bsluper

TDSSKiller Log File TDSSKiller.2.8.16.0_08.06.2013_11.47.00_log.txt

It won't let me posts the log it says "post too long"

Yes I ran the combofix before I found this forum and am not sure where the log for that is kept. Wish I had found this first! note: TDSSkiller found something and when I selected skip the program froze. So I had to reboot and run the program again but it didn't find anything this time.

I would prefer to clean it instead of doing a reinstall if you all could help with that it would be incredible!

I do have administrator privilages on the computer. I thought about doing a format and reinstall but since they did not supply a recovery cd I am trying to avoid that.

My computer at work has audio that is continuously playing in the background, mostly radio and ads it seems like. I cannot get it to stop and under the sound/volume mixer it says "name not available" In addition is looks like an svchost is hogging cpu and networking rescources. Here is the DDS and Attach logs. I have been trying to get rid of this for days, Please help! DDS ------------------------------------------------------------------ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 Run by Hotel at 10:27:57 on 2013-06-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3766.1149 [GMT -4:00] . AV: AVG Premium Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: eTrust ITM *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Premium Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Hotel\AppData\Roaming\Cross\App\sha.wynhg.com\Cross.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://myportal.wyndhamworldwide.com/ BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 24.158.63.8 24.158.63.9 63.98.122.2 TCP: Interfaces\{1B41216E-3ADD-4653-A56A-DBC3DF869614} : DHCPNameServer = 24.158.63.8 24.158.63.9 63.98.122.2 SSODL: WebCheck - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-5-24 301232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-7 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-7 701512] S3 a320raid;a320raid;C:\Windows\System32\drivers\a320raid.sys [2010-9-8 304688] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-3-10 71168] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-7 25928] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-9 412776] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-10 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-3-10 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-11 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] . =============== Created Last 30 ================ . 2013-06-08 04:15:52 -------- d-----w- C:\Users\Hotel\AppData\Local\Avg2013 2013-06-08 04:09:08 -------- d-sh--w- C:\$RECYCLE.BIN 2013-06-08 02:48:53 98816 ----a-w- C:\Windows\sed.exe 2013-06-08 02:48:53 256000 ----a-w- C:\Windows\PEV.exe 2013-06-08 02:48:53 208896 ----a-w- C:\Windows\MBR.exe 2013-06-08 01:31:12 -------- d-----w- C:\Users\Hotel\AppData\Local\NPE 2013-06-08 01:31:12 -------- d-----w- C:\ProgramData\Norton 2013-06-08 00:49:03 -------- d-----w- C:\Users\Hotel\AppData\Local\SvchostViewer 2013-06-07 23:49:08 -------- d-----w- C:\Users\Hotel\AppData\Roaming\Malwarebytes 2013-06-07 23:48:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-07 23:48:58 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-07 23:48:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-07 23:48:49 -------- d-----w- C:\Users\Hotel\AppData\Local\Programs 2013-06-07 23:22:36 -------- d-----w- C:\Windows\pss 2013-06-07 21:18:50 -------- d-----w- C:\Users\Hotel\AppData\Local\ElevatedDiagnostics 2013-06-07 20:59:00 -------- d-----w- C:\ProgramData\AVG2013 2013-06-07 20:57:25 -------- d--h--w- C:\ProgramData\Common Files 2013-06-07 20:57:25 -------- d-----w- C:\Users\Hotel\AppData\Local\MFAData 2013-06-07 20:57:25 -------- d-----w- C:\ProgramData\MFAData 2013-06-07 14:38:07 -------- d-----w- C:\Users\Hotel\AppData\Local\Citrix . ==================== Find3M ==================== . . ============= FINISH: 10:28:26.70 =============== ATTACH --------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/12/2012 7:23:52 AM System Uptime: 6/7/2013 11:52:14 PM (11 hours ago) . Motherboard: LENOVO | | Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 3193/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 425.2 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Network Controller Device ID: PCI\VEN_8086&DEV_0084&SUBSYS_13158086&REV_00\74E50BFFFFABBF5C00 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_8086&DEV_0084&SUBSYS_13158086&REV_00\74E50BFFFFABBF5C00 Service: . Class GUID: Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_306A17AA&REV_06\3&11583659&15&B0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_306A17AA&REV_06\3&11583659&15&B0 Service: . ==== System Restore Points =================== . RP87: 2/16/2013 7:44:33 AM - Scheduled Checkpoint RP88: 2/23/2013 6:33:41 PM - Scheduled Checkpoint RP89: 3/3/2013 12:00:03 AM - Scheduled Checkpoint RP90: 3/10/2013 1:12:24 AM - Scheduled Checkpoint RP91: 3/17/2013 4:30:41 AM - Scheduled Checkpoint RP92: 3/24/2013 7:34:55 AM - Scheduled Checkpoint RP93: 4/1/2013 12:35:51 AM - Scheduled Checkpoint RP94: 4/8/2013 1:22:27 AM - Scheduled Checkpoint RP95: 4/16/2013 12:05:22 AM - Scheduled Checkpoint RP96: 4/23/2013 1:20:23 AM - Scheduled Checkpoint RP97: 5/1/2013 12:12:48 AM - Scheduled Checkpoint RP98: 5/8/2013 10:16:03 PM - Scheduled Checkpoint RP99: 5/16/2013 12:16:05 AM - Scheduled Checkpoint RP100: 5/23/2013 1:44:49 AM - Scheduled Checkpoint RP101: 5/30/2013 11:53:12 PM - Scheduled Checkpoint RP102: 6/7/2013 12:53:40 AM - Scheduled Checkpoint RP103: 6/8/2013 12:14:01 AM - Removed AVG 2013 RP104: 6/8/2013 12:15:56 AM - Removed AVG 2013 . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 CA eTrustITM Agent CA iTechnology iGateway [x64] Intel® Network Connections 15.2.89.0 Java Auto Updater Java 6 Update 22 Java 6 Update 26 Malwarebytes Anti-Malware version 1.75.0.1300 Micros Fidelio Opera Print Control Micros Fidelio Opera Print Utility Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 OpenOffice.org 3.3 Opera JinitCheck Control Opera Register Terminal Opera Screen Painter Thin Client Oracle JInitiator 1.3.1.25 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Visual Studio 2010 x64 Redistributables Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 6/8/2013 12:07:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/8/2013 1:45:15 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 6/7/2013 9:56:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:54:37 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:26:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 9:26:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 9:26:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 9:25:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 9:24:41 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:24:41 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:24:41 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 9:24:41 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 9:09:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005158610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-41433-01. 6/7/2013 8:30:46 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 8:30:46 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 8:30:46 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 8:11:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect. 6/7/2013 8:11:04 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/7/2013 8:07:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005174610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-25802-01. 6/7/2013 8:04:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800510e3ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-86174-01. 6/7/2013 7:32:17 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 6/7/2013 7:30:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005100610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-36067-01. 6/7/2013 7:26:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80050eb3ef, 0x0000000000000000, 0x000007fffffa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-33821-01. 6/7/2013 6:59:49 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 6/7/2013 6:59:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800199d7b2, 0xfffff880074d0eb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-73694-01. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 6/7/2013 6:54:47 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s). 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/7/2013 6:54:47 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 6:39:54 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s). 6/7/2013 6:37:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000303db0c, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-42151-01. 6/7/2013 6:32:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80050dc610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-63523-01. 6/7/2013 6:29:06 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 6/7/2013 5:25:59 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). 6/7/2013 5:25:59 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 5:25:59 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 5:12:50 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 4:52:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 6/7/2013 4:52:47 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 6/7/2013 4:37:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002422b0c, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-85051-01. 6/7/2013 4:26:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005131610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-91088-01. 6/7/2013 4:02:39 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 8 time(s). 6/7/2013 3:56:42 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 7 time(s). 6/7/2013 3:32:17 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 7 time(s). 6/7/2013 3:32:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 6 time(s). 6/7/2013 3:32:17 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 3:32:17 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s). 6/7/2013 3:22:19 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s). 6/7/2013 3:22:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s). 6/7/2013 3:22:19 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 6 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 5 time(s). 6/7/2013 3:19:39 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:47:17 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s). 6/7/2013 2:47:17 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s). 6/7/2013 2:46:16 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:46:16 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:46:16 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:46:15 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:46:14 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:46:14 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s). 6/7/2013 2:26:37 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/7/2013 2:19:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 6/7/2013 2:09:28 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 6/7/2013 11:53:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 6/7/2013 11:50:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 6/7/2013 11:50:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/7/2013 11:50:10 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 6/7/2013 11:47:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/7/2013 11:47:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/7/2013 11:47:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/7/2013 11:47:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/7/2013 11:46:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/7/2013 11:45:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6 6/7/2013 11:44:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030fbab5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-61869-01. 6/7/2013 11:40:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800518d3ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-59592-01. 6/7/2013 11:37:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030feab5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-33555-01. 6/7/2013 11:25:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80051043ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-85519-01. 6/7/2013 11:16:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005140610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-52681-01. 6/7/2013 11:13:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80050df610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-36847-01. 6/7/2013 10:56:10 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/4/2013 6:36:10 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user W02-04367\Hotel SID (S-1-5-21-1954621570-3986161253-1157567640-1008) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================