Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem removing Tidserv.Activity.2


  • Please log in to reply

#121
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Here is the junk.txt

Attached Files

  • Attached File  junk.txt   107.81KB   101 downloads

  • 0

Advertisements


#122
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Going to have to feed and walk the dog plus this is taking a while to wade through. Probably be an hour or so before I get back to you.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

See if you can get this to work
Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Ron
  • 0

#123
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Not a problem. Will work through what you sent in the meantime.
  • 0

#124
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Process Explorer

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.85 0 K 24 K
procexp64.exe 6408 2.31 24,160 K 36,648 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs
VCsystray.exe 5256 0.77 45,184 K 30,828 K VAIO Care Sony Electronics, Inc.
System 4 0.77 0 K 3,968 K
iexplore.exe 7144 0.77 24,948 K 49,940 K Internet Explorer Microsoft Corporation
firefox.exe 1276 < 0.01 49,552 K 63,732 K Firefox Mozilla Corporation
dwm.exe 2568 < 0.01 102,488 K 105,996 K Desktop Window Manager Microsoft Corporation
explorer.exe 2712 < 0.01 35,972 K 56,048 K Windows Explorer Microsoft Corporation
SynTPEnh.exe 2888 < 0.01 4,712 K 11,504 K Synaptics TouchPad Enhancements Synaptics, Inc.
svchost.exe 996 < 0.01 4,796 K 8,548 K Host Process for Windows Services Microsoft Corporation
iexplore.exe 5388 < 0.01 134,756 K 151,420 K Internet Explorer Microsoft Corporation
AvastUI.exe 2924 < 0.01 6,292 K 5,032 K avast! Antivirus AVAST Software
wmpnetwk.exe 5152 < 0.01 19,252 K 25,692 K Windows Media Player Network Sharing Service Microsoft Corporation
SearchProtocolHost.exe 7116 < 0.01 8,564 K 13,516 K Microsoft Windows Search Protocol Host Microsoft Corporation
iPodService.exe 5544 < 0.01 4,548 K 7,520 K iPodService Module (64-bit) Apple Inc.
iexplore.exe 3060 < 0.01 151,580 K 164,868 K Internet Explorer Microsoft Corporation
QBCFMonitorService.exe 3720 < 0.01 24,696 K 16,812 K QuickBooks Company File Monitoring Service Intuit
psqltray.exe 2596 < 0.01 15,044 K 24,752 K Fingerprint Tray Application UPEK Inc.
csrss.exe 796 < 0.01 4,508 K 10,592 K Client Server Runtime Process Microsoft Corporation
SearchIndexer.exe 4768 < 0.01 114,864 K 86,692 K Microsoft Windows Search Indexer Microsoft Corporation
AvastSvc.exe 1548 < 0.01 20,836 K 40,336 K avast! Service AVAST Software
lsass.exe 840 < 0.01 5,232 K 4,944 K Local Security Authority Process Microsoft Corporation
wlanext.exe 1668 < 0.01 8,156 K 12,848 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
ezprint.exe 1968 < 0.01 8,664 K 14,088 K
sidebar.exe 3300 < 0.01 12,612 K 26,668 K Windows Sidebar Microsoft Corporation
VMpTtray.exe 2260 < 0.01 2,404 K 7,656 K VMpTtray Sony Corporation
services.exe 828 < 0.01 4,072 K 7,448 K Services and Controller app Microsoft Corporation
BTTray.exe 956 < 0.01 8,132 K 13,228 K Bluetooth Tray Application Broadcom Corporation.
csrss.exe 732 < 0.01 3,176 K 7,624 K Client Server Runtime Process Microsoft Corporation
iexplore.exe 3880 < 0.01 89,392 K 105,084 K Internet Explorer Microsoft Corporation
taskeng.exe 2548 < 0.01 12,112 K 14,068 K Task Scheduler Engine Microsoft Corporation
upeksvr.exe 1624 < 0.01 14,656 K 16,336 K Fingerprint Server Process for Vista UPEK Inc.
svchost.exe 2008 < 0.01 18,284 K 21,224 K Host Process for Windows Services Microsoft Corporation
lsm.exe 848 < 0.01 4,292 K 6,984 K Local Session Manager Service Microsoft Corporation
svchost.exe 12 < 0.01 157,628 K 160,248 K Host Process for Windows Services Microsoft Corporation
AutoLaunchWLASU.exe 3064 < 0.01 16,012 K 15,252 K AutoLaunchWLASU Sony Electronics, Inc.
VESMgrSub.exe 5004 < 0.01 8,016 K 12,200 K VAIO Event Service(Service Sub Module) Sony Corporation
rundll32.exe 1524 < 0.01 4,484 K 7,032 K Windows host process (Rundll32) Microsoft Corporation
BTStackServer.exe 4428 < 0.01 27,196 K 16,236 K Bluetooth Stack COM Server Broadcom Corporation.
XAudio64.exe 4896 < 0.01 1,940 K 3,604 K Modem Audio Service Conexant Systems, Inc.
VcmIAlzMgr.exe 4548 < 0.01 9,292 K 11,116 K VCM Intelligent Analyzing Manager Sony Corporation
VzCdbSvc.exe 4572 < 0.01 15,172 K 15,544 K VAIO Entertainment Database Service Sony Corporation
sidebar.exe 1076 < 0.01 48,872 K 30,964 K Windows Sidebar Microsoft Corporation
SearchProtocolHost.exe 6396 < 0.01 5,160 K 10,952 K Microsoft Windows Search Protocol Host Microsoft Corporation
svchost.exe 1296 < 0.01 13,772 K 20,120 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1044 < 0.01 113,804 K 128,432 K Host Process for Windows Services Microsoft Corporation
AVerScheduleService.exe 4040 < 0.01 8,328 K 11,976 K ScheduleService Module
SPMService.exe 4396 < 0.01 54,212 K 40,092 K SPMService.exe Sony Corporation
ehrecvr.exe 6088 < 0.01 17,016 K 21,508 K Windows Media Center Receiver Service Microsoft Corporation
iTunesHelper.exe 3024 < 0.01 7,648 K 12,720 K iTunesHelper Apple Inc.
spoolsv.exe 1952 < 0.01 12,396 K 20,328 K Spooler SubSystem App Microsoft Corporation
Ymsgr_tray.exe 5676 19,824 K 7,592 K Yahoo! Messenger Tray Yahoo! Inc.
wmpnscfg.exe 5504 2,896 K 7,036 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 5068 4,812 K 8,420 K WMI Provider Host Microsoft Corporation
winlogon.exe 1160 3,340 K 7,412 K Windows Logon Application Microsoft Corporation
wininit.exe 776 2,212 K 5,280 K Windows Start-Up Application Microsoft Corporation
VESMgr.exe 4344 8,776 K 12,984 K VAIO Event Service (Service Module) Sony Corporation
VCSW.exe 5580 4,416 K 7,140 K VAIO Entertainment UPnP Client Adapter Sony Corporation
VCFw.exe 4456 7,236 K 12,196 K VAIO Content Folder Watcher Sony Corporation
VAIOUpdt.exe 1500 4,492 K 8,080 K VAIO Update Sony Corporation
uCamMonitor.exe 4268 2,920 K 5,028 K MgiSvr ArcSoft, Inc.
taskeng.exe 2812 3,296 K 7,812 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 2224 1,896 K 4,052 K Synaptics Pointing Device Helper Synaptics, Inc.
svchost.exe 984 18,408 K 17,364 K Host Process for Windows Services Microsoft Corporation
svchost.exe 484 8,504 K 11,712 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3680 3,952 K 7,396 K Host Process for Windows Services Microsoft Corporation
svchost.exe 684 72,764 K 44,132 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3388 3,976 K 6,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2072 23,044 K 26,152 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4236 6,292 K 8,828 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1180 3,180 K 6,500 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4648 1,636 K 3,416 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3256 3,220 K 14,308 K Host Process for Windows Services Microsoft Corporation
sqlwriter.exe 4176 4,888 K 8,712 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
SPMgr.exe 5104 63,432 K 3,584 K SPMgr.exe Sony Corporation
SOHDs.exe 3672 4,692 K 8,552 K VAIO Media plus Device Searcher Sony Corporation
SOHDms.exe 844 7,488 K 11,560 K VAIO Media plus Digital Media Server Sony Corporation
SOHCImp.exe 1256 4,060 K 8,436 K VAIO Media plus Content Importer Sony Corporation
smss.exe 652 492 K 1,000 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1228 8,752 K 11,880 K Microsoft Software Licensing Service Microsoft Corporation
SearchFilterHost.exe 7088 4,112 K 6,412 K Microsoft Windows Search Filter Host Microsoft Corporation
rundll32.exe 3008 4,032 K 6,644 K Windows host process (Rundll32) Microsoft Corporation
RTKAUDIOSERVICE.EXE 1368 3,228 K 4,564 K Realtek Audio Service Realtek Semiconductor
RegSrvc.exe 2844 2,768 K 6,148 K Intel® PROSet/Wireless Registry Service Intel® Corporation
procexp.exe 6360 2,748 K 10,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PresentationFontCache.exe 5212 33,132 K 30,088 K PresentationFontCache.exe Microsoft Corporation
nvvsvc.exe 428 2,248 K 4,572 K NVIDIA Driver Helper Service, Version 176.22 NVIDIA Corporation
lxeamon.exe 3068 7,840 K 11,288 K Printer Device Monitor
lxeacoms.exe 2448 6,124 K 10,644 K Printer Communication System
jusched.exe 3020 1,844 K 6,056 K Java™ Update Scheduler Sun Microsystems, Inc.
iviRegMgr.exe 3476 1,560 K 5,036 K RegMgr Module InterVideo
ISBMgr.exe 2992 3,748 K 7,868 K Sony Corporation
IAANTmon.exe 3624 3,872 K 7,516 K RAID Monitor Intel Corporation
IAAnotif.exe 2916 3,884 K 7,732 K Event Monitor User Notification Tool Intel Corporation
EvtEng.exe 3532 9,024 K 13,608 K Intel® PROSet/Wireless Event Log Service Intel® Corporation
ehtray.exe 2156 3,728 K 2,524 K Media Center Tray Applet Microsoft Corporation
ehsched.exe 4664 2,428 K 5,852 K Windows Media Center Scheduler Service Microsoft Corporation
ehmsas.exe 1504 2,232 K 5,680 K Media Center Media Status Aggregator Service Microsoft Corporation
dllhost.exe 3316 5,544 K 8,944 K COM Surrogate Microsoft Corporation
dllhost.exe 4540 5,460 K 8,496 K COM Surrogate Microsoft Corporation
dlbkcoms.exe 2868 3,280 K 5,120 K Printer Communication System
btwdins.exe 3408 3,840 K 5,816 K Bluetooth Support Server Broadcom Corporation.
BluetoothHeadsetProxy.exe 5656 1,392 K 4,452 K Bluetooth Headset Skype Proxy Broadcom Corporation.
BcmSqlStartupSvc.exe 3248 1,632 K 4,684 K BCM SQL Startup Service Microsoft Corporation
AVerRemote.exe 3920 9,832 K 13,440 K AVerRemote MFC Application AVerMedia
AVerQuick.exe 1900 2,452 K 7,308 K AVerQuick AVerMedia TECHNOLOGIES, Inc.
AVerHIDReceiver.exe 884 1,800 K 6,120 K HIDRec Application
audiodg.exe 1124 15,568 K 18,304 K Windows Audio Device Graph Isolation Microsoft Corporation
atashost.exe 3740 2,436 K 4,192 K WebEx Host for Support Center WebEx Communications, Inc.
acrotray.exe 2528 1,856 K 5,600 K AcroTray Adobe Systems Inc.
  • 0

#125
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-12 11:58:20
Windows 6.0.6002 Service Pack 2
Running: zgd7hliz.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f5168d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f516945
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f51695d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f558057
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x5D 0xEC 0x09 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f5168d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f516945 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f51695d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f558057 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x5D 0xEC 0x09 0x36 ...

---- EOF - GMER 1.0.15 ----
  • 0

#126
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Make sure Opera is closed.

Download and save:

http://www.nirsoft.n...ityview-x64.zip

Right click and Extract All. In the folder it creates in the same locations should be a processactivityview-x64.exe file. Right click on it and Run As Admin.

You will get a window that shows a listing of running processes. Select one and say OK. Doesn't matter which as we are not going to use them. It will change to a new window. File, Stop.

File, Start New Process, Browse to or just type in: C:\Program Files\Opera\opera.exe
Click on Start Tracing Immediately. Then OK. Wait a minute for things to settle down then File, Stop.

Edit, Select All.

File, Save Selected Items, (to your desktop) clog, OK

Attach the file clog.txt to your next reply.

Ron
  • 0

#127
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
I get a number of error messages, from both ProcessActivity and Opera.

Error Code 65535
  • 0

#128
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
It never starts the process
  • 0

#129
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Suppposed to be a System File Error.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#130
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
There are 7 that are listed, 5 with no date. They are:

nvcpl.chm
nvcplui.cpi
nvcplui.exe
nvcpluir.dll
nvexpbar.dll
iastor.sys
pcouffin.sys

All in directory c:\windows\nvtmpinst
  • 0

Advertisements


#131
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
System log from VEW

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/10/2011 01:23:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2011 06:13:49 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep DMICall

Log: 'System' Date/Time: 12/10/2011 06:13:49 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2011 06:13:49 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Log: 'System' Date/Time: 12/10/2011 06:13:49 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Bonjour Service service terminated with service-specific error 11003 (0x2AFB).

Log: 'System' Date/Time: 12/10/2011 06:13:02 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 12:47:21 PM on 10/12/2011 was unexpected.

Log: 'System' Date/Time: 12/10/2011 06:12:49 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 12/10/2011 02:35:05 PM
Type: Error Category: 0
Event: 8003 Source: bowser
The master browser has received a server announcement from the computer MACBOOK-EDD188 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EB5C9DDC-490A-458A-B066-3F6C53B032A2}. The master browser is stopping or an election is being forced.

Log: 'System' Date/Time: 12/10/2011 02:30:13 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep DMICall

Log: 'System' Date/Time: 12/10/2011 02:30:13 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2011 02:30:13 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Log: 'System' Date/Time: 12/10/2011 02:30:13 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Bonjour Service service terminated with service-specific error 11003 (0x2AFB).

Log: 'System' Date/Time: 12/10/2011 02:29:18 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 12/10/2011 03:44:54 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep DMICall

Log: 'System' Date/Time: 12/10/2011 03:44:54 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2011 03:44:54 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Log: 'System' Date/Time: 12/10/2011 03:44:54 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Bonjour Service service terminated with service-specific error 11003 (0x2AFB).

Log: 'System' Date/Time: 12/10/2011 03:43:59 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 12/10/2011 12:45:20 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep DMICall

Log: 'System' Date/Time: 12/10/2011 12:45:20 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2011 12:45:20 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2011 04:59:24 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 12/10/2011 04:59:24 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll
  • 0

#132
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Submit these two
iastor.sys
pcouffin.sys
to http://virustotal.com and see what they say. I suspect they are just install files that nvidia uses but it won't hurt to check.

Ron
  • 0

#133
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
VEW applications

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/10/2011 01:25:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/10/2011 06:13:55 PM
Type: Error Category: 0
Event: 7 Source: VzCdbSvc
Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Log: 'Application' Date/Time: 12/10/2011 06:13:49 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 12/10/2011 06:13:41 PM
Type: Error Category: 0
Event: 10 Source: SQLBrowser
The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Log: 'Application' Date/Time: 12/10/2011 06:13:41 PM
Type: Error Category: 0
Event: 11 Source: SQLBrowser
The SQLBrowser service encountered a critical failure.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:31 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 06:13:23 PM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Log: 'Application' Date/Time: 12/10/2011 05:40:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application opera.exe, version 11.51.1087.0, time stamp 0x4e57717e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00070006, process id 0x15fc, application start time 0x01cc89061335b0aa.

Log: 'Application' Date/Time: 12/10/2011 05:39:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application opera.exe, version 11.51.1087.0, time stamp 0x4e57717e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00070006, process id 0x1438, application start time 0x01cc8905e89b2a5a.

Log: 'Application' Date/Time: 12/10/2011 02:30:20 PM
Type: Error Category: 0
Event: 7 Source: VzCdbSvc
Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Log: 'Application' Date/Time: 12/10/2011 02:30:13 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 12/10/2011 02:30:05 PM
Type: Error Category: 0
Event: 10 Source: SQLBrowser
The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Log: 'Application' Date/Time: 12/10/2011 02:30:05 PM
Type: Error Category: 0
Event: 11 Source: SQLBrowser
The SQLBrowser service encountered a critical failure.

Log: 'Application' Date/Time: 12/10/2011 02:30:04 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 12/10/2011 02:30:04 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#134
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Couldnt get to that particular site to check them, but according to file.net, the first is an Intel file. The second i a file for CD/Blu Ray components
  • 0

#135
tedins

tedins

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Another site said both should be considered sfe and are not a threat
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP