Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Selectionlinks? hit by some virus


  • Please log in to reply

#16
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
did not find svchost.exe_sysmain just svchost.exe

path for sysmain is C:/windows/system32/sysmain.dll
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can you uninstall Intel® Management Engine Interface then?
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and GrantPerms64.exe by right clicking and Run As Admin
Copy and paste the following in the edit box:

C:/windows/system32/sysmain.dll 


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
  • 0

#19
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
When OTL gets to "scanning Firefox settings" it hangs.
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
OK we won't use OTL for a while. See if you can do the other stuff tho.
  • 0

#21
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
GrantPerms by Farbar
Ran by David's HP (administrator) at 2013-01-17 15:48:23

===============================================
ERROR: Parsing the SD of <C:/windows/system32/sysmain.dll > failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
  • 0

#22
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
dont know why it says file not found it is there, I took a screen shot of the location.
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Try it with

C:/windows/sysnative/sysmain.dll
  • 0

#24
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
GrantPerms by Farbar
Ran by David's HP (administrator) at 2013-01-17 15:54:36

===============================================
C:/windows/sysnative/sysmain.dll

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

Advertisements


#26
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2013 3:59:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/01/2013 8:36:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/12/2012 6:44:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/12/2012 1:43:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/10/2012 3:08:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/09/2012 3:28:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/09/2012 10:23:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/09/2012 3:23:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/08/2012 4:39:34 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/08/2012 8:32:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/06/2012 3:24:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/05/2012 8:10:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/05/2012 5:17:30 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/05/2012 5:17:30 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 24/05/2012 6:11:54 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device H:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 24/05/2012 6:11:54 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 05/04/2012 12:29:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/04/2012 3:16:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/03/2012 3:44:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2013 9:01:54 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user DAVES-6930P\David's HP SID (S-1-5-21-1916152551-4166504153-3791849091-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/01/2013 9:01:54 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user DAVES-6930P\David's HP SID (S-1-5-21-1916152551-4166504153-3791849091-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/01/2013 9:01:54 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user DAVES-6930P\David's HP SID (S-1-5-21-1916152551-4166504153-3791849091-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/01/2013 8:06:18 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:06:03 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 8:04:38 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:36:48 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/01/2013 7:36:16 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 17/01/2013 7:34:35 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/01/2013 7:11:43 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 7:10:13 PM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:01:45 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 5:00:09 AM
Type: Error Category: 0
Event: 10003 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 17/01/2013 4:24:45 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2013 8:04:42 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 7:10:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 5:00:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 4:21:55 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/01/2013 4:17:48 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/01/2013 4:06:28 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/01/2013 2:32:26 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.eset.sg timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/01/2013 2:13:45 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/01/2013 12:01:12 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/01/2013 11:53:55 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
Microsoft Antimalware scan has been stopped before completion. Scan ID: {2B32470A-3FB4-4B18-B351-B0A951CA9D73} Scan Type: Antimalware Scan Parameters: Full Scan User: DAVES-6930P\David's HP

Log: 'System' Date/Time: 16/01/2013 10:17:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 3841095.fls.doubleclick.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/01/2013 4:40:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/01/2013 4:40:42 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.natcazau.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 6:39:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.chainlove.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 2:35:41 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cdn.brcdn.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 1:00:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.natcazau.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 10:53:14 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/01/2013 10:43:29 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.bonktown.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/01/2013 5:11:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.chainlove.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/01/2013 5:56:03 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.il.comcast.net timed out after none of the configured DNS servers responded.
  • 0

#27
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2013 4:11:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/01/2013 9:46:37 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2788 Start Time: 01cdf4fb859297a2 Termination Time: 0 Application Path: C:\Users\David's HP\Desktop\OTL.exe Report Id: 5cbdc021-60ef-11e2-854e-df481fb09c6a

Log: 'Application' Date/Time: 17/01/2013 9:22:55 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 9:22:55 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 9:22:49 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 8:05:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9cc Faulting application start time: 0x01cdf4ee0c83292e Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 4dcdd269-60e1-11e2-854e-df481fb09c6a

Log: 'Application' Date/Time: 17/01/2013 8:05:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4c0 Faulting application start time: 0x01cdf4ee06993e00 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: 4dcdab59-60e1-11e2-854e-df481fb09c6a

Log: 'Application' Date/Time: 17/01/2013 7:11:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x998 Faulting application start time: 0x01cdf4e6757960d2 Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b5f00884-60d9-11e2-857d-ee4f022d5c65

Log: 'Application' Date/Time: 17/01/2013 7:11:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4e0 Faulting application start time: 0x01cdf4e66db1010c Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: b5eda724-60d9-11e2-857d-ee4f022d5c65

Log: 'Application' Date/Time: 17/01/2013 3:11:32 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 6:33:49 AM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 17/01/2013 6:33:12 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 17/01/2013 5:01:26 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9e8 Faulting application start time: 0x01cdf46faf59d14d Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: f210ad13-6062-11e2-bd40-80ead0c92068

Log: 'Application' Date/Time: 17/01/2013 5:01:26 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x514 Faulting application start time: 0x01cdf46faa69af8b Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: f20988f2-6062-11e2-bd40-80ead0c92068

Log: 'Application' Date/Time: 17/01/2013 4:23:49 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EvtEng.exe, version: 13.2.0.3, time stamp: 0x4b913eba Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp: 0x506dcae6 Exception code: 0xe06d7363 Fault offset: 0x000000000000bccd Faulting process id: 0x9ec Faulting application start time: 0x01cdf46a6c63f2ab Faulting application path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: b0b88993-605d-11e2-8ea9-9e82fcfa6462

Log: 'Application' Date/Time: 17/01/2013 4:23:47 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f Exception code: 0x40000015 Fault offset: 0x000000000002a84e Faulting process id: 0x4b4 Faulting application start time: 0x01cdf46a63981ce8 Faulting application path: C:\Windows\system32\WLANExt.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: af6b48ed-605d-11e2-8ea9-9e82fcfa6462

Log: 'Application' Date/Time: 17/01/2013 4:21:25 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\sysmain.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Log: 'Application' Date/Time: 17/01/2013 4:21:24 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x0000000000018f36 Faulting process id: 0x3e4 Faulting application start time: 0x01cdf45865ae9672 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5a58d245-605d-11e2-95ad-c743f4537a67

Log: 'Application' Date/Time: 17/01/2013 2:33:25 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:33:20 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 17/01/2013 2:33:15 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Users\David's HP\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/01/2013 7:10:13 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 17/01/2013 4:22:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 540 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 13/01/2013 4:41:18 AM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 12/01/2013 11:20:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1916152551-4166504153-3791849091-1001:
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\My
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\CA
Process 584 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1916152551-4166504153-3791849091-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 11/01/2013 6:04:54 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 10/01/2013 10:59:22 PM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll"

Log: 'Application' Date/Time: 10/01/2013 10:54:28 PM
Type: Warning Category: 0
Event: 1021 Source: .NET Runtime
.NET Runtime version 2.0.50727.5466 - Executable "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" AppDomain "DefaultDomain" deleted obsolete native image "C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll"

Log: 'Application' Date/Time: 10/01/2013 9:17:59 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:17:51 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:08:11 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/01/2013 9:08:02 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2013 11:37:18 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 01/01/2013 10:31:58 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 29/12/2012 1:21:26 AM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 22/12/2012 11:14:28 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 19/12/2012 5:19:10 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 14/12/2012 2:42:21 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver

Log: 'Application' Date/Time: 13/12/2012 9:12:57 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1916152551-4166504153-3791849091-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 03/12/2012 4:27:20 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (112) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 10256384 (0x00000000009c8000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (70303 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 17/11/2012 8:31:14 PM
Type: Warning Category: 0
Event: 1 Source: LMS
LMS Service cannot connect to Intel® MEI driver
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Were you not able to find a new wireless driver from your PC Maker's website?

Also it doesn't look like you cleared the alarms before the reboot.
  • 0

#29
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
i just updated the driver, it said I had the current driver but I installed a newer one anyway. I am not sure where or how to clear alarms
  • 0

#30
ImJustsayin

ImJustsayin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 281 posts
Google in I.E. also act weird, it opens with the big Google icon and search bar in the middle of the page but as soon as I start typing it shifts to a banner at the top of the page and will not search. if I search from address bar it searchers fine
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP