Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware


  • This topic is locked This topic is locked

#31
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL Extras logfile created on: 08/11/2011 18:10:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hussains\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.65% Memory free
4.23 Gb Paging File | 3.23 Gb Available in Paging File | 76.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 155.69 Gb Free Space | 69.89% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.28 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: HUSSAINS-PC | User Name: Hussains | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{234AB774-CA1E-4526-AF25-325229173EDE}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{34D0C047-CF01-429B-B43B-5C31D1646A43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{34D0F74E-5EE4-4431-86EA-E59DEC3CB777}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4D63492B-25FB-422A-9A3A-FE336A4C1EC8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{7F678B39-18C1-480B-8BBD-2886B837E34E}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{986C58D7-0F9B-4365-8EE8-62277B21CBF6}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{BBBEBDB1-277E-488A-AE36-DA70BFF92DF6}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B7E120-9254-4974-BF14-89991C0158CB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{13D74CC8-0D85-413B-94B1-F1D4D22C9777}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{45295132-E6F9-49E0-95D7-D39F35EF5E6F}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{4893608A-6B68-4BD5-B2E3-3AB26C288058}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{491A95A3-6FA3-46C1-8FC2-61EB935C8618}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{704CEFEA-4F58-46F2-A218-5CAF56EC08C1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7BA80F17-E69F-4F5A-B0DC-E86D5C6A1D60}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{81D8D624-CD09-4160-A6D7-DCD9E664FB53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{9305D100-CD53-4E0E-A4DC-1B748CF50D99}" = protocol=6 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{BA4B5877-7E58-44AC-98C9-D3B7EFC9D275}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{BE72D6FE-9189-4E80-8AF5-6DAB0772E0F6}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{C6EC313C-9773-4337-84BF-F8D31B45C928}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C99F7D54-985E-4E80-B06A-FB4235FEC623}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5028ECD-D1F9-4CA1-AF6F-0A445870B00D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5F38519-D8B4-4899-920B-E9D0ADD4FDCD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D86E2A98-8413-4023-B4B3-8E2BD7AB65DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D96D9116-8598-46CD-9AB4-14C5BA3D2435}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E49D4812-91CD-4208-B955-4F83784A1D79}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{EF61C387-3FB9-403A-A55A-431522F4DBA0}" = protocol=17 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{FA33F92B-188B-46DB-9584-4D39FCBA49A3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel® Viiv™ Software
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C8A53C9C-185D-46E0-8F63-1E6AE4140674}_is1" = Driving Test Success - The Complete Theory Test (2010-2011) (Update 2)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audio MP3 Editor_is1" = Audio MP3 Editor 5.20
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"PUBLISHER" = Microsoft Office Publisher 2007
"Rapport_msi" = Rapport
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 4.4
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:12:48 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/11/2011 17:13:01 | Computer Name = Hussains-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 02/11/2011 17:13:34 | Computer Name = Hussains-PC | Source = ESENT | ID = 104
Description = Windows (3392) Windows: The database engine stopped the instance (0)
with error (-1090).

Error - 03/11/2011 10:26:17 | Computer Name = Hussains-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 06/11/2011 05:36:17 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 06/11/2011 08:00:01 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 06/11/2011 09:04:25 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 07/11/2011 04:48:01 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 07/11/2011 16:28:26 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 07/11/2011 17:03:29 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 08/11/2011 05:21:38 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 08/11/2011 11:04:12 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 08/11/2011 12:48:40 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 08/11/2011 13:21:41 | Computer Name = Hussains-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >
  • 0

Advertisements


#32
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you please download VEW and save it to your Desktop: http://images.malwar...om/vino/VEW.exe

Double-click VEW.exe then under 'Select log to query', select:
Application
System

Under 'Select type to list', select:
Error
Information
Warning

Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
  • 0

#33
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/11/2011 21:25:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/11/2011 14:26:17
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5f10a803-8585-47f1-abf9-7e8d3bf97ccf}

Log: 'Application' Date/Time: 02/11/2011 21:13:34
Type: Error Category: 1
Event: 104 Source: ESENT
Windows (3392) Windows: The database engine stopped the instance (0) with error (-1090).

Log: 'Application' Date/Time: 02/11/2011 21:13:01
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index metadata cannot be read. (0xc0041801)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000012> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00000F> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00000E> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00000C> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00000B> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00000A> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000009> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000008> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000007> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000006> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000005> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000004> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000002> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000001> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 02/11/2011 21:12:48
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\HUSSAINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/11/2011 20:55:36
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 08/11/2011 20:26:02
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 08/11/2011 19:55:38
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 08/11/2011 17:34:16
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 08/11/2011 17:27:47
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 08/11/2011 17:27:38
Type: Information Category: 0
Event: 1000 Source: Microsoft-Windows-LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Log: 'Application' Date/Time: 08/11/2011 17:27:37
Type: Information Category: 0
Event: 1001 Source: Microsoft-Windows-LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Log: 'Application' Date/Time: 08/11/2011 17:24:57
Type: Information Category: 0
Event: 8194 Source: System Restore
Successfully created restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update).

Log: 'Application' Date/Time: 08/11/2011 17:24:33
Type: Information Category: 0
Event: 8194 Source: System Restore
Successfully created restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update).

Log: 'Application' Date/Time: 08/11/2011 17:24:02
Type: Information Category: 0
Event: 1 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 08/11/2011 17:22:26
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-CertificateServicesClient
Certificate Services Client has been started successfully.

Log: 'Application' Date/Time: 08/11/2011 17:22:18
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-CertificateServicesClient
Certificate Services Client has been started successfully.

Log: 'Application' Date/Time: 08/11/2011 17:21:41
Type: Information Category: 1
Event: 1003 Source: Microsoft-Windows-Search
The Windows Search Service started.


Log: 'Application' Date/Time: 08/11/2011 17:21:37
Type: Information Category: 0
Event: 0 Source: RoxSniffer9
The event description cannot be found.

Log: 'Application' Date/Time: 08/11/2011 17:21:33
Type: Information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.

Log: 'Application' Date/Time: 08/11/2011 17:21:32
Type: Information Category: 1
Event: 102 Source: ESENT
Windows (3608) Windows: The database engine (6.00.6002.0000) started a new instance (0).

Log: 'Application' Date/Time: 08/11/2011 17:21:32
Type: Information Category: 0
Event: 5617 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service subsystems initialized successfully

Log: 'Application' Date/Time: 08/11/2011 17:21:32
Type: Information Category: 0
Event: 5615 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service started sucessfully

Log: 'Application' Date/Time: 08/11/2011 17:21:29
Type: Information Category: 0
Event: 0 Source: RoxSniffer9
The event description cannot be found.

Log: 'Application' Date/Time: 08/11/2011 17:21:27
Type: Information Category: 0
Event: 100 Source: Bonjour Service
Service started


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/11/2011 17:05:12
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 08/11/2011 17:05:12
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 08/11/2011 17:05:12
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 07/11/2011 20:44:28
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 07/11/2011 09:59:19
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{s-1-5-21-2072669260-3456327829-1688835100-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)


Log: 'Application' Date/Time: 07/11/2011 09:59:17
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 06/11/2011 21:35:59
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 312 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 06/11/2011 13:02:29
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 264 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 05/11/2011 19:28:45
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 420 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 04/11/2011 20:33:04
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function. (0x00000001)


Log: 'Application' Date/Time: 03/11/2011 22:10:08
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 604 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 03/11/2011 14:16:14
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 77 time(s) since 21:12:49. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 03/11/2011 14:16:14
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3031 for the Windows Search Service has been suppressed 144 time(s) since 21:12:44. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3031 for further details on this event.

Log: 'Application' Date/Time: 02/11/2011 21:18:02
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 2492 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 02/11/2011 21:16:48
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is attempting to remove the old catalog.


Log: 'Application' Date/Time: 02/11/2011 19:14:02
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 12 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 02/11/2011 17:18:49
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 484 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 01/11/2011 21:10:51
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 268 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 31/10/2011 17:38:36
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2072669260-3456327829-1688835100-1001_Classes:
Process 568 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2072669260-3456327829-1688835100-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 31/10/2011 16:16:13
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is attempting to remove the old catalog.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 17:21:41
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 08/11/2011 16:48:40
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 08/11/2011 15:04:12
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 08/11/2011 09:21:38
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 07/11/2011 21:03:29
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 07/11/2011 20:28:26
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 07/11/2011 08:48:01
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 06/11/2011 13:04:25
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 06/11/2011 12:00:01
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 06/11/2011 09:36:17
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 05/11/2011 13:26:18
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 05/11/2011 00:18:41
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 04/11/2011 20:16:02
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 04/11/2011 19:20:17
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 03/11/2011 18:15:21
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 03/11/2011 18:14:38
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 18:11:21 on 03/11/2011 was unexpected.

Log: 'System' Date/Time: 03/11/2011 16:02:13
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 03/11/2011 14:26:06
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 03/11/2011 14:16:29
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 02/11/2011 22:11:47
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 20:58:36
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 20:55:36
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 20:52:36
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the running state.

Log: 'System' Date/Time: 08/11/2011 20:52:36
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the running state.

Log: 'System' Date/Time: 08/11/2011 20:29:02
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 20:26:02
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 20:23:02
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the running state.

Log: 'System' Date/Time: 08/11/2011 20:23:02
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the running state.

Log: 'System' Date/Time: 08/11/2011 20:07:36
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 19:58:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 19:55:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 19:52:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the running state.

Log: 'System' Date/Time: 08/11/2011 19:52:38
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the running state.

Log: 'System' Date/Time: 08/11/2011 19:51:35
Type: Information Category: 0
Event: 1001 Source: Microsoft Antimalware
Microsoft Antimalware scan has finished. Scan ID: {4ED20405-27A6-4791-8743-2161740C2EF9} Scan Type: Antimalware Scan Parameters: Full Scan User: Hussains-PC\Hussains Scan Time: 1:28:43

Log: 'System' Date/Time: 08/11/2011 19:51:06
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 08/11/2011 19:01:13
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 19:01:13
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the running state.

Log: 'System' Date/Time: 08/11/2011 18:47:12
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the stopped state.

Log: 'System' Date/Time: 08/11/2011 18:47:12
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the running state.

Log: 'System' Date/Time: 08/11/2011 18:38:12
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the stopped state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 16:49:54
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147633372 Name: TrojanDownloader:Win32/Pingbed.B ID: 2147633372 Severity: Severe Category: Trojan Downloader Path: process:_pid:2528 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.1413.0, AS: 1.115.1413.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 07/11/2011 21:04:43
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147608555 Name: Program:Win32/FakeAdpro ID: 2147608555 Severity: High Category: Potentially Unwanted Software Path: process:_pid:2388 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.1413.0, AS: 1.115.1413.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 06/11/2011 18:12:02
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {62ECC535-9226-4204-8B38-AD48ABDFEBA3} Scan Type: Antimalware Scan Parameters: Full Scan User: Hussains-PC\Hussains

Log: 'System' Date/Time: 06/11/2011 09:37:51
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147618909 Name: Backdoor:Win32/Darkmoon.AE ID: 2147618909 Severity: Severe Category: Backdoor Path: process:_pid:2512 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.1326.0, AS: 1.115.1326.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 05/11/2011 00:19:54
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/PcClient.EC!dll&threatid=2147637953 Name: Backdoor:Win32/PcClient.EC!dll ID: 2147637953 Severity: Severe Category: Backdoor Path: process:_pid:2548 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.1261.0, AS: 1.115.1261.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 04/11/2011 20:02:06
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {66DB3932-4065-4261-8584-08841740D8AF} Scan Type: Antimalware Scan Parameters: Quick Scan User: Hussains-PC\Hussains

Log: 'System' Date/Time: 01/11/2011 14:50:05
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147567524 Name: Backdoor:Win32/PcClient ID: 2147567524 Severity: Severe Category: Backdoor Path: process:_pid:2540 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.963.0, AS: 1.115.963.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 31/10/2011 17:58:31
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {88C09755-0ED5-45E4-B772-FFA8A304B1F9} Scan Type: Antimalware Scan Parameters: Quick Scan User: Hussains-PC\Hussains

Log: 'System' Date/Time: 31/10/2011 16:52:28
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {92712570-C03B-4CD8-909C-268D677B0F41} Scan Type: Antimalware Scan Parameters: Full Scan User: Hussains-PC\Hussains

Log: 'System' Date/Time: 29/10/2011 16:27:48
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147627123 Name: Program:Win32/FakeBye ID: 2147627123 Severity: High Category: Potentially Unwanted Software Path: process:_pid:2448 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.822.0, AS: 1.115.822.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 28/10/2011 15:04:08
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147499461 Name: Trojan:Win32/Adbehavior ID: 2147499461 Severity: Severe Category: Trojan Path: process:_pid:2480 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.766.0, AS: 1.115.766.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 25/10/2011 19:38:02
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 25/10/2011 18:17:03
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 25/10/2011 17:21:20
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 25/10/2011 12:42:22
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147607548 Name: Backdoor:Win32/Blazgel.A ID: 2147607548 Severity: Severe Category: Backdoor Path: process:_pid:2404 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Signature Version: AV: 1.115.473.0, AS: 1.115.473.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 25/10/2011 08:27:38
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 25/10/2011 00:04:22
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA091331D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 25/10/2011 00:03:52
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.

Log: 'System' Date/Time: 24/10/2011 23:42:49
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA091331D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 24/10/2011 23:42:12
Type: Warning Category: 0
Event: 27 Source: e1express
Intel® 82562V-2 10/100 Network Connection Link has been disconnected.
  • 0

#34
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Log: 'System' Date/Time: 05/11/2011 00:19:54
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147637953
Name: Backdoor:Win32/PcClient.EC!dll
ID: 2147637953
Severity: Severe
Category:
Backdoor Path: process:_pid:2548
Detection Origin: Unknown Detection
Type: Heuristics Detection Source:
System User: NT AUTHORITY\SYSTEM
Process Name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
Signature Version: AV: 1.115.1261.0, AS: 1.115.1261.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0


OK. I see now that you really have MSE and Comodo incompatibility problem. File C:\Program Files\COMODO\COMODO Internet Security\cfp.exe is recognize by Heuristics Detection as backdoor trojan.

The easiest way is to temporarily remove Comodo from your system and see what will happened.

If you payed for Comodo please make sure to find your product key so you can install it later.
  • 0

#35
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Thanks for the reply and cooperation so far, its much appreciated.

I've removed Comodo completely and activated windows firewall, what should I do next?

I know I keep asking you this but do you think it is safe for me to conduct password related activity and could the backdoor malware have stolen data from my computer?

Many Thanks
King011
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Ask away :). I don't mind.

Can you confirm to me that MSE doesn't report any malware now?

I know I keep asking you this but do you think it is safe for me to conduct password related activity and could the backdoor malware have stolen data from my computer?


I don't see any malware on your PC now. You can conduct password related activity but please first confirm that MSE doesn't report any malware so we can be sure that Comodo was the problem.
  • 0

#37
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Maliprog,

Many thanks for the answer to my question , I did have Rapport password security, which is very good at protecting passwords and preventing password stealing attacks but I was not sure as malware in the modern day is very tricky! :) :)

So far MSE has not detected anything and also did complete a quick scan which detected nothing and now I am just in the process of doing a full scan.

What's next? :) :yes:

Also is windows firewall good enough in comparison to other firewalls like comodo for example.

Once again Many Thanks and I look forward to your reply. :)

King011

Edited by king011, 09 November 2011 - 03:23 PM.

  • 0

#38
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Glad to hear that. Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#39
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello Maliprog,

Many thanks for your response.

I have complete the above instructions.

Is there anything else that needs to be done now at this stage?

Best regards
King011
  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No. We done it all :yes:

Goodbye and stay safe :)
  • 0

Advertisements


#41
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello maliprog,

Waiiiiiiiiiiiiiiiiitttttttttt!

In relation to the firewall should I just leave windows firewall and will that be safe enough?
Also is my computer full clean of malware ?

Many Thanks
King011
  • 0

#42
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi king011,

Sorry about that. Windows firewall is good. I also have only windows firewall on my system.

You PC is clean. You can use it anyway you like. Just be careful and responsible online user so you won't have malware problems again :)
  • 0

#43
king011

king011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hello Maliprog,

Many thanks for your reply.

I would just like to thank you for your diligence and cooperation over the last month or so and also I am very grateful for you help in relation to basically fixing my PC. I have been very staified with your constant and consitent methods of help in regards to the various and vast problem that the PC had. :) :yes: :) :) :) :) :) :) :) :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup:

Many Thanks
Best Regards
King011
  • 0

#44
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Thank you for your kind words. Take care! :)
  • 0

#45
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP