop\Gentleman.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\chrome\content\overlay.xul
c:\users\Sanjana\AppData\Local\{53DB150E-4600-44D5-9952-E9C8A98CD7FE}\install.rdf
c:\users\Sanjana\AppData\Local\ayetaciw.dll
c:\users\Sanjana\AppData\Roaming\Local
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\aihwspzctzzz.avi.ddr
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aihwspzctzzz.avi.ddp
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xasttl.mp4
c:\users\Sanjana\AppData\Roaming\Local\Temp\DDM\Settings\xasttl.mp4.ddr
.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-04 04:03 . 2011-02-04 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 03:49 . 2011-02-04 03:49 -------- d-----w- C:\32788R22FWJFW
2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504
2011-01-07 02:58 . 2011-01-11 05:05 -------- d-----w- c:\users\Sanjana\AppData\Roaming\ImgBurn
2011-01-07 02:37 . 2011-01-07 02:37 -------- d-----w- c:\program files\ImgBurn
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 03:45 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-10 04:33 . 2010-12-23 03:50 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5843D9DB-F9CD-4AA8-80A8-334D84F11667}\mpengine.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]
c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-02 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2352)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\java.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2011-02-03 23:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-04 04:10
ComboFix2.txt 2010-09-25 05:31
Pre-Run: 137,791,590,400 bytes free
Post-Run: 137,188,327,424 bytes free
- - End Of File - - 1700EFA665FBB49FEDF0E80AA9014754
-
Hi sanjupan,
Please follow these steps:
Step 1 | Please download mbr.exe from one of the following mirrors and save it to your desktop:
This is THE Mirror
--------------------------------------------------------------------
- Double click on mbr.exe to run it (Vista/Windows 7 users double click the file and choose "Run as administrator").
- Please open the file mbr.log and post it's contents in your next reply. You will find this file in the same location as mbr.exe (probably in your desktop)
Step 2 | Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
--------------------------------------------------------------------
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:
:dir
c:\users\Sanjana\hob /s
c:\programdata\eAeLb06504 /s
:contents
c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Step 3 | ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
Code:
DDS::
uInternet Settings,ProxyOverride = *.local
- Save it to your desktop as CFScript.txt
- Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
- Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
http://i526.photobucket.com/albums/c...ScriptDrag.gif
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt". - Please copy/paste the contents of log.txt... in your next reply.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **
-
MBR Log
MBR Log
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
SystemLook look
SystemLook 04.09.10 by jpshortstuff
Log created at 17:30 on 06/02/2011 by Sanjana
Administrator - Elevation successful
========== dir ==========
c:\users\Sanjana\hob - Parameters: "/s"
---Files---
None found.
c:\users\Sanjana\hob\jwt d------ [16:28 27/01/2011]
c:\users\Sanjana\hob\jwt\.jwscache d------ [16:28 27/01/2011]
c:\users\Sanjana\hob\jwt\.jwscache\lib d------ [16:28 27/01/2011]
rel91.gif --a---- 144 bytes [16:28 27/01/2011] [16:28 27/01/2011]
c:\programdata\eAeLb06504 - Parameters: "/s"
---Files---
eAeLb06504 --a---- 94 bytes [05:49 23/01/2011] [05:58 23/01/2011]
No folders found.
========== contents ==========
c:\users\Sanjana\AppData\Local\WavXMapDrive.bat - Opened succesfully.
-= EOF =-
-
Combofix log
Combofix log
ComboFix 11-02-05.01 - Sanjana 02/06/2011 17:54:24.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2467 [GMT -5:00]
Running from: c:\users\Sanjana\Desktop\Gentleman.exe
Command switches used :: c:\users\Sanjana\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-06 08:00 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-06 08:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-04 12:19 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADC27CD4-2D32-4C2E-A9B0-49785918A33D}\mpengine.dll
2011-02-04 12:19 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-02-04 12:19 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 12:19 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-04 04:10 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2011-02-04 03:54 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-01-27 16:28 . 2011-01-27 16:28 -------- d-----w- c:\users\Sanjana\hob
2011-01-23 07:23 . 2011-01-23 07:23 -------- d-----w- c:\windows\Sun
2011-01-23 05:51 . 2011-01-30 11:09 0 ----a-w- c:\users\Sanjana\AppData\Local\Vpumebirit.bin
2011-01-23 05:49 . 2011-01-30 11:47 -------- d-----w- c:\programdata\eAeLb06504
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 22:23 . 2010-02-05 01:18 0 ----a-w- c:\users\Sanjana\AppData\Local\WavXMapDrive.bat
2011-02-02 22:11 . 2010-02-05 02:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2010-01-31 55072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-29 274608]
c:\users\Sanjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Google Update"="c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-31 29472]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1343400]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-15 1803512]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 293968]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-07-16 382752]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
Contents of the 'Scheduled Tasks' folder
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 05:04]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000Core.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1208262141-4149667152-2894938055-1000UA.job
- c:\users\Sanjana\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28 01:25]
2011-02-06 c:\windows\Tasks\Norton Security Scan for Sanjana.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-28 14:06]
2011-02-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1208262141-4149667152-2894938055-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
FF - ProfilePath - c:\users\Sanjana\AppData\Roaming\Mozilla\Firefox\Profiles\lps6crmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7f,af,35,60,0d,ba,19,77,58,09,13,4d,26,61,d8,9a,e5,f8,6d,09,79,
c0,32,d9,a3,ec,dd,34,40,6d,92,49,27,d7,b2,7f,00,8d,82,32,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1208262141-4149667152-2894938055-1000_Classes\CLSID\{7a41ce08-36ed-4270-8a34-880f76d8acda}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8a,df,a8,03,3f,97,a3,12,d7,99,f3,3a,88,2b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4180)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-02-06 18:01:34
ComboFix-quarantined-files.txt 2011-02-06 23:01
ComboFix2.txt 2011-02-04 04:10
ComboFix3.txt 2010-09-25 05:31
Pre-Run: 138,927,542,272 bytes free
Post-Run: 138,919,854,080 bytes free
- - End Of File - - 25AB5F66568FB2EB50F4C27022988B68
-
Hi there,
The logs look much better. How's your machine running now?
Please follow these steps:
Step 1 | Please open and post the contents of the file Attach.txt. You will find this file in the same locations as DDS, probably in your desktop.
Step 2 | Please go here: http://virusscan.jotti.org /
- When the jotti page has finished loading, click the "Browse" button and navigate to the following files and click Submit:
- c:\users\Sanjana\hob\jwt\.jwscache\lib\rel91.gif
- c:\programdata\eAeLb06504\eAeLb06504
- Copy the results and paste them here
- Note: You will not be able to upload and scan all files at once. You will have to submit and scan each file separately.
Step 3 | Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Step 4 | Let's perform an ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go here then click on: http://i280.photobucket.com/albums/k...bum2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/k...bum2/EOLS2.gif
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on: http://i280.photobucket.com/albums/k...bum2/EOLS3.gif
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on: http://i280.photobucket.com/albums/k...bum2/EOLS4.gif (Selecting Uninstall application on close if you so wish)
-
I dont see the file Attach.txt for last time on desktop.
The one I see is for 30 Jan on my local folder. Do I need to run DDS or anything to get it?
-
Hi there,
No need to rerun DDS. That one from 30 January would be fine, please post it's contents. After that, proceed with the rest of the procedure.
-
-
Step1
-------
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2010 8:17:46 PM
System Uptime: 1/30/2011 6:48:31 AM (1 hours ago)
Motherboard: Dell Inc. | | 0DW634
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2509/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 218 GiB total, 125.579 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP92: 11/28/2010 7:04:24 PM - Windows Backup
RP93: 12/5/2010 7:00:18 PM - Windows Backup
RP94: 12/12/2010 7:00:19 PM - Windows Backup
RP95: 12/19/2010 7:01:53 PM - Windows Backup
RP96: 12/22/2010 10:49:55 PM - Windows Update
RP97: 12/27/2010 12:48:29 AM - Windows Backup
RP98: 1/9/2011 7:34:51 PM - Windows Backup
RP99: 1/16/2011 7:10:33 PM - Windows Backup
RP100: 1/24/2011 7:31:44 AM - Scheduled Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
Aventail Access Manager
Aventail Web Proxy Agent
Aventail Webifiers
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Citrix Presentation Server Web Client for Win32
Confidence Online(tm) for Web Applications
Crystal Reports for Visual Studio
DCP32MMWrapper
Definition update for Microsoft Office 2010 (KB982726)
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Document Manager Lite
Dotfuscator Software Services - Community Edition
EMBASSY Security Center
EMBASSY Security Setup
ERUNT 1.1j
ESC Home Page Plugin
Gemalto
Google Chrome
Google Talk Plugin
Google Update Helper
HxD Hex Editor version 1.7.7.0
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Mozilla Firefox (3.6.3)
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NTRU TCG Software Stack
PowerDVD DX
Preboot Manager
Private Information Manager
Pure Networks Platform
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Security Wizards
Service Pack 1 for SQL Server 2008 (KB968369)
SO32MMWrapper
Sony USB Driver
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Trusted Drive Manager
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
UPEK TouchChip Fingerprint Reader
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VirtualCloneDrive
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.4
Vuze
Wave Infrastructure Installer
Wave Support Software
Web Deployment Tool
WebEx
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Winamp Remote
Windows 7 Upgrade Advisor
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:03:38 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
1/30/2011 7:02:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 7:01:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/30/2011 6:49:22 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
1/30/2011 6:41:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/30/2011 6:38:48 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/30/2011 6:38:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/30/2011 6:38:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/30/2011 6:38:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/30/2011 6:38:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/30/2011 6:38:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:38:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/30/2011 6:25:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xc00102e8, 0x00000002, 0x00000000, 0x8367645d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013011-28626-01.
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
1/30/2011 6:11:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 6:54:30 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/29/2011 5:08:28 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/29/2011 5:08:26 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
1/29/2011 10:14:17 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
1/29/2011 10:14:17 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 8:29:06 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
1/27/2011 7:16:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/27/2011 7:14:09 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/27/2011 2:03:07 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
1/27/2011 11:32:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
1/27/2011 11:32:45 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:32:15 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
1/27/2011 11:32:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:30:25 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/27/2011 11:29:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
1/27/2011 11:29:55 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2011 9:31:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00009087 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21247-01.
1/25/2011 9:22:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x83647e85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-21309-01.
1/25/2011 9:18:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8364ee85). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23571-01.
1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s).
1/25/2011 12:12:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
1/25/2011 11:06:06 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00-1D-BC-16-DC-FF. Network operations on this system may be disrupted as a result.
1/25/2011 11:06:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/25/2011 10:17:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x8fdb2a0b, 0x00000002, 0x00000001, 0x836281da). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012511-23353-01.
1/24/2011 1:28:26 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
1/23/2011 2:50:59 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
1/23/2011 2:02:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
1/23/2011 1:04:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x820d62f1, 0x8c81ba60, 0x8c81b640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-21434-01.
1/23/2011 1:01:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82cfb2f1, 0x8e51fa60, 0x8e51f640). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012311-25771-01.
==== End Of File ===========================
------------------------------------------------------
Step2
-------
Filename: rel91.gif
http://virusscan.jotti.org/en/scanre...9c232e54ebea54
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-15 Found nothing 2011-02-13 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing
=============
Filename: eAeLb06504
http://virusscan.jotti.org/en/scanre...411649e108dd61
2011-02-10 Found nothing 2011-02-15 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing 2011-02-15 Found nothing
2011-02-15 Found nothing 2011-02-13 Found nothing
2011-02-14 Found nothing 2011-02-14 Found nothing
2011-02-14 Found nothing