Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Super Slow WMP not recognizing devices

Started by polling , Nov 27 2012 01:41 PM

Please log in to reply

#16
RKinner

Posted 02 December 2012 - 11:22 AM

Malware Expert

Expert
24,625 posts

System Idle Process 0 59.53 0 K 24 K
procexp64.exe 4760 9.89 24,980 K 46,952 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
SearchFilterHost.exe 4104 7.00 4,560 K 10,452 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 3140 1.64 50,216 K 43,740 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.20 0 K 0 K Hardware Interrupts and DPCs
SearchProtocolHost.exe 3112 3.51 5,516 K 8,220 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 4056 2.18 49,052 K 42,920 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

Definite improvement that time. System Idle is now at the top of the CPU usage list which should mean it's running a bit faster and the services.exe and csrss.exe are both verified and from Microsoft. Windows Search seems to be eating the remaining CPU so let's turn it off as you really don't need it.

Go back into the Services and find Windows Search. Then right click on it and select Properties then change the Startup Type: to Disabled and APPLY then STOP the service.

Then run Process Explorer again and post the log.Remember to wait 60 seconds after starting Process Explorer before saving the log.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#17
polling

Posted 03 December 2012 - 01:01 PM

Member

Topic Starter
Member
303 posts

OK

I couldnt find the windows log

Im guessing is it at the bottom of teh screen with all the Winodw choices?

Or is it on the side?

I couldnt find that

heres the Procexe Log

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
atashost.exe 1656 1,416 K 448 K WebEx Host for Support Center Cisco WebEx LLC (Verified) WebEx Communications Inc.
audiodg.exe 1376 17,356 K 17,676 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
CVH.EXE 4212 5,708 K 15,312 K Microsoft Office Client Virtualization Handler Microsoft Corporation (Verified) Microsoft Corporation
CVHSVC.EXE 2728 7,332 K 3,964 K Microsoft Office Client Virtualization Service Microsoft Corporation (Verified) Microsoft Corporation
dllhost.exe 4552 2,648 K 2,908 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 3668 49,264 K 11,508 K Dropbox Dropbox, Inc. (Verified) Dropbox
FlashUtil32_11_4_402_287_ActiveX.exe 2408 2,780 K 2,896 K Adobe® Flash® Player Installer/Uninstaller 11.4 r402 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
hpsysdrv.exe 3872 1,176 K 592 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
hpwuschd2.exe 3944 1,240 K 772 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
ielowutil.exe 3348 1,524 K 536 K Internet Low-Mic Utility Tool Microsoft Corporation (Verified) Microsoft Windows
Locator.exe 1912 1,248 K 324 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 588 5,556 K 6,848 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LSSrvc.exe 1800 1,540 K 372 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
mDNSResponder.exe 1692 2,440 K 2,952 K Bonjour Service Apple Inc. (Verified) Apple Inc.
NisSrv.exe 2976 16,680 K 6,480 K Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe 792 1,640 K 436 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
OFFICEVIRT.EXE 4632 2,252 K 6,148 K (Verified) Microsoft Corporation
OSPPSVC.EXE 5380 2,992 K 10,388 K Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
PresentationFontCache.exe 4944 25,752 K 6,388 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 4496 2,332 K 8,072 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 556 6,960 K 6,424 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
sftlist.exe 2268 11,448 K 13,640 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
sftvsa.exe 1520 1,704 K 552 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 300 356 K 256 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1236 2,960 K 3,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2064 4,596 K 4,144 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 832 5,776 K 6,560 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 4760 2,188 K 6,236 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 4764 3,716 K 5,696 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2564 8,420 K 5,828 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 492 1,812 K 352 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 604 2,556 K 1,584 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2380 1,512 K 384 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe 6140 2,700 K 6,644 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5536 7,456 K 13,080 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1460 < 0.01 14,132 K 12,328 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 4084 < 0.01 3,824 K 3,316 K iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe 988 0.01 30,132 K 28,860 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2196 0.01 6,720 K 3,624 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
HPAdvisor.exe 3300 0.01 60,356 K 12,764 K HP Advisor Hewlett-Packard (Verified) Hewlett-Packard Company
svchost.exe 908 0.01 102,512 K 99,080 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
EKAiOHostService.exe 1732 0.01 35,276 K 19,076 K EKAiOHostService Module for Kodak AiO Printers Eastman Kodak Company (Verified) Eastman Kodak Company
svchost.exe 1140 0.01 10,432 K 12,620 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 444 0.02 3,084 K 3,236 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 596 0.02 3,016 K 2,244 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
SASCore64.exe 1608 0.02 1,932 K 496 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
svchost.exe 488 0.02 21,648 K 14,252 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPSA_Service.exe 2824 0.02 42,328 K 41,900 K HP Support Assistant Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
svchost.exe 1036 0.02 35,212 K 43,208 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe 1368 0.02 3,148 K 1,468 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation (Verified) NVIDIA Corporation
cmdagent.exe 868 0.03 40,212 K 4,040 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
AppleMobileDeviceService.exe 1628 0.03 4,072 K 5,112 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
wmpnetwk.exe 3936 0.03 14,788 K 7,676 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
msseces.exe 3372 0.07 7,608 K 10,160 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
iexplore.exe 6112 0.08 70,232 K 76,060 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 5080 0.08 11,004 K 18,080 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4116 0.08 10,620 K 9,964 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1568 0.09 7,804 K 10,272 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 960 0.09 3,036 K 2,504 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
SUPERANTISPYWARE.EXE 3452 0.15 517,552 K 1,652 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
MsMpEng.exe 1020 0.20 85,852 K 67,872 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
cfp.exe 3360 0.21 20,056 K 6,284 K COMODO Internet Security COMODO (Verified) Comodo Security Solutions
explorer.exe 3164 0.27 38,776 K 49,496 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 4 0.38 348 K 10,792 K
csrss.exe 504 0.69 10,720 K 12,980 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
HP_Remote_Solution.exe 3928 0.73 3,620 K 2,484 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
svchost.exe 732 1.01 4,684 K 4,692 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 2388 1.53 8,900 K 17,136 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
EKPrinterSDK.exe 1764 1.53 5,472 K 6,088 K Status Monitor SDK for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company (Verified) Eastman Kodak Company
Interrupts n/a 2.25 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 3140 3.54 51,596 K 46,644 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 5248 12.83 23,276 K 47,744 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 0 73.90 0 K 24 K

Heres the VEW Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/12/2012 1:56:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 6:16:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/11/2012 5:11:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 7:30:48 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 6:48:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/11/2012 5:20:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 06/11/2012 5:19:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:34:05 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 05/11/2012 5:16:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/10/2012 3:35:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/10/2012 11:08:03 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 18/10/2012 8:09:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 6:38:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 4:51:47 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/10/2012 7:29:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/12/2012 6:26:54 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 03/12/2012 6:25:12 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.

Log: 'System' Date/Time: 03/12/2012 6:24:28 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 02/12/2012 12:08:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/12/2012 12:02:28 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 02/12/2012 2:15:13 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 02/12/2012 2:14:43 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 01/12/2012 6:17:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/12/2012 6:17:05 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 1:16:09 PM on ?12/?1/?2012 was unexpected.

Log: 'System' Date/Time: 01/12/2012 6:08:28 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/12/2012 5:53:57 PM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{4269DD6C-B594-4BFA-BA6C-258867599855} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 01/12/2012 5:53:50 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/12/2012 4:40:32 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/12/2012 4:40:32 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Log: 'System' Date/Time: 01/12/2012 4:19:56 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/12/2012 1:47:12 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 1:47:11 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 1:35:02 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 1:28:44 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 1:28:44 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/12/2012 12:08:16 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2012 6:17:03 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2012 12:34:24 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/11/2012 10:50:05 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 29/11/2012 9:11:10 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 28/11/2012 6:21:21 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/11/2012 9:00:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pis.foxitsoftware.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/11/2012 5:11:37 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 24/11/2012 6:41:58 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.teen-type1-treatment-option.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2012 7:31:08 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 22/11/2012 6:48:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/11/2012 4:17:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/11/2012 2:25:23 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 9:45:07 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 2:20:21 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 7:34:24 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 6:40:22 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 5:20:38 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/11/2012 1:43:21 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/11/2012 8:56:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.mi.comcast.net timed out after none of the configured DNS servers responded.

#18
RKinner

Posted 03 December 2012 - 02:13 PM

Malware Expert

Expert
24,625 posts

Uninstall SAMSUNG USB Driver for Mobile Phones. It's causing errors:

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Also uninstall Apple Mobile Device Support ditto:

Log: 'System' Date/Time: 02/12/2012 12:08:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

These can both be reinstalled later. Just want to get rid of as many errors as possible.

Have you been having power problems or are you pulling the plug for some reason? Lots of these.

Log: 'System' Date/Time: 01/12/2012 6:16:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

If we haven't already let's Disable the Windows Media Player Network Sharing Service

Log: 'System' Date/Time: 02/12/2012 2:15:13 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 02/12/2012 2:14:43 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Clear the event logs. See attached:

Reboot.

Run VEW as before.

#19
polling

Posted 03 December 2012 - 04:58 PM

Member

Topic Starter
Member
303 posts

The Power outages are due to a heater and microwave running at the same time

Since the weather has changed i use a small heater for my home office and my wife will use the microwave causing the PC to be shutoff

Here's the new log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/12/2012 5:55:39 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/12/2012 6:16:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/11/2012 5:11:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 7:30:48 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 22/11/2012 6:48:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/11/2012 5:20:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 9:26:33 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 06/11/2012 5:19:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:34:05 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/11/2012 4:26:18 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 05/11/2012 5:16:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/10/2012 3:35:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/10/2012 11:08:03 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SPH-L710 (location 0000.0002.0001.005.000.000.000.000.000) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 18/10/2012 8:32:08 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 18/10/2012 8:09:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 6:38:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2012 4:51:47 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/10/2012 7:29:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/12/2012 10:53:23 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Log: 'System' Date/Time: 03/12/2012 10:06:21 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/12/2012 9:59:51 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/12/2012 6:26:54 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 03/12/2012 6:25:12 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.

Log: 'System' Date/Time: 03/12/2012 6:24:28 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 02/12/2012 12:08:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 02/12/2012 12:02:28 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 02/12/2012 2:15:13 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 02/12/2012 2:14:43 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 01/12/2012 6:17:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 01/12/2012 6:17:05 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 1:16:09 PM on ?12/?1/?2012 was unexpected.

Log: 'System' Date/Time: 01/12/2012 6:08:28 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/12/2012 5:53:57 PM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{4269DD6C-B594-4BFA-BA6C-258867599855} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 01/12/2012 5:53:50 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/12/2012 4:40:32 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/12/2012 4:40:32 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Log: 'System' Date/Time: 01/12/2012 4:19:56 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/12/2012 1:47:12 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 01/12/2012 1:47:11 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "FRANK-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/12/2012 10:06:11 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 02/12/2012 12:08:16 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2012 6:17:03 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/12/2012 12:34:24 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 30/11/2012 10:50:05 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 29/11/2012 9:11:10 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 28/11/2012 6:21:21 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/11/2012 9:00:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pis.foxitsoftware.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/11/2012 5:11:37 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 24/11/2012 6:41:58 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.teen-type1-treatment-option.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2012 7:31:08 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 22/11/2012 6:48:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/11/2012 4:17:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/11/2012 2:25:23 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 9:45:07 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/11/2012 2:20:21 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 7:34:24 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 6:40:22 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/11/2012 5:20:38 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/11/2012 1:43:21 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

#20
RKinner

Posted 03 December 2012 - 05:37 PM

Malware Expert

Expert
24,625 posts

I need for you to clear the event logs before you reboot. Too hard to tell which ones are new and which ones are old.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Then run VEW as before.

I don't think we were able to run Combofix before. Could you try it now? It should be a lot faster now.

#21
polling

Posted 03 December 2012 - 07:07 PM

Member

Topic Starter
Member
303 posts

Ok where do i find window logs

I dont see it

Attached Thumbnails

#22
RKinner

Posted 03 December 2012 - 07:19 PM

Malware Expert

Expert
24,625 posts

It's down in the bottom but you can click on the arrow in front of Event Viewer and it should show up.

#23
polling

Posted 03 December 2012 - 07:58 PM

Member

Topic Starter
Member
303 posts

Here's the VEW Log

Im running Combofix now

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/12/2012 8:57:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/12/2012 1:55:05 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/12/2012 1:55:03 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

#24
polling

Posted 03 December 2012 - 08:02 PM

Member

Topic Starter
Member
303 posts

Ok i got a win32 error when trying to run combofix

See attached

Attached Thumbnails

#25
RKinner

Posted 03 December 2012 - 08:33 PM

Malware Expert

Expert
24,625 posts

Copy the next line:

sc config  iPodDrv start= disabled

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window. That should get rid of this error which is leftover from something called DoubleTwist.

Log: 'System' Date/Time: 04/12/2012 1:55:05 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The iPodDrv service failed to start due to the following error: The system cannot find the file specified.

Can you run VEW again for Applications?

Combofix works on Vista and Win 7 even the 64 bit versions so I'm not sure why you got that error. Did you remember to pause your anti-virus? Did you right click and Run As Admin? Perhaps we need to download a newer version. Delete the old one and get a new:
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

#26
polling

Posted 04 December 2012 - 12:27 AM

Member

Topic Starter
Member
303 posts

Ok

I disabled comodo and my antivirus

And i got the Incompatible OS Error again

Here's the VEV Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/12/2012 1:19:14 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/12/2012 1:55:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 135.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Log: 'Application' Date/Time: 04/12/2012 1:55:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.135:5353 18 135.1.168.192.in-addr.arpa. PTR Frank-PC-2.local.

Log: 'Application' Date/Time: 04/12/2012 12:51:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 135.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Log: 'Application' Date/Time: 04/12/2012 12:51:52 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.135:5353 18 135.1.168.192.in-addr.arpa. PTR Frank-PC-2.local.

Log: 'Application' Date/Time: 04/12/2012 12:34:42 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: npFoxitReaderPlugin.dll, version: 2.2.1.530, time stamp: 0x4fc6fd43 Exception code: 0xc0000005 Fault offset: 0x00016baf Faulting process id: 0x118c Faulting application start time: 0x01cdd1b7214eb8c0 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll Report Id: 6464a3e0-3daa-11e2-8e84-7071bc9fc43a

Log: 'Application' Date/Time: 04/12/2012 12:34:36 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x37313433 Faulting process id: 0x118c Faulting application start time: 0x01cdd1b7214eb8c0 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: unknown Report Id: 61368da0-3daa-11e2-8e84-7071bc9fc43a

Log: 'Application' Date/Time: 03/12/2012 10:06:24 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 135.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Log: 'Application' Date/Time: 03/12/2012 10:06:24 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.135:5353 18 135.1.168.192.in-addr.arpa. PTR Frank-PC-2.local.

Log: 'Application' Date/Time: 03/12/2012 7:47:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x75692b47 Faulting process id: 0x764 Faulting application start time: 0x01cdd18f10b7c178 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: unknown Report Id: 4f9e81d8-3d82-11e2-9040-7071bc9fc43a

Log: 'Application' Date/Time: 03/12/2012 7:47:24 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: npFoxitReaderPlugin.dll, version: 2.2.1.530, time stamp: 0x4fc6fd43 Exception code: 0xc0000005 Fault offset: 0x00016852 Faulting process id: 0x10e0 Faulting application start time: 0x01cdd18f00d3b398 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll Report Id: 41befe58-3d82-11e2-9040-7071bc9fc43a

Log: 'Application' Date/Time: 03/12/2012 7:47:20 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x37636261 Faulting process id: 0x10e0 Faulting application start time: 0x01cdd18f00d3b398 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: unknown Report Id: 3fae8d18-3d82-11e2-9040-7071bc9fc43a

Log: 'Application' Date/Time: 03/12/2012 7:47:11 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: npFoxitReaderPlugin.dll, version: 2.2.1.530, time stamp: 0x4fc6fd43 Exception code: 0xc0000005 Fault offset: 0x00016852 Faulting process id: 0xdb4 Faulting application start time: 0x01cdd18ef79f2258 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll Report Id: 3a2afdb8-3d82-11e2-9040-7071bc9fc43a

Log: 'Application' Date/Time: 03/12/2012 7:47:06 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x37636261 Faulting process id: 0xdb4 Faulting application start time: 0x01cdd18ef79f2258 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: unknown Report Id: 3760e138-3d82-11e2-9040-7071bc9fc43a

Log: 'Application' Date/Time: 02/12/2012 12:08:21 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Log: 'Application' Date/Time: 02/12/2012 12:08:21 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 18 100.1.168.192.in-addr.arpa. PTR Frank-PC-2.local.

Log: 'Application' Date/Time: 02/12/2012 2:14:18 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp: 0x503285c2 Exception code: 0x0000046b Fault offset: 0x000000000000caed Faulting process id: 0xf94 Faulting application start time: 0x01cdcff03abddb10 Faulting application path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: f9ab1ac8-3c25-11e2-9008-7071bc9fc43a

Log: 'Application' Date/Time: 02/12/2012 2:02:09 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485 Faulting module name: wmp.dll, version: 12.0.7601.17514, time stamp: 0x4ce7ba7f Exception code: 0xc0000005 Fault offset: 0x0041a02e Faulting process id: 0x13c4 Faulting application start time: 0x01cdd031033fef48 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll Report Id: 47670fd0-3c24-11e2-9008-7071bc9fc43a

Log: 'Application' Date/Time: 01/12/2012 6:34:18 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Error: The server returned an invalid or unrecognized response ErrorCode: 14007(0x36b7).

Log: 'Application' Date/Time: 01/12/2012 6:17:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 100.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Log: 'Application' Date/Time: 01/12/2012 6:17:19 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 18 100.1.168.192.in-addr.arpa. PTR Frank-PC-2.local.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/12/2012 2:05:29 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 04/12/2012 2:05:29 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 04/12/2012 1:55:12 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=8C4}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: FRANK-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 04/12/2012 1:55:07 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=8C4}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 04/12/2012 1:02:25 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 04/12/2012 1:02:24 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 04/12/2012 12:51:57 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=8DC}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: FRANK-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 04/12/2012 12:51:52 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=8DC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 04/12/2012 12:50:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1133253992-2123315571-3751703014-1001:
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\My
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\CA
Process 1036 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Root
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Root
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 03/12/2012 11:50:43 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{72d64c1c-3746-11e0-b2dc-7071bc9fc43a}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 03/12/2012 10:16:43 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 03/12/2012 10:16:43 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 03/12/2012 10:06:28 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=8AC}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: FRANK-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 03/12/2012 10:06:23 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=8AC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 03/12/2012 10:04:51 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1133253992-2123315571-3751703014-1001:
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\My
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\CA
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Root
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2196 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 03/12/2012 9:59:00 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{72d64c1c-3746-11e0-b2dc-7071bc9fc43a}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 03/12/2012 6:29:43 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{72d64c1c-3746-11e0-b2dc-7071bc9fc43a}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 02/12/2012 12:57:58 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{72d64c1c-3746-11e0-b2dc-7071bc9fc43a}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 02/12/2012 12:19:57 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 02/12/2012 12:18:41 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

#27
RKinner

Posted 04 December 2012 - 01:00 AM

Malware Expert

Expert
24,625 posts

Log: 'Application' Date/Time: 04/12/2012 1:55:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding 16 135.1.168.192.in-addr.arpa. PTR Frank-PC.local.

Uninstall Bonjour if you can. You get a new version if you download Safari or most other Apple software.

Log: 'Application' Date/Time: 04/12/2012 12:34:42 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 16.0.2.4680, time stamp: 0x50882817 Faulting module name: npFoxitReaderPlugin.dll, version: 2.2.1.530, time stamp: 0x4fc6fd43 Exception code: 0xc0000005 Fault offset: 0x00016baf Faulting process id: 0x118c Faulting application start time: 0x01cdd1b7214eb8c0 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll Report Id: 6464a3e0-3daa-11e2-8e84-7071bc9fc43a

Uninstall Foxit. It's causing problems.

Log: 'Application' Date/Time: 02/12/2012 2:14:18 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17932, time stamp: 0x503285c2 Exception code: 0x0000046b Fault offset: 0x000000000000caed Faulting process id: 0xf94 Faulting application start time: 0x01cdcff03abddb10 Faulting application path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: f9ab1ac8-3c25-11e2-9008-7071bc9fc43a

Log: 'Application' Date/Time: 02/12/2012 2:02:09 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485 Faulting module name: wmp.dll, version: 12.0.7601.17514, time stamp: 0x4ce7ba7f Exception code: 0xc0000005 Fault offset: 0x0041a02e Faulting process id: 0x13c4 Faulting application start time: 0x01cdd031033fef48 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Windows\system32\wmp.dll Report Id: 47670fd0-3c24-11e2-9008-7071bc9fc43a

Windows Media Player is causing problems. Can you uninstall it or at least disable any Windows Media services?

Log: 'Application' Date/Time: 04/12/2012 12:50:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-1133253992-2123315571-3751703014-1001:
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\My
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Policies\Microsoft\SystemCertificates
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\CA
Process 1036 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Root
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Root
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2064 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1133253992-2123315571-3751703014-1001\Software\Microsoft\SystemCertificates\trust

This one is pretty common with Windows Live. If you don't really need it you should uninstall it. Possibly a newer version would not have this error.

Log: 'Application' Date/Time: 01/12/2012 6:34:18 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. Error: The server returned an invalid or unrecognized response ErrorCode: 14007(0x36b7).

This is something to do with the click to Run version of Microsoft Office. It claims it is running OK but having trouble talking to the server. Perhaps there is a problem with the network connection.

Did you run sfc /scannow before? Did it finish without errors?

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

Since Combofix won't run let's try DDS:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Also let's try ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

#28
RKinner

Posted 04 December 2012 - 01:43 PM

Malware Expert

Expert
24,625 posts

In addition to the previous post: I'm thinking a lot of your problems are caused by Comodo. It's blocking a lot of connections and causing a lot of the errors we are seeing. You might want to try uninstalling it. Replace it with the free Online Armor. http://www.online-ar...-armor-free.php

#29
polling

Posted 04 December 2012 - 07:52 PM

Member

Topic Starter
Member
303 posts

Ok i tried Eset scan thru IE it took 5 hrs and was stuck at 30%

So i canceled that

I did do the bit defender scan but didnt see an option to produce a log see attached

I did the sfc scan and i got the following message

Windows Resource Protection did not find any integrity violations

Also i uninstalled windows live but it keeps showing up in control panel

Also i uninstalled bonjour, foxit. I disabled Windows media services

Here is the dds txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Frank at 12:27:24 on 2012-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.706 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b1e4d7f0-ff6f-4c91-976c-0446181fc043&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b1e4d7f0-ff6f-4c91-976c-0446181fc043&searchtype=ds&q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b1e4d7f0-ff6f-4c91-976c-0446181fc043&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [Google Update] "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [Conime] C:\Windows\System32\conime.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Frank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{4269DD6C-B594-4BFA-BA6C-258867599855} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKAiO2MUI.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b1e4d7f0-ff6f-4c91-976c-0446181fc043&searchtype=ds&q=
FF - component: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\r4t6oelq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-1-6 38144]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-11-29 133944]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-14 1255736]
.
=============== Created Last 30 ================
.
2012-12-04 16:58:11 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E965471-4F30-48AD-B955-E8A18944E3B2}\offreg.dll
2012-12-04 16:55:58 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E965471-4F30-48AD-B955-E8A18944E3B2}\mpengine.dll
2012-12-03 18:31:32 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-02 12:06:23 -------- d-----w- C:\_OTL
2012-12-01 18:34:03 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07C2C7D4-5177-4F2D-A356-99787F3C3BF1}\gapaengine.dll
2012-12-01 18:23:59 28168 ----a-w- C:\Windows\System32\X3DAudio1_3.dll
2012-12-01 17:58:46 -------- d--h--w- C:\Windows\msdownld.tmp
2012-12-01 17:58:25 -------- d-----w- C:\Windows\SysWow64\directx
2012-11-30 23:06:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-30 23:06:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-30 22:51:17 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-30 16:56:54 98816 ----a-w- C:\Windows\sed.exe
2012-11-30 16:56:54 256000 ----a-w- C:\Windows\PEV.exe
2012-11-30 16:56:54 208896 ----a-w- C:\Windows\MBR.exe
2012-11-30 16:55:24 -------- d-s---w- C:\ComboFix
2012-11-29 20:32:06 77824 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKAiO2PPR.dll
2012-11-29 20:20:47 -------- d-----w- C:\Kodak
2012-11-29 19:59:24 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2012-11-29 19:59:11 133944 ----a-w- C:\Windows\SysWow64\atashost.exe
2012-11-29 19:55:46 -------- d-----w- C:\ProgramData\WebEx
2012-11-22 19:59:13 -------- d-----w- C:\Users\Frank\AppData\Roaming\Jaran Nilsen
2012-11-22 19:55:06 -------- d-----w- C:\Program Files (x86)\Notpod
2012-11-21 04:09:27 -------- d-----w- C:\Program Files (x86)\PrintProjects
2012-11-21 04:09:26 -------- d-----w- C:\ProgramData\Visan
2012-11-21 04:09:26 -------- d-----w- C:\ProgramData\PrintProjects
2012-11-21 03:50:44 -------- d-----w- C:\Windows\SysWow64\kodak
2012-11-19 14:29:41 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-18 08:56:21 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-18 08:56:16 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-18 08:56:16 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-18 08:56:15 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-18 08:19:11 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-18 08:19:09 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-18 08:19:04 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-11-18 08:19:03 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-11-18 08:19:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-18 08:19:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-11-18 08:19:01 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-11-18 08:08:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-18 08:08:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-18 08:08:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-18 08:08:38 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-18 08:08:24 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-18 08:08:21 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-18 08:08:20 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 19:42:11 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-17 19:42:11 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-07 01:24:21 -------- d-----w- C:\Program Files (x86)\TuneSync
.
==================== Find3M ====================
.
2012-11-07 23:38:00 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-07 23:37:59 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-07 23:37:57 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-07 23:37:36 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37:34 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-07 23:37:31 390392 ----a-w- C:\Windows\System32\guard64.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-09 02:49:38 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:49:38 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 21:00:22 183808 ----a-w- C:\Windows\System32\EKAiO2COI10.dll
2012-09-29 21:00:20 1793536 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:28:38.58 ===============

Here is the attach txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/12/2011 6:32:52 PM
System Uptime: 12/4/2012 10:39:19 AM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon™ II 170u Processor | Socket AM2 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 365.657 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.573 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: iPodDrv
Device ID: ROOT\LEGACY_IPODDRV\0000
Manufacturer:
Name: iPodDrv
PNP Device ID: ROOT\LEGACY_IPODDRV\0000
Service: iPodDrv
.
==== System Restore Points ===================
.
RP447: 11/17/2012 2:44:50 PM - Windows Update
RP448: 11/18/2012 3:00:38 AM - Windows Update
RP449: 11/19/2012 9:36:44 AM - Installed HP Support Assistant
RP450: 11/19/2012 11:52:58 AM - Windows Modules Installer
RP451: 11/19/2012 12:01:14 PM - Windows Modules Installer
RP452: 11/30/2012 3:00:59 AM - Windows Update
RP453: 11/30/2012 7:55:45 PM - OTL Restore Point - 11/30/2012 7:55:37 PM
RP454: 12/1/2012 1:07:05 PM - Installed DirectX
RP455: 12/1/2012 1:20:44 PM - Installed DirectX
RP456: 12/3/2012 1:29:45 PM - Windows Update
RP457: 12/3/2012 4:59:00 PM - Removed Apple Mobile Device Support
RP458: 12/4/2012 12:03:27 PM - Removed Bonjour
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
aioscnnr
Any Video Converter 3.2.5
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
C4USelfUpdater
center
Comcast Desktop Software (v1.2.1)
COMODO Internet Security
ConvertXtoDVD 4.1.19.365
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
Dropbox
eMule
essentials
ffdshow [rev 2527] [2008-12-19]
Free Window Registry Repair
Free WMA to MP3 Converter 1.16
GPL Ghostscript 8.64
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
iTunes
Java™ 7 Update 4 (64-bit)
Juniper Networks Setup Client
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
NVIDIA Drivers
ocr
PDF reDirect (remove only)
Picasa 3
PictureMover
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PreReq
PrintProjects
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SpywareBlaster 4.6
Super TextTwist
SUPERAntiSpyware
swMSM
TextTwist 2
The Off By One Web Browser
TuneSync Server 2.0.25
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
12/4/2012 11:54:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/3/2012 8:55:05 PM, Error: Service Control Manager [7000] - The iPodDrv service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Attached Thumbnails

#30
RKinner

Posted 04 December 2012 - 09:28 PM

Malware Expert

Expert
24,625 posts

Nothing obvious in DDS. Did you see my second post about replacing Comodo?

Has it gotten slow again? If so run Process Explorer again and post the log.