Jump to content


Photo
- - - - -

im infected


  • This topic is locked This topic is locked
3 replies to this topic

#1 myvalk99

myvalk99

    Regular Member

  • Honorary Members
  • PipPip
  • 92 posts
  • Gender:Male
  • Location:new york

Posted 17 December 2011 - 09:53 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000
Run by Fred at 6:47:54 on 2011-12-17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1977.1372 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1211&m=aspire_4730z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1211&m=aspire_4730z
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1211&m=aspire_4730z
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5681B23-348D-490E-9292-494F6D7609AC} : DhcpNameServer = 192.168.1.1
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\0l7em8cm.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
S1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-8-18 201288]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl5bdb49f6;MpKsl5bdb49f6;c:\programdata\microsoft\microsoft antimalware\definition updates\{fb2d480e-342d-4be2-8816-9e3f628db3d1}\MpKsl5bdb49f6.sys [2011-12-17 29904]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-12-14 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-12-14 81504]
S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-18 24576]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-16 366152]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-18 359248]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-18 144704]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2011-12-14 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-12-14 24064]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-15 93968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-16 22216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-18 695624]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-8-18 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-8-18 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-8-18 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-8-18 40488]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2011-12-14 110576]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-12-17 13:20:42 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb2d480e-342d-4be2-8816-9e3f628db3d1}\MpKsl5bdb49f6.sys
2011-12-17 13:20:39 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-17 13:20:25 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb2d480e-342d-4be2-8816-9e3f628db3d1}\offreg.dll
2011-12-17 13:20:16 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fb2d480e-342d-4be2-8816-9e3f628db3d1}\mpengine.dll
2011-12-17 01:03:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 01:03:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 23:05:52 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bf12361c-d7af-4fd6-9328-d896c70f7cee}\gapaengine.dll
2011-12-16 22:51:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-16 22:50:36 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-16 22:50:35 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-12-16 22:50:35 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2011-12-16 22:50:35 220040 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-16 22:50:34 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-12-16 22:50:33 328704 ----a-w- c:\windows\system32\BFE.DLL
2011-12-16 22:47:32 2730536 ------w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-12-16 22:47:15 6823496 ------w- c:\programdata\microsoft\windows defender\definition updates\{4204e576-5279-40bc-b243-f07cc58a0c04}\mpengine.dll
2011-12-16 22:47:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-16 22:43:30 -------- d-----w- c:\users\fred\appdata\roaming\Malwarebytes
2011-12-16 22:43:30 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 22:42:55 -------- d-----w- c:\users\fred\appdata\roaming\BitTorrent
2011-12-15 22:34:37 -------- d-----w- C:\downloads
2011-12-15 22:21:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 22:20:59 -------- d-----w- c:\programdata\McAfee Security Scan
2011-12-15 22:20:56 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-15 22:13:33 -------- d-----w- c:\program files\Conduit
2011-12-15 22:13:31 -------- d-----w- c:\users\fred\appdata\local\Conduit
2011-12-15 22:13:30 -------- d-----w- c:\program files\uTorrentBar
2011-12-15 22:13:26 -------- d-----w- c:\program files\uTorrent
2011-12-15 22:12:24 -------- d-----w- c:\users\fred\appdata\roaming\uTorrent
2011-12-15 21:21:54 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-12-15 21:21:52 98304 ----a-w- c:\windows\system32\cabview.dll
2011-12-15 21:05:34 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-12-15 21:05:20 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-12-15 21:05:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-12-15 21:05:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-12-15 02:21:21 43711460 ----a-w- c:\windows\system32\acer.exe
2011-12-15 02:21:19 83554304 ----a-w- c:\windows\system32\acer.scr
2011-12-15 02:21:11 -------- d-----w- c:\program files\Acer Incorporated
2011-12-15 02:21:09 -------- d-----w- c:\windows\ACER
2011-12-15 02:19:24 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-12-15 02:17:58 -------- d-----w- c:\users\fred\appdata\local\PowerCinema
2011-12-15 02:15:34 -------- d-----w- c:\program files\Acer Arcade Deluxe
2011-12-15 02:15:06 -------- d-----w- c:\users\fred\appdata\roaming\Acer GameZone Console
2011-12-15 02:14:56 -------- d-----w- c:\programdata\Acer GameZone Console
2011-12-15 02:12:50 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2011-12-15 02:12:50 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
2011-12-15 02:12:49 238080 ----a-w- c:\windows\system32\ITEIO_64.dll
2011-12-15 02:11:34 61440 ----a-w- c:\windows\system32\MCEPlugin.dll
2011-12-15 02:11:34 204800 ----a-w- c:\windows\system32\SysHook.dll
2011-12-15 02:10:14 -------- d-----w- c:\program files\Acer Inc
2011-12-15 02:08:57 -------- d-----w- c:\program files\Apoint2K
2011-12-15 02:08:21 -------- d-----w- c:\program files\Launch Manager
2011-12-15 02:06:22 -------- d-----w- c:\users\fred\appdata\roaming\Acer
2011-12-15 02:06:21 -------- d-----w- c:\users\fred\appdata\roaming\SiteAdvisor
2011-12-15 02:06:18 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-15 02:05:08 -------- d-----w- c:\programdata\Partner
2011-12-15 02:04:21 -------- d-----w- c:\users\fred\appdata\local\VirtualStore
2011-12-14 23:46:55 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2011-12-14 23:46:12 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-12-14 23:46:12 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-12-14 23:46:12 -------- d-----w- c:\windows\system32\Lang
2011-12-14 23:23:59 -------- d-----w- c:\users\fred\appdata\local\Google
.
==================== Find3M ====================
.
2011-12-14 23:48:33 125 ----a-w- c:\windows\xUninstall.bat
.
============= FINISH: 6:48:40.20 ===============


and....


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2011 3:48:56 PM
System Uptime: 12/17/2011 6:43:43 AM (0 hours ago)
.
Motherboard: Acer | | Aspire 4730Z
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | uPGA-478 | 2161/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 87.872 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 66.804 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Agatha Christie Peril at End House
Agere Systems HDA Modem
Alice Greenfingers
Alien Shooter
ALPS Touch Pad Driver
Bookworm Adventures
Bricks of Egypt
C:\Program Files\Acer GameZone\GameConsole
Cake Mania
Chicken Invaders 2
Cradle of Rome
CyberLink PowerDirector
Dream Day First Home
eSobi v2
Galapago
Go-Go Gourmet
Google Desktop
Google Toolbar for Internet Explorer
Intel® Graphics Media Accelerator Driver
JMicron JMB38X Flash Media Controller
Launch Manager
LightScribe 1.4.142.1
Magic Farm
Magic Match Adventures
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee SiteAdvisor
Microsoft Antimalware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 8.0.1 (x86 en-US)
Mystery Solitaire - Secret Island
Mythic Mahjong
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Orion
PhotoNow!
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
The Rise of Atlantis
Tiks Texas Hold em
Update for Office 2007 (KB946691)
uTorrentBar Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/17/2011 6:48:36 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/17/2011 6:45:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk MpFilter spldr Wanarpv6
12/17/2011 6:44:33 AM, Error: EventLog [6008] - The previous system shutdown at 6:39:53 AM on 12/17/2011 was unexpected.
12/17/2011 5:39:28 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: System Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1260.0, AS: 1.117.1260.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/17/2011 5:24:08 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1260.0, AS: 1.117.1260.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/17/2011 5:13:27 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/17/2011 5:13:27 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/17/2011 5:10:52 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 6:02:56 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 5:50:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 5:50:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 5:02:50 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: System Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:42:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Fred-PC\Fred Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:42:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Fred-PC\Fred Process Name: Unknown Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:33:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:33:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:29:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 4:29:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Fred-PC\Fred Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.117.1242.0, AS: 1.117.1242.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0
12/16/2011 2:57:00 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/16/2011 2:53:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
12/15/2011 1:55:10 PM, Error: EventLog [6008] - The previous system shutdown at 1:48:59 PM on 12/15/2011 was unexpected.
12/15/2011 1:32:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
12/15/2011 1:29:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr Wanarpv6
12/15/2011 1:29:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/15/2011 1:28:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/15/2011 1:28:25 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
12/15/2011 1:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/15/2011 1:28:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/15/2011 1:28:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/15/2011 1:28:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/15/2011 1:28:02 PM, Error: EventLog [6008] - The previous system shutdown at 1:26:18 PM on 12/15/2011 was unexpected.
12/15/2011 1:16:29 PM, Error: EventLog [6008] - The previous system shutdown at 1:13:07 PM on 12/15/2011 was unexpected.
12/15/2011 1:08:37 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4) disappeared from the system without first being prepared for removal.
12/15/2011 1:08:37 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4) disappeared from the system without first being prepared for removal.
12/15/2011 1:08:37 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4) disappeared from the system without first being prepared for removal.
12/15/2011 1:08:37 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4) disappeared from the system without first being prepared for removal.
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
12/15/2011 1:06:29 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
12/15/2011 1:02:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.1.31 for the Network Card with network address 00234E51171B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/14/2011 6:07:12 PM, Error: volsnap [20] - The shadow copies of volume E: were aborted because of a failed free space computation.
12/14/2011 3:44:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
12/14/2011 3:23:26 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 1@01010003
.
==== End Of File ===========================

i did as the site told me, hope its correct...thank you very much.

fred

wondering if anyone saw this or maybe i put it in the wrong forum?

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 18 January 2012 - 09:36 PM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 23 February 2012 - 04:00 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 20 April 2012 - 11:48 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users