Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: rebooting and blue screening

  1. #21
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    yes I uninstalled MSSE and installed avast when you first told me to. MSSE does not show up in my "Add/Remove Programs" screen nor can I find any forders or services running.

    the machine still dies and reboots upon the same actions mentioned before (activating the "Space" screensaver, scrolling on the PC Check Utility Screen...)

  2. #22
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi fscali:

    Let's remove the leftover.

    1. ComboFix - CFScript
    WARNING !
    This script is for THIS user and computer ONLY!
    Using this tool incorrectly could damage your Operating System... preventing it from starting again!


    You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

    1. Please open Notepad and copy/paste all the text below... into the window:
      Code:
      KillAll::
      
      Driver::
      Lbd
      MBAMSwissArmy
      "Lavasoft Kernexplorer"
      "Lavasoft Ad-Aware Service"
      
      File::
      c:\windows\system32\drivers\mbamswissarmy.sys
      c:\windows\system32\DRIVERS\Lbd.sys
      
      Folder::
      "c:\documents and settings\fred\Application Data\Malwarebytes"
      "c:\documents and settings\All Users\Application Data\Malwarebytes"
      "c:\program files\Lavasoft"
    2. Save it to your desktop as CFScript.txt
    3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:



      This will cause ComboFix to run again.
      Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
      Do Not touch your computer when ComboFix is running!

      When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
    5. Please copy/paste the contents of log.txt... in your next reply.


    ** Enable your Antivirus and Firewall, before connecting to the Internet again! **



    In my opinion, better don't add any website in Trusted zone except your ISP.

    2. Fix HiJackThis Entries
    • Open HiJackThis
    • Click on do a system scan only
    • Place a checkmark next to these lines(if still present):

      O15 - Trusted Zone: *.aa.com
      O15 - Trusted Zone: http://www.ancestry.com
      O15 - Trusted Zone: *.army.mil
      O15 - Trusted Zone: *.dau.mil
      O15 - Trusted Zone: *.disa.mil
      O15 - Trusted Zone: http://www.dsw.com
      O15 - Trusted Zone: http://www.keysenergy.com
      O15 - Trusted Zone: http://www.mymonthlycycles.com
      O15 - Trusted Zone: *.navyfcu.org
      O15 - Trusted Zone: *.noaa.gov
      O15 - Trusted Zone: *.osd.mil
      O15 - Trusted Zone: *.southcom.mil
      O15 - Trusted Zone: *.ugov.gov
      O15 - Trusted Zone: *.usmc.mil
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) -
    • Close all windows except Hijackthis and click Fix Checked
    • Click Yes when prompted
    • Close HijackThis.



    3. ESET online scannner
    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Then click on Run ESET Online Scanner
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.




    4. Since your computer is still giving BSOD, can you kindly upload another new minidump file?

    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  3. #23
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    Log below. Looks like we got rid of the additional MBAM files but not the MSSE.
    Will run ESET next.

    ComboFix 12-07-14.01 - fred 07/15/2012 12:25:51.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1405 [GMT -4:00]
    Running from: c:\documents and settings\fred\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\fred\Desktop\cfscript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    FILE ::
    "c:\windows\system32\DRIVERS\Lbd.sys"
    "c:\windows\system32\drivers\mbamswissarmy.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Malwarebytes
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-08.txt
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-10.txt
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-11.txt
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-07-12.txt
    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    c:\documents and settings\fred\Application Data\Malwarebytes
    c:\documents and settings\fred\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-07-08 (16-51-55).txt
    c:\windows\system32\drivers\mbamswissarmy.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_LAVASOFT_AD-AWARE_SERVICE
    -------\Legacy_LAVASOFT_KERNEXPLORER
    -------\Legacy_LBD
    -------\Legacy_MBAMSWISSARMY
    -------\Service_Lavasoft Ad-Aware Service
    -------\Service_Lavasoft Kernexplorer
    -------\Service_Lbd
    -------\Service_MBAMSwissArmy
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-14 10:03 . 2012-07-14 10:03 -------- d-----w- c:\program files\Trend Micro
    2012-07-11 00:02 . 2012-07-11 00:02 -------- d-----w- c:\program files\CONEXANT
    2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\fred\Application Data\Dell
    2012-07-08 16:33 . 2012-07-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
    2012-07-08 16:32 . 2012-07-08 16:33 -------- d-----w- c:\program files\Dell Support Center
    2012-07-08 16:09 . 2012-07-08 16:09 -------- d-----w- c:\documents and settings\fred\Application Data\PCDr
    2012-07-07 13:09 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-07 13:09 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-07 13:09 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-07 13:09 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-07 13:09 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-07-07 13:09 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-07-07 13:09 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-07 13:09 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-07-07 13:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-07 13:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\program files\AVAST Software
    2012-07-07 13:08 . 2012-07-07 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-07-01 22:28 . 2012-07-01 22:28 -------- d-----w- c:\program files\CPUID
    2012-07-01 22:28 . 2011-09-21 14:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
    2012-07-01 15:25 . 2012-07-01 15:25 -------- d-----w- c:\program files\NirSoft
    2012-07-01 15:13 . 2012-07-01 15:14 -------- d-----w- c:\program files\Support Tools
    2012-06-30 18:07 . 2012-06-30 18:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
    2012-06-30 02:21 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-06-21 14:13 . 2012-06-21 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
    2012-06-21 12:32 . 2012-06-21 12:32 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 23:28 . 2012-04-06 18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-11 23:28 . 2011-05-30 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 21:35 . 2005-05-26 08:19 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19 . 2007-05-31 19:26 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2007-05-31 19:26 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2007-05-31 19:26 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2007-06-01 14:57 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2006-10-21 15:46 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:16 . 2005-08-16 08:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2005-08-16 08:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-07-01 21:36 . 2012-07-01 21:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-11_11.39.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-07-15 16:43 . 2012-07-15 16:43 16384 c:\windows\temp\Perflib_Perfdata_530.dat
    + 2012-07-13 05:21 . 2012-07-13 05:21 22016 c:\windows\Installer\172bc29.msi
    + 2012-07-11 23:28 . 2012-07-11 23:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
    + 2012-07-11 22:28 . 2012-07-11 22:28 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    + 2012-07-11 22:28 . 2012-07-11 22:28 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
    + 2012-04-06 18:40 . 2012-07-11 23:28 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    - 2012-04-06 18:40 . 2012-06-29 23:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    + 2012-07-11 23:28 . 2012-07-11 23:28 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
    "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
    "VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
    "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
    "HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
    "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2009-06-03 21:14 113152 ----a-w- c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2009-06-03 21:13 299520 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Documents and Settings\\fred\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [11/4/2006 5:47 PM 19478]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2012 9:09 AM 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2012 9:09 AM 353688]
    R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [11/4/2006 5:47 PM 634798]
    R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [11/4/2006 5:47 PM 430670]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 5:16 PM 207400]
    R2 acautoupdate;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [6/3/2009 5:16 PM 51240]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2012 9:09 AM 21256]
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 4:18 AM 14336]
    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
    S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [11/4/2006 5:47 PM 64093]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 2:40 PM 250056]
    S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2/11/2009 9:17 PM 45696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2009 8:07 AM 133104]
    S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [1/6/2012 12:47 PM 33792]
    S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [4/24/2010 9:31 AM 14336]
    S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [4/24/2010 9:31 AM 13312]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/1/2012 5:36 PM 129976]
    S3 Normandy;Normandy SR2; [x]
    S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [1/1/2011 7:11 PM 21648]
    S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 2:51 PM 21744]
    S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 5:04 AM 181875]
    S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 5:24 AM 64088]
    S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [11/7/2006 4:35 AM 59776]
    S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [11/9/2006 10:14 AM 23040]
    S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [11/9/2006 10:14 AM 76800]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:28]
    .
    2012-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-07-15 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-07 16:21]
    .
    2012-07-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-01 02:46]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 12:06]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006Core.job
    - c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1664530028-17251024-895595264-1006UA.job
    - c:\documents and settings\fred\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-18 20:23]
    .
    2012-07-15 c:\windows\Tasks\HP Usg Daily.job
    - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-09-26 04:55]
    .
    2012-07-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 02:12]
    .
    2012-06-19 c:\windows\Tasks\scali incremental.job
    - c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
    .
    2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-10-20 19:31]
    .
    2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-02-13 19:31]
    .
    2012-07-15 c:\windows\Tasks\User_Feed_Synchronization-{260475ED-8C3E-4671-A806-0E5FA98D893F}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: aa.com
    Trusted Zone: ancestry.com\www
    Trusted Zone: army.mil
    Trusted Zone: citimortgage.com\www
    Trusted Zone: dau.mil
    Trusted Zone: disa.mil
    Trusted Zone: dsw.com\www
    Trusted Zone: google.com\mail
    Trusted Zone: keysenergy.com\www
    Trusted Zone: mymonthlycycles.com\www
    Trusted Zone: navyfcu.org
    Trusted Zone: noaa.gov
    Trusted Zone: osd.mil
    Trusted Zone: paypal.com\www
    Trusted Zone: southcom.mil
    Trusted Zone: southcom.mil\owa.jiatfs
    Trusted Zone: ugov.gov
    Trusted Zone: usmc.mil
    TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    FF - ProfilePath - c:\documents and settings\fred\Application Data\Mozilla\Firefox\Profiles\lu62k214.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-15 12:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(884)
    c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
    c:\program files\ActivIdentity\ActivClient\aclog.dll
    c:\program files\ActivIdentity\ActivClient\accrypto.dll
    c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
    c:\program files\ActivIdentity\ActivClient\acevtsub.dll
    c:\program files\ActivIdentity\ActivClient\asphat32.dll
    c:\program files\ActivIdentity\ActivClient\acerrmes.dll
    c:\program files\ActivIdentity\ActivClient\aiwinext.dll
    c:\program files\ActivIdentity\ActivClient\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\program files\ActivIdentity\ActivClient\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\aicext.dll
    c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll
    .
    - - - - - - - > 'explorer.exe'(5040)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\dllhost.exe
    c:\windows\stsystra.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Brother\ControlCenter3\brccMCtl.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-15 12:52:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-15 16:51
    ComboFix2.txt 2012-07-14 10:25
    ComboFix3.txt 2012-07-11 11:45
    .
    Pre-Run: 43,810,926,592 bytes free
    Post-Run: 43,780,136,960 bytes free
    .
    - - End Of File - - 9840933087256F4E2AD8B77AEE8439AA

  4. #24
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    Here's my ESET log. Nothing found. Combofix log is in the next post.
    I am not getting BSODs anymore. When it crashes it just reboots immediately.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=9a594ec0afa3b94f80442e8747082d1d
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-07-15 09:12:28
    # local_time=2012-07-15 05:12:28 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=136413
    # found=0
    # cleaned=0
    # scan_time=5186

  5. #25
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    torreattack,
    a little more info on the crash/reboot: I'm not getting the BSOD, it just does an immediate power off reboot. it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
    two other posts below.
    thanks,
    Fred

  6. #26
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi fscali:

    avast is now the only a/v program. the CF log still makes reference to MSSE but that has been uninstalled along w/ malwarebytes.
    Sorry for the misunderstanding. I though you mean you had uninstall MSE and MBAM. You may reinstall MBAM back if you want to.


    I am not getting BSODs anymore. When it crashes it just reboots immediately.
    Glad to hear the BSOD problem solved. As for the reboot problem, I don't think it is caused by malware. Your logs look ok to me.


    I will try my luck to deal with the reboot problem with the following method, if still fail to solve, I had no choice but sent you to other expert. Sorry.

    1. Do you have a Genuine XP CD-ROM and if so does it it include a Service Pack and if so which one?


    2. System File Check:
    You must login as administrator to perform this.

    Close all open applications/windows etc.
    • Click on Start >> Run...
    • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
    • Click on OK
    • System File Checker will now scan all protected files to verify their versions.




    3. Farbar Service Scanner (FSS)
    Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
    1. Double click FSS.exe to run it on the computer with the issue.
    2. Make sure the following options are checked:
      • Internet Services (checked by default)
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    3. Press the "Scan" button.
      When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
    4. Please copy and paste the contents of the FSS.txt log to your reply.
      Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.



    4. VEW - Vino's Event Viewer
    Please download VEW.exe... by Vino Rosso. Save it to your desktop.
    1. Double click on VEW.exe to start the program. If you recieve an "Open File" security warning, press Run.
    2. In the "Select log to query" section check:
      • Application
      • System
    3. In the "Select type to list" section check:
      • Error
      • Information
      • Warning
    4. In the "Number or dates of events" section check :
      • Number of events... then enter 20 in the entry box.
    5. Press the Run button.
      When the process completes, it only takes a few seconds...
    6. Notepad will open with a report file named: VEW.txt... located on %SystemDrive%\VEW.txt ... usually C:\VEW.txt.
    7. Please copy and paste the contents of the VEW.txt file, in your next reply.


    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  7. #27
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    torreattack
    no need to appologize. I appreciate the time you are taking to assist!

    1. I have the Dell reinstallation disc for XP but...
    2. When I run the SFC it askes specifically for the SP3 disc and I guess the one I have is not the right one so I can not complete the SFC.

    3. and 4. the FSS and VEW logs are below:

    Farbar Service Scanner Version: 08-07-2012
    Ran by fred (administrator) on 16-07-2012 at 20:21:42
    Running from "C:\Documents and Settings\fred\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Demand. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(8)
    0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****







    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 16/07/2012 8:24:10 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 16/07/2012 8:23:20 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:23:04 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:21:16 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:17:51 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:17:16 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:16:02 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:13:03 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 8:09:22 PM
    Type: error Category: 0
    Event: 1001 Source: Application Hang
    Fault bucket 734037209.

    Log: 'Application' Date/Time: 16/07/2012 8:09:18 PM
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 16/07/2012 8:08:20 PM
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 16/07/2012 8:07:19 PM
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 16/07/2012 7:49:35 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 16/07/2012 6:09:52 AM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 9:23:27 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 8:38:51 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 8:18:58 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 8:12:38 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 8:11:08 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 8:07:29 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    Log: 'Application' Date/Time: 15/07/2012 5:22:25 PM
    Type: error Category: 3
    Event: 3083 Source: Windows Search Service
    The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: Class not registered .


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - information Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 16/07/2012 8:13:08 PM
    Type: information Category: 0
    Event: 0 Source: gusvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:56 PM
    Type: information Category: 3
    Event: 3044 Source: Windows Search Service
    The gatherer index resumed.

    Context: Application, SystemIndex Catalog


    Log: 'Application' Date/Time: 16/07/2012 8:12:53 PM
    Type: information Category: 0
    Event: 0 Source: iPod Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:25 PM
    Type: information Category: 1
    Event: 1003 Source: Windows Search Service
    The Windows Search Service started.


    Log: 'Application' Date/Time: 16/07/2012 8:12:17 PM
    Type: information Category: 3
    Event: 302 Source: ESENT
    Windows (3252) Windows: The database engine has successfully completed recovery steps.

    Log: 'Application' Date/Time: 16/07/2012 8:12:16 PM
    Type: information Category: 3
    Event: 301 Source: ESENT
    Windows (3252) Windows: The database engine has begun replaying logfile C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log.

    Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
    Type: information Category: 3
    Event: 300 Source: ESENT
    Windows (3252) Windows: The database engine is initiating recovery steps.

    Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
    Type: information Category: 1
    Event: 102 Source: ESENT
    Windows (3252) Windows: The database engine started a new instance (0).

    Log: 'Application' Date/Time: 16/07/2012 8:12:15 PM
    Type: information Category: 1
    Event: 100 Source: ESENT
    SearchIndexer (3252) The database engine 5.01.2600.5512 started.

    Log: 'Application' Date/Time: 16/07/2012 8:12:14 PM
    Type: information Category: 0
    Event: 1800 Source: SecurityCenter
    The Windows Security Center Service has started.

    Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
    Type: information Category: 0
    Event: 0 Source: MSCamSvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
    Type: information Category: 0
    Event: 0 Source: MSCamSvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
    Type: information Category: 0
    Event: 0 Source: MSCamSvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
    Type: information Category: 0
    Event: 0 Source: gupdate
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
    Type: information Category: 0
    Event: 0 Source: gusvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
    Type: information Category: 0
    Event: 100 Source: Bonjour Service
    Service started


    Log: 'Application' Date/Time: 16/07/2012 8:12:08 PM
    Type: information Category: 0
    Event: 100 Source: Bonjour Service
    Service initialized

    Log: 'Application' Date/Time: 16/07/2012 8:12:07 PM
    Type: information Category: 0
    Event: 100 Source: Bonjour Service
    Service initializing

    Log: 'Application' Date/Time: 16/07/2012 7:50:14 PM
    Type: information Category: 0
    Event: 0 Source: gusvc
    The event description cannot be found.

    Log: 'Application' Date/Time: 16/07/2012 7:49:15 PM
    Type: information Category: 0
    Event: 0 Source: gupdatem
    The event description cannot be found.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 16/07/2012 8:12:12 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 15/07/2012 8:10:17 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 15/07/2012 5:21:37 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 15/07/2012 12:43:24 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 15/07/2012 12:41:54 PM
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 15/07/2012 12:39:32 PM
    Type: warning Category: 0
    Event: 1524 Source: Userenv
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Log: 'Application' Date/Time: 14/07/2012 6:49:47 AM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 14/07/2012 6:18:47 AM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 14/07/2012 6:17:21 AM
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user E520\fred registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 14/07/2012 6:15:33 AM
    Type: warning Category: 0
    Event: 1524 Source: Userenv
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Log: 'Application' Date/Time: 12/07/2012 7:38:04 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 12/07/2012 6:24:54 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 12/07/2012 6:21:38 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 12/07/2012 5:46:58 AM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/07/2012 6:21:37 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 11/07/2012 5:42:54 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
    Type: warning Category: 1
    Event: 32068 Source: Microsoft Fax
    The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

    Log: 'Application' Date/Time: 10/07/2012 8:01:35 PM
    Type: warning Category: 1
    Event: 32026 Source: Microsoft Fax
    Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

    Log: 'Application' Date/Time: 10/07/2012 8:01:22 PM
    Type: warning Category: 0
    Event: 0 Source: LeapFrog Connect Device Service
    The event description cannot be found.

    Log: 'Application' Date/Time: 10/07/2012 7:18:31 PM
    Type: warning Category: 1
    Event: 32068 Source: Microsoft Fax
    The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 16/07/2012 8:04:33 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:04:26 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:04:19 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:04:12 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:04:05 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:58 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:51 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:44 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:38 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:30 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:23 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:16 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:09 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:03:02 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:55 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:48 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:41 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:34 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:27 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    Log: 'System' Date/Time: 16/07/2012 8:02:20 PM
    Type: error Category: 0
    Event: 11 Source: Cdrom
    The driver detected a controller error on \Device\CdRom0.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - information Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 16/07/2012 8:20:50 PM
    Type: information Category: 0
    Event: 64018 Source: Windows File Protection
    Windows File Protection file scan was cancelled by user interaction, user name is fred.

    Log: 'System' Date/Time: 16/07/2012 8:20:49 PM
    Type: information Category: 0
    Event: 64021 Source: Windows File Protection
    The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

    Log: 'System' Date/Time: 16/07/2012 8:20:45 PM
    Type: information Category: 0
    Event: 64021 Source: Windows File Protection
    The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

    Log: 'System' Date/Time: 16/07/2012 8:20:30 PM
    Type: information Category: 0
    Event: 64021 Source: Windows File Protection
    The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

    Log: 'System' Date/Time: 16/07/2012 8:19:23 PM
    Type: information Category: 0
    Event: 26 Source: Application Popup
    Application popup: Windows File Protection : Possible reasons for this problem:
    You have inserted the wrong CD. (i.e., a different Windows product CD than the version installed)
    The CD-ROM drive in your system is not functioning.

    Log: 'System' Date/Time: 16/07/2012 8:19:19 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the stopped state.

    Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the running state.

    Log: 'System' Date/Time: 16/07/2012 8:19:13 PM
    Type: information Category: 0
    Event: 7035 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Log: 'System' Date/Time: 16/07/2012 8:19:08 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the stopped state.

    Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the running state.

    Log: 'System' Date/Time: 16/07/2012 8:19:02 PM
    Type: information Category: 0
    Event: 7035 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Log: 'System' Date/Time: 16/07/2012 8:16:38 PM
    Type: information Category: 0
    Event: 64016 Source: Windows File Protection
    Windows File Protection file scan was started.

    Log: 'System' Date/Time: 16/07/2012 8:14:49 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the stopped state.

    Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the running state.

    Log: 'System' Date/Time: 16/07/2012 8:14:43 PM
    Type: information Category: 0
    Event: 7035 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Log: 'System' Date/Time: 16/07/2012 8:14:15 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the stopped state.

    Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the running state.

    Log: 'System' Date/Time: 16/07/2012 8:14:09 PM
    Type: information Category: 0
    Event: 7035 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service was successfully sent a start control.

    Log: 'System' Date/Time: 16/07/2012 8:13:48 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the stopped state.

    Log: 'System' Date/Time: 16/07/2012 8:13:41 PM
    Type: information Category: 0
    Event: 7036 Source: Service Control Manager
    The IMAPI CD-Burning COM Service service entered the running state.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 16/07/2012 8:04:40 PM
    Type: warning Category: 0
    Event: 51 Source: Cdrom
    An error was detected on device \Device\CdRom0 during a paging operation.

    Log: 'System' Date/Time: 16/07/2012 9:49:48 AM
    Type: warning Category: 0
    Event: 36 Source: W32Time
    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

    Log: 'System' Date/Time: 16/07/2012 6:09:34 AM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 15/07/2012 9:24:41 PM
    Type: warning Category: 0
    Event: 8021 Source: BROWSER
    The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

    Log: 'System' Date/Time: 15/07/2012 8:33:24 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 15/07/2012 8:01:05 AM
    Type: warning Category: 0
    Event: 36 Source: W32Time
    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

    Log: 'System' Date/Time: 14/07/2012 9:45:00 AM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 13/07/2012 10:29:26 AM
    Type: warning Category: 0
    Event: 36 Source: W32Time
    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

    Log: 'System' Date/Time: 12/07/2012 8:48:25 PM
    Type: warning Category: 0
    Event: 27 Source: e1express
    Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

    Log: 'System' Date/Time: 12/07/2012 7:37:49 PM
    Type: warning Category: 0
    Event: 1003 Source: Dhcp
    Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001676CC95FC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

    Log: 'System' Date/Time: 12/07/2012 6:42:44 AM
    Type: warning Category: 0
    Event: 27 Source: e1express
    Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

    Log: 'System' Date/Time: 11/07/2012 8:29:24 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 11/07/2012 6:14:48 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 10/07/2012 9:35:42 PM
    Type: warning Category: 0
    Event: 27 Source: e1express
    Intel(R) 82562V 10/100 Network Connection Link has been disconnected.

    Log: 'System' Date/Time: 10/07/2012 8:28:59 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 10/07/2012 7:21:28 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 10/07/2012 6:45:15 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 08/07/2012 8:07:18 PM
    Type: warning Category: 0
    Event: 8021 Source: BROWSER
    The browser was unable to retrieve a list of servers from the browser master \\COLLEEN-HP on the network \Device\NetBT_Tcpip_{1D552F1E-7985-4C8B-9234-A52B004D3A93}. The data is the error code.

    Log: 'System' Date/Time: 08/07/2012 7:59:21 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 08/07/2012 7:05:57 PM
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

  8. #28
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi fscali:

    It is hard to tell what cause the reboot, I only can give you the Trial and Error game.

    Based on your log, these are some software /application that created some warning or error in your computer.
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Windows Live OneCare safety scanner
    Windows Search 4.0
    Let's remove them and observe whether the situation improve. If not, you may reinstall them.


    1. Remove Programs
    • Click Start > Control Panel > Add/Remove Programs
    • Remove these programs by clicking Remove:
      Google Earth
      Google Talk Plugin
      Google Toolbar for Internet Explorer
      Google Update Helper
      Google Updater
      Windows Live OneCare safety scanner
      Windows Search 4.0

    Take extra care in answering questions posed by any Uninstaller.


    2. Reinstall Adobe Reader
    • You should Download and Install the newest version of Adobe Reader for reading pdf files.
    • Older versions may have vulnerabilities that malware can use to infect your system.
    • Go Here to download and install Adobe Reader.
    • Note: remember to Uncheck any extra software downloads you may be offered (optional)



    3. Can you try to check whether the computer is still rebooting when it is disconnect from you local area network or offline?

    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

  9. #29
    Junior Member
    Join Date
    Aug 2010
    Posts
    27

    Default

    No luck yet:
    1. Removed all but Google Update Helper because it was not listed in the Add/Remove Programs window.
    2. Installed Adobe Reader X
    3. Reboot happens w/ network cable disconnected.

  10. #30
    Senior Member
    Join Date
    Jun 2012
    Location
    Malaysia
    Posts
    121

    Default

    Hi fscali :

    it is different than a soft reboot because the power indicator light goes completely out for about a half second as the machine completely powers off.
    Sound like a hardware problem, I suggest you start with Memory Test.


    Not a Malware Issue
    Your problem does not appear to be "malware" related. The Malware Removal forum deals with removing malware.
    Since I am not train to deal with hardware problem and had run out of idea, I am sorry but I had no choice, I have to forward you to other expert. Sorry for wasting a lot of your valuable time.

    I suggest you try a PC troubleshooting forum. Links for some are provided below.
    These sites have a variety of experts, that are better equipped to investigate and resolve these kinds of issues.
    Registration is free, it only takes a few minutes.
    Malwaremoval forum
    The Elder Geek on Windows
    BleepingComputer.com
    WhattheTech...formerly TomCoyote

    If you have any questions or require additional malware help, please let me know.

    =========================================================================================

    Let's do some housekeeping before you leave.

    Time for some housekeeping
    • Click on Start >> Run...
    • Now type in ComboFix /Uninstall into the box and click OK.
    • Note the space between the X and the /Uninstall, it needs to be there.

    The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


    Next

    Clean up with OTL
    • Double click OTL.exe to run it.
    • This tool will remove all the tools we used to clean your pc.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CleanUp! button
    • Say Yes to the prompt and then allow the program to reboot your computer.



    You can now delete any tools we used if they remain on your Desktop.


    Re-enable Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.



    Now we needed to deal with security vulnerabilities

    Your Mozilla Firefox is outdated
    • In the Firefox browser click Help > Check for updates to install the latest version.




    Here are some free programs I recommend that could help you improve your computer's security.

    WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.

    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
    For more information, please visit HERE


    MVPS Hosts
    MVPS Hosts File From Here
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can Find the Tutorial HERE


    Update your programs regularly
    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check


    Read - stay informed.
    To help minimize the chances of becoming re-infected, please read.
    Computer Security - a short guide to staying safer online

    If your computer is running slowly after your clean up, please read.
    What to do if your Computer is running slowly


    I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Happy surfing!


    thanks,
    torreattack
    Graduate of Malware Removal University, - You too could train to help others

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •