azj2k
-
Posts
76 -
Joined
-
Last visited
-
I had turned off MBAM website protection to run combofix, which is why I think I was getting redirected more. Once I turned the website protection back on, it didn't seem to happen anymore.
-
Yes, Combofix was started and at least an hour went by with no activity. Also, ie is redirecting to other websites a lot more often now.
-
Combofix is no longer running again. It is the same as before, where the program extracts the files, creates the output folder, and resets the windows settings to default, then back to normal. I am running it the same as last time, by running it through MBAM chameleon. RKILL was running in the background as well.
-
Here is the latest attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 10/5/2011 9:05:28 PM System Uptime: 5/29/2012 8:31:33 AM (28 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD Phenom II X4 B55 Processor | Socket M2 | 792/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 153 GiB total, 15.347 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: archlp Device ID: ROOT\LEGACY_ARCHLP\0000 Manufacturer: Name: archlp PNP Device ID: ROOT\LEGACY_ARCHLP\0000 Service: archlp . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Reader X (10.1.3) AMD VISION Engine Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Combined Community Codec Pack 2011-07-30 Content Transfer Corel PaintShop Pro X4 D3DX10 DAEMON Tools Lite Dual-Core Optimizer Easy Tune 6 B11.0427.1 ESET Online Scanner v3 F.E.A.R. Plantinum ICA IPM_PSP_COM Java 6 Update 31 Java 7 Update 4 JavaFX 2.1.0 Lands Of Lore 1 and 2 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Neverwinter Nights 2 NVIDIA PhysX ON_OFF Charge B11.0110.1 OpenAL OpenOffice.org 3.3 Overlord Overlord: Raising Hell Pando Media Booster PSPPContent PSPPHelp PunkBuster Services Realm of the Mad God RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Risen Risen 2 - Dark Waters Rockstar Games Social Club Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Setup Shockwave StarCraft II Steam System Requirements Lab CYRI Team Fortress 2 The Sims Medieval The Sims Medieval Pirates and Nobles Tropico 4 1.00 Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 5/30/2012 2:15:08 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 5/29/2012 8:31:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp 5/29/2012 8:31:38 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 5/29/2012 8:31:36 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. 5/29/2012 8:30:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/29/2012 8:29:54 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 5/29/2012 8:23:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 5/29/2012 8:20:50 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 5/29/2012 8:19:50 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running. 5/29/2012 8:19:50 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 5/29/2012 8:19:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 5/29/2012 8:19:02 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 5/29/2012 8:18:53 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:18:50 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/29/2012 8:14:17 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 5/29/2012 8:12:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 5/29/2012 8:10:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect. 5/29/2012 7:40:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.930.0). 5/28/2012 11:31:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.601.0). 5/27/2012 12:31:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/27/2012 12:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/27/2012 12:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/27/2012 12:30:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger archlp CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 5/27/2012 12:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 11:05:20 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 11:00:24 AM, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Certificate Propagation service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:38:02 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 5/27/2012 10:38:02 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s). 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s). 5/24/2012 2:10:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.390.0). 5/23/2012 7:51:14 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). 5/23/2012 6:31:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 5/23/2012 6:30:33 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended. . ==== End Of File ===========================
-
I did not have either of those files. Here is the latest DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Jason at 12:22:33 on 2012-05-30 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.3134 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\SysWOW64\PnkBstrA.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ACDaemon.exe C:\Program Files (x86)\Common Files\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe C:\Windows\SysWOW64\ping.exe C:\Windows\SysWOW64\ping.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [combofix] C:\ComboFix\CF6480.3XE /c C:\ComboFix\Combobatch.bat mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) LSP: mswsock.dll DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1F0369E0-70BE-4DCD-A36F-7B94DC8530CE} : DhcpNameServer = 192.168.1.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman\ContentTransferWMDetector.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [combofix] C:\ComboFix\CF6480.3XE /c C:\ComboFix\Combobatch.bat mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\oevsaz1j.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-10-5 30528] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 257696] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-10-5 25640] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-27 129976] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-05-29 15:19:10 -------- d-s---w- C:\ComboFix 2012-05-29 15:15:00 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-05-29 15:14:57 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8B4E4C5-C86A-4DD2-B7D6-3C673DC520AB}\mpengine.dll 2012-05-29 15:10:43 98816 ----a-w- C:\Windows\sed.exe 2012-05-29 15:10:43 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-29 15:10:43 256000 ----a-w- C:\Windows\PEV.exe 2012-05-29 15:10:43 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 15:09:01 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-05-29 14:57:42 -------- d-----w- C:\Users\Jason\AppData\Local\{F73FD0BD-CEDB-47F4-BF27-799FC036D52D} 2012-05-29 14:57:24 -------- d-----w- C:\Users\Jason\AppData\Local\{9545FD54-96FE-4C2C-A4FF-15E32C6C8BBD} 2012-05-28 23:22:47 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-05-28 23:22:47 839112 ----a-w- C:\Windows\System32\deployJava1.dll 2012-05-28 18:03:50 -------- d-----w- C:\Users\Jason\AppData\Local\{4DB830BB-7B6D-439D-82D2-9D530F62EDDB} 2012-05-28 18:03:38 -------- d-----w- C:\Users\Jason\AppData\Local\{777922F7-0EF1-431A-9E40-B8D62563BD26} 2012-05-28 14:35:39 -------- d-----w- C:\Users\Jason\DoctorWeb 2012-05-28 06:03:13 -------- d-----w- C:\Users\Jason\AppData\Local\{B546EF63-4213-45C9-B72E-9ACA5B2DCD9A} 2012-05-28 06:02:50 -------- d-----w- C:\Users\Jason\AppData\Local\{9C5B8930-6B34-4DCA-A4F5-8E86A27AEC06} 2012-05-27 20:48:10 -------- d-----w- C:\Program Files (x86)\ESET 2012-05-27 19:35:15 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nprjplug.dll 2012-05-27 19:35:02 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared 2012-05-27 19:34:57 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppl3260.dll 2012-05-27 19:34:51 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nprpplugin.dll 2012-05-27 18:02:24 -------- d-----w- C:\Users\Jason\AppData\Local\{08F0E098-F462-4414-92DA-31DF8E3059A0} 2012-05-27 18:02:00 -------- d-----w- C:\Users\Jason\AppData\Local\{0D685BDA-997B-4B30-B143-BD4A8E1D3D97} 2012-05-27 03:49:48 -------- d-----w- C:\Users\Jason\AppData\Local\{A71B4A31-994C-41C0-8716-F0BBBF6316E0} 2012-05-27 03:49:25 -------- d-----w- C:\Users\Jason\AppData\Local\{79D95C2B-F6F9-41FC-AEE9-4C0AEB4FF513} 2012-05-26 15:48:59 -------- d-----w- C:\Users\Jason\AppData\Local\{813DD2BA-A2EE-4AE3-A9DE-BE9ADA66589A} 2012-05-26 03:48:33 -------- d-----w- C:\Users\Jason\AppData\Local\{42843A8D-A17A-4AF7-B6A2-890E82D15403} 2012-05-26 03:48:22 -------- d-----w- C:\Users\Jason\AppData\Local\{D2CB2D77-E516-4344-A0BB-5C63223FF12A} 2012-05-25 19:28:18 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-25 19:27:07 -------- d-----w- C:\Users\Jason\AppData\Local\PunkBuster 2012-05-25 18:37:39 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-25 18:37:26 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-05-25 15:47:50 -------- d-----w- C:\Users\Jason\AppData\Local\{6F1A52B0-CC8D-4CC7-A60D-986781FCCB2E} 2012-05-25 15:47:21 -------- d-----w- C:\Users\Jason\AppData\Local\{CFD4C284-637D-4A64-A466-FFD38F81119D} 2012-05-25 15:45:05 -------- d-----w- C:\_OTL 2012-05-25 14:39:00 -------- d-----w- C:\Users\Jason\AppData\Local\{B689461D-B0E7-4193-95D4-AD5CE834643C} 2012-05-25 02:38:47 -------- d-----w- C:\Users\Jason\AppData\Local\{8B3DB619-C107-4785-8FBD-24F48DCD83C4} 2012-05-25 02:38:35 -------- d-----w- C:\Users\Jason\AppData\Local\{4CB7C2CA-602E-4721-9324-15B5D6C67540} 2012-05-25 02:37:02 -------- d-----w- C:\Users\Jason\AppData\Local\{44A4B773-90BF-4B27-ACFE-D51D3AE97C11} 2012-05-25 02:36:51 -------- d-----w- C:\Users\Jason\AppData\Local\{242223F7-BFA3-4D35-869C-C9C83422079D} 2012-05-25 02:36:16 -------- d-----w- C:\Users\Jason\AppData\Local\{16A1E47F-9CCC-454E-BE92-80A51D9CCB79} 2012-05-24 10:51:12 -------- d-----w- C:\Users\Jason\AppData\Local\{969CE9BC-7975-4058-BAF4-47D2E2E0CA00} 2012-05-24 10:50:50 -------- d-----w- C:\Users\Jason\AppData\Local\{2EEBEF73-2628-437B-987F-B8BB7747FE51} 2012-05-24 04:02:43 -------- d-----w- C:\Users\Jason\AppData\Roaming\Unity 2012-05-24 03:15:56 -------- d-----w- C:\Users\Jason\AppData\Local\Unity 2012-05-23 22:50:24 -------- d-----w- C:\Users\Jason\AppData\Local\{D4A32F95-441A-4C8C-9B97-14CFCF3590A5} 2012-05-23 22:50:05 -------- d-----w- C:\Users\Jason\AppData\Local\{C3FF4519-2ED6-47EC-AEEC-B13E81C328C8} 2012-05-23 06:44:18 -------- d-----w- C:\Users\Jason\AppData\Local\{BC3ACC20-8378-4F0C-B0EF-1282E91C7C34} 2012-05-23 06:44:06 -------- d-----w- C:\Users\Jason\AppData\Local\{D2044685-A1E7-4048-8C63-9299E6AA0CC6} 2012-05-22 00:44:44 -------- d-----w- C:\Users\Jason\AppData\Local\{8C84AF60-98FF-4BB5-91F1-39436DEAFC84} 2012-05-22 00:44:22 -------- d-----w- C:\Users\Jason\AppData\Local\{A35A14A0-FAE6-452E-B041-15F908CAB677} 2012-05-21 18:28:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-21 18:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-21 17:38:12 -------- d-----w- C:\Users\Jason\AppData\Local\ElevatedDiagnostics 2012-05-21 15:50:24 -------- d-----w- C:\ProgramData\BDLogging 2012-05-21 12:43:56 -------- d-----w- C:\Users\Jason\AppData\Local\{BFC9361D-07E2-4F64-897B-BBFCAC0757C3} 2012-05-21 12:43:33 -------- d-----w- C:\Users\Jason\AppData\Local\{1F7C752B-7789-4A26-99EB-066FF1DCDE92} 2012-05-21 11:40:31 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2012-05-21 11:40:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2012-05-21 11:40:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2012-05-21 11:40:31 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2012-05-21 11:40:31 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2012-05-21 11:40:30 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2012-05-21 11:40:30 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2012-05-21 11:03:53 -------- d-----w- C:\Program Files (x86)\Atari 2012-05-21 11:03:29 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2012-05-21 11:03:29 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2012-05-21 11:03:29 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2012-05-21 11:03:29 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2012-05-21 11:03:29 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2012-05-21 11:03:28 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll 2012-05-21 11:03:28 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll 2012-05-21 00:43:17 -------- d-----w- C:\Users\Jason\AppData\Local\{9D8D47A4-7D46-434F-AF01-2BC9995C01C3} 2012-05-21 00:42:54 -------- d-----w- C:\Users\Jason\AppData\Local\{CBD29E77-AE77-47A8-A4C0-95A5B2D88C99} 2012-05-20 15:48:20 -------- d-----w- C:\Users\Jason\AppData\Local\CrashDumps 2012-05-20 12:42:41 -------- d-----w- C:\Users\Jason\AppData\Local\{DA05F905-7D97-4FDE-BF7E-02136322489D} 2012-05-20 12:42:18 -------- d-----w- C:\Users\Jason\AppData\Local\{8326ACAB-E700-4FE1-9D94-A4423DE7692E} 2012-05-20 00:42:07 -------- d-----w- C:\Users\Jason\AppData\Local\{C88B5094-470E-4364-8F55-B48A23FFFA16} 2012-05-20 00:41:46 -------- d-----w- C:\Users\Jason\AppData\Local\{027E0B54-8CF5-4644-98EA-74C62E4C6CEA} 2012-05-19 12:41:34 -------- d-----w- C:\Users\Jason\AppData\Local\{27A16C62-5024-4863-8104-455860C9E135} 2012-05-19 12:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{D97AD9FC-425A-4202-9196-8086ACCFA5F8} 2012-05-18 10:30:48 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-05-17 19:12:15 -------- d-----w- C:\Users\Jason\AppData\Local\{5212C9F0-601D-4353-AA0C-0426A8B4B3AF} 2012-05-17 19:12:05 -------- d-----w- C:\Users\Jason\AppData\Local\{AFA6E3E3-A843-44E7-B6DF-F788045CA86C} 2012-05-17 18:58:29 -------- d-----w- C:\ProgramData\Protexis 2012-05-17 18:56:49 -------- d-----w- C:\Users\Jason\AppData\Local\Corel PaintShop Pro 2012-05-17 18:56:23 -------- d-----w- C:\ProgramData\Corel 2012-05-17 18:56:23 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis 2012-05-17 18:55:09 -------- d-----w- C:\Program Files (x86)\Corel 2012-05-17 17:05:57 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll 2012-05-17 04:32:55 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes 2012-05-17 04:32:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-16 21:25:27 -------- d-----w- C:\Users\Jason\AppData\Local\{B143363E-5F39-4B06-9EE8-961E53C570C5} 2012-05-16 17:32:29 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2012-05-16 14:20:20 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-15 19:37:23 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-05-15 00:02:26 -------- d-----w- C:\Program Files (x86)\Oracle 2012-05-15 00:02:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-14 08:08:30 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics 2012-05-14 07:04:50 -------- d-----w- C:\Program Files (x86)\Warcraft III (Dota - latest) 2012-05-13 21:59:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\DarknessII 2012-05-13 20:44:44 -------- d-----w- C:\Users\Jason\AppData\Local\BladesOfTime 2012-05-13 17:30:47 -------- d-----w- C:\Users\Jason\AppData\Local\Risen2 2012-05-12 15:50:14 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-12 15:36:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012-05-12 15:36:34 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-05-12 15:24:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-12 07:38:19 -------- d-----w- C:\Program Files (x86)\GOG.com 2012-05-12 04:31:24 -------- d-----w- C:\ProgramData\RELOADED 2012-05-11 23:49:18 -------- d-----w- C:\ProgramData\Pendulo Studios 2012-05-11 23:33:24 -------- d-----w- C:\Users\Jason\AppData\Local\Risen 2012-05-11 23:31:09 314016 ----a-w- C:\Windows\System32\drivers\atksgt.sys 2012-05-11 23:31:06 43680 ----a-w- C:\Windows\System32\drivers\lirsgt.sys 2012-05-11 23:26:14 -------- d-----w- C:\Program Files (x86)\Deep Silver 2012-05-11 23:20:34 -------- d-----w- C:\Users\Jason\AppData\Local\signal studios 2012-05-11 23:06:52 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-05-11 23:06:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-05-11 23:06:52 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-05-11 23:06:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-05-11 23:06:52 -------- d-----w- C:\Program Files (x86)\OpenAL 2012-05-11 18:40:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-05-11 18:40:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-05-11 18:40:11 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-05-11 18:40:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-05-11 18:40:11 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-05-11 18:40:11 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-05-11 18:40:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-05-11 18:38:35 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-05-11 18:38:27 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-05-11 18:37:54 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-11 18:37:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 18:37:51 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-11 18:37:49 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-11 18:37:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-11 18:37:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-11 18:36:34 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-11 18:36:33 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-11 18:36:28 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 18:36:28 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-11 18:36:28 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-11 18:36:28 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-11 18:36:28 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 16:52:14 -------- d-----w- C:\Users\Jason\AppData\Roaming\LS 2012-05-06 06:21:40 -------- d-----w- C:\ProgramData\Reflexive 2012-05-03 23:41:12 -------- d-----w- C:\Users\Jason\AppData\Local\{B7EEDF0B-16A9-4B31-A2C8-5E153DB1C53D} 2012-05-03 23:30:26 -------- d-----w- C:\Users\Jason\AppData\Local\{45A0E8A3-19AA-4677-A458-5C25D5094CF3} 2012-05-03 21:21:13 -------- d-----w- C:\Users\Jason\AppData\Local\{CC938591-882E-4CC4-8DAA-D425876914ED} . ==================== Find3M ==================== . 2012-05-29 15:32:00 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-05-29 15:31:46 25640 ----a-w- C:\Windows\gdrv.sys 2012-05-28 06:48:51 25640 ----a-w- C:\Windows\etdrv.sys 2012-05-27 19:34:47 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-27 19:34:47 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-12 15:51:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-06 05:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-04-06 05:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-04-06 05:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-06 05:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-04-06 05:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-06 05:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-04-06 05:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll 2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-04-05 01:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-09 21:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-03-09 21:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-03-09 01:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll . ============= FINISH: 12:23:19.53 ===============
-
I have a combofix folder in C:, but this is the only information that was included in combofix.txt: ComboFix 12-05-28.05 - Jason 05/29/2012 8:22:26.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2705 [GMT -7:00] Running from: C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
-
Davidb - Not sure you posted in the correct message base...
-
Finally got Combofix to work. Where is the scan log located so I can paste the results?
-
Since I'm using Windows 7, the file is actually located in the Program Files (x86) folder. Can you update the Run command line with the Windows 7 version? Thanks!
-
Please ignore above posts. Running ie in administrator mode seemed to have solved the problem. I'll try and run the scan now.
-
I just checked, and my user account is set as the administrator, so I'm not sure why I'm getting the message.
-
It will let me send the copy I have from the USB drive to Program Files. Do you want me to try it this way?
-
I get the following message when trying to save: "You don't have permission to save in this location. Contact the administrator to obtain permission." Don't know why I'm getting the message. Do you know how I change the security settings to allow permission?
-
Here is a copy of the GMER log file: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-28 17:36:11 Windows 6.1.7601 Service Pack 1 Running: 93dqpxfj.exe ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Jason\Downloads\Back to the Future Episode 1 \x2013 It\x2019s About Time\Back to the Future Episode 1 \x2013 It\x2019s About Time.exe 1 ---- Files - GMER 1.0.15 ---- File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RQ4WUER\afr[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RQ4WUER\1209[1].js 2305 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RQ4WUER\glamadapt_jsrv[1].js 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RQ4WUER\iframe3[1].htm 524 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RQ4WUER\iframe3[2].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\getjs[1].js 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\ads[2].htm 2811 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\front[2].js 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\count[3].js 20 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\crossdomain[6].xml 194 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEG7P2HM\sandbox[2].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\1209[1].js 2305 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\dppix[1].htm 7915 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\freq[1].htm 395 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\REDIRURL=;ord=74631[1].htm 5909 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\home;s1=home;s2=;pid=;wmode=transparent;kw=;test=%7Bget_test%7D;pga=ad;pos=top;tile=2;sz=300x250;ord=4896178479903503[1].js 667 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\syncuppixels[1].htm 14488 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\step-up-your-style-with-statement-jewelry[1].htm 31545 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\navcancl[1] 2713 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JE7WV912\findwhat[1].htm 9686 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\13-MHM-TravelRollerBag_728x90_brd_non[1].swf 39198 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\home;wmode=transparent;s1=home;s2=;pid=;kw=;test=%7Bget_test%7D;pga=ad;dcopt=;tile=1;sz=728x90,920x50;ord=4896178479903503[1].js 407 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\vastvpaid[1].xml 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\findwhat[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\st[1] 5181 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WG4STS1G\88_198_7_221[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\06TMML85.txt 628 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9EW66ELO.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ROU9FQMV.txt 1112 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4USVUIKL.txt 4438 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\50H0AW54.txt 1208 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GV6W49TR.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\35E2LL80.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HM9YZ9CZ.txt 11976 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1CL1CMHS.txt 110 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JJC8BLBN.txt 1264 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M0UM5KOX.txt 1983 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\M196KMYA.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\A3N9NQHF.txt 2006 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8VU2XZAX.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GEZMQ3P6.txt 4198 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W548NG1A.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WVB2X1R4.txt 90 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HUHAUACP.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RD9ZV4J0.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B8WVUDPZ.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2C96532Q.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TFRSVRFK.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9N1E4FCB.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9N8WPLBU.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JF2IHVVY.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\K9ETC41K.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AJRY6ETW.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4C7J5ODI.txt 531 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4E5WU5PQ.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KVFRQ0GZ.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1E514ZRE.txt 1566 bytes ---- EOF - GMER 1.0.15 ----
-
Here is the attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 10/5/2011 9:05:28 PM System Uptime: 5/28/2012 9:15:52 AM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P Processor: AMD Phenom II X4 B55 Processor | Socket M2 | 3300/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 153 GiB total, 22.148 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: archlp Device ID: ROOT\LEGACY_ARCHLP\0000 Manufacturer: Name: archlp PNP Device ID: ROOT\LEGACY_ARCHLP\0000 Service: archlp . ==== System Restore Points =================== . RP251: 5/27/2012 1:07:12 PM - OTL Restore Point - 5/27/2012 1:07:12 PM . ==== Installed Programs ====================== . Adobe Reader X (10.1.3) AMD VISION Engine Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Combined Community Codec Pack 2011-07-30 Content Transfer Corel PaintShop Pro X4 D3DX10 DAEMON Tools Lite Dual-Core Optimizer Easy Tune 6 B11.0427.1 ESET Online Scanner v3 F.E.A.R. Plantinum ICA IPM_PSP_COM Java Auto Updater Java 6 Update 22 Java 6 Update 31 Java 7 Update 4 JavaFX 2.1.0 Lands Of Lore 1 and 2 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Neverwinter Nights 2 NVIDIA PhysX ON_OFF Charge B11.0110.1 OpenAL OpenOffice.org 3.3 Pando Media Booster PSPPContent PSPPHelp PunkBuster Services Realm of the Mad God RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Risen Risen 2 - Dark Waters Rockstar Games Social Club Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Setup Shockwave StarCraft II Steam System Requirements Lab CYRI Team Fortress 2 The Sims Medieval The Sims Medieval Pirates and Nobles Tropico 4 1.00 Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 5/28/2012 9:16:36 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 5/28/2012 9:16:36 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 5/28/2012 9:16:23 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 5/28/2012 9:16:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: archlp 5/28/2012 9:16:19 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 5/28/2012 9:16:16 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. 5/27/2012 3:40:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.601.0). 5/27/2012 12:31:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:31:23 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 12:31:22 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 12:31:22 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 12:31:22 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/27/2012 12:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/27/2012 12:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/27/2012 12:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/27/2012 12:30:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger archlp CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl 5/27/2012 12:30:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect. 5/27/2012 12:30:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 12:30:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/27/2012 11:05:20 AM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 11:00:24 AM, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 10:59:21 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:54:10 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Certificate Propagation service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:48:53 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s). 5/27/2012 10:43:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 5/27/2012 10:43:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 5/27/2012 10:39:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 5/27/2012 10:38:02 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s). 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 5/27/2012 10:38:02 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:38:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 10:36:00 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/27/2012 10:36:00 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/24/2012 2:10:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.390.0). 5/23/2012 7:51:14 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). 5/23/2012 6:31:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 5/23/2012 6:30:33 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended. 5/23/2012 6:29:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 5/23/2012 6:27:50 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/22/2012 11:41:15 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address E4-CE-8F-55-E4-41. Network operations on this system may be disrupted as a result. 5/21/2012 4:16:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.201.0). . ==== End Of File ===========================