3
Contributors
35
Replies
36
Views
6 Years
Discussion Span
Last Post by Eagle4Ever
0

Easily enough. Expand the section you wish to present...eg. Applications. Then go Action tab > Export List, and save on your desktop as some .txt file. Make sure in Notepad that Format > Wordwrap is unchecked, select and paste to your post in this forum.
If there is a particular line error you wish us to comment upon you might rclick it, go Properties, and post what it says there. Otherwise we must research the error codes from the log. To post the content of that Error Properties window lclick the little button with the 2 pages shown on it : this copies the window contents to your clipboard. Paste into your post.

Edited by gerbil: n/a

0

My Os is XP and for some reason this is not working,I am doing exactly what you are saying to do, but the file name box stays blank, and it can't save into the desktop file. In other words the file is not exporting into the desktop folder and will not save into the file its self.

I hope I am making myself clear, sorry to be so much trouble, somehow I am not following the instructions right.

0

You mean, you click Export List, and then you cannot type a filename into the Filename box? [Save as Type should be Text... .txt]
That window, if in Desktop, should show contained folders such as My Computer, My Docs.. Can you save any other .txt file from Notepad to your desktop?

Edited by gerbil: n/a

0

Dear Gerbil,
I am talking to someone who knows what they are doing and you are not, please have patience, I am learning.

In event viewer I go to action, I click on export list, and my Documents Folder pops up, on that screen there is the file name box, and below is and down below there is the save as box.

Now when I darken it, I can not remember the terminology, I right click it, and can past or copy, in this case Export the file, the file I am talking about is application, and in this case I get my Documents but that file will not transfer or copy in the file name box below.

I have done this a million times with other files, and if it does not transfer or copy into that file name box, and it will not export the file, I hope that is clear.

PS. I bet you get tired of dealing with us dummies, but this is one time I am stumped.

As you know this is done automatically, and then I transfer it into what ever folder I want to.

0

:)... I do have patience... I must pick up your skill level as we go along, and adjust to it.
"Now when I darken it, I can not remember the terminology, I right click it, and can past or copy, in this case Export the file, the file I am talking about is application, and in this case I get my Documents but that file will not transfer or copy in the file name box below."
Ok, bit by bit...
"Now when I darken it" = select, with a lclick.
In many applications when one selects a file to "Save as" it automatically enters its, or some other, name in that filename box; Event Viwer will not do that. I don't know why; some difference in its programming. So just type in a name, make sure the file-type is .txt.
If you cannot actually type into that filename box then that is another problem altogether...
[even when a filanme is automatically entered into that filename box in other applications, you still, always, have the option of editing it].
I think there is some other faulty aspect in the rclick and Action menus of Event Viewer, but we can ignore those; it should work one way or another.
You can ignore the Action tab: just open EV, rclick Application, in the context menu that appears choose Save Log File as..., select a destination, type in a filename [any will do], AND give it type .txt.
eg filename of MyEVlog.txt
We'll get there. One aspect of Windows that can be both helpful and confusing is the often myriad ways of doing a particular task. Confusion arises when one is learning because some outcome occurs, and it didn't happen by following a previous, dimly remembered path. But that is everywhere in life. Here, you perhaps are somewhat daunted by the enormity and complexity of this OS. Fair enough... we all are.

Edited by gerbil: n/a

0

Whoa!! I was so wrong with this bit:
"You can ignore the Action tab: just open EV, rclick Application, in the context menu that appears choose Save Log File as..., select a destination, type in a filename [any will do], AND give it type .txt.
eg filename of MyEVlog.txt"
-if you follow that course the text file is a mess! For a human-readable log, you must do this [what I recommended in the first place]:
Open EV, expand Application by lclicking it in the LHS, then go Action tab, Export List, type in some filename with type .txt [the default type], eg filename = MyEVlog.txt"
Sorry about the added confusion, EagleE.

0

Gerbil,
It worked,I have both application and system,Now how do I get it in the message box,the only icon on the tool bar is for links, and a tag for wrapping quotes, I am not sure I can copy and paste, you will need a file you can open, now if I copy and paste the whole file(that is both files)will it open and will the scroll bar work.

Thanks for taking your time with me, you are truly a friend. I don't have any points for helping anyone,but I just don't have enough knowledge to help anyone at the moment.

kinda makes me feel bad, people help me and I can't help anyone else.

0

Good stuff. Now to get the file here. Because it is a text file I have no qualms about opening it if it is attached, so choose "Use Advanced Editor" button. Click Manage Attachments, use Choose to browse to your file on your sys, then press Upload. When that completes just Submit Reply. [the whole file will be sent, scroll bar use depends only upon how I choose to display it; I will not see your scroll bars].
And you don't have to help, it's just nice if you are able, that's all.

Edited by gerbil: n/a

0

I have office 2007 and Outlook 2007, and I am sorry but I have looked everywhere and I can't find the advanced editor button, I looked in word 2007 and outlook 2007 and I can't find it.

I am using word 2007 as my editor in outlook, although the text files are in My documents folder, even looked in the documents folder's tool bar nothing, even went to help and found nothing, sorry about that.

0

Ooo... "Use Advanced Editor" is the button just below the box you type your post into.
Maybe 3" below these words, a tad to the right... :)

Edited by gerbil: n/a

0

Sorry my friend, I am not sure where you are talking about, what program are we discussing, are we talking word, outlook, or the forum itself, but on the message board, for the forum, I do not see anything like that on the tool bar, so surely your not discussing the message board on the forum, the only place I would type my post is here, on the forum, is that not correct.

0

I am not talking about any other application, only this site, this thread.
Surely you can see the two buttons at the very foot of this shot?

Attachments eagleshot.JPG 50.53 KB
0

Ok here we go,

Event Log Application.txt

Event Log System .txt

I hope this works, I must warn you that one of my anti spy ware programs picked up three Trojans last week, they are still in quarantine if you would like me to write them in another thread, and where they are at of course.

Thank you for your patience and time, I must confess I am worried, I have never seen an attachment look like these two, so I might have to do it again.

Attachments
Type	Date	Time	Source	Category	Event	User	Computer
Information	2/3/2011	7:38:21 PM	MSSQL$MSSMLBIZ	(2)	19032	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:21 PM	MSSQL$MSSMLBIZ	(2)	17204	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:21 PM	MSSQL$MSSMLBIZ	(2)	17207	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:21 PM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:21 PM	MSSQL$MSSMLBIZ	(2)	19030	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:20 PM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:20 PM	MSSQL$MSSMLBIZ	(2)	1485	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:20 PM	MSSQL$MSSMLBIZ	(2)	17125	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17164	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17162	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17110	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17176	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17111	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	15268	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17104	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17103	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17101	N/A	EAGLE-7146553CE
Information	2/3/2011	7:38:19 PM	MSSQL$MSSMLBIZ	(2)	17069	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:11 PM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:11 PM	Outlook	None	34	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:10 PM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/3/2011	7:38:10 PM	Outlook	None	34	N/A	EAGLE-7146553CE
Information	2/3/2011	7:26:36 PM	iPod Service	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:26:23 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:26:10 PM	AlbumCore9	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:58 PM	SecurityCenter	None	1800	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:58 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:58 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:54 PM	SQLBrowser	None	12	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:54 PM	SQLBrowser	None	16	N/A	EAGLE-7146553CE
Warning	2/3/2011	7:25:54 PM	SQLBrowser	None	3	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:53 PM	RoxSniffer9	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:47 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/3/2011	7:25:47 PM	Bonjour Service	None	100	N/A	EAGLE-7146553CE
Warning	2/3/2011	7:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	6:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	5:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	4:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	3:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	2:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	1:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	12:04:14 PM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	11:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	10:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	9:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	8:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	7:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	6:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	5:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	4:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/3/2011	3:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Information	2/2/2011	9:47:53 PM	iPod Service	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:39 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:12 PM	AlbumCore9	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:08 PM	SecurityCenter	None	1800	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:08 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:08 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:07 PM	SQLBrowser	None	12	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:07 PM	SQLBrowser	None	16	N/A	EAGLE-7146553CE
Warning	2/2/2011	9:47:07 PM	SQLBrowser	None	3	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:07 PM	RoxSniffer9	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:03 PM	Bonjour Service	None	100	N/A	EAGLE-7146553CE
Information	2/2/2011	9:47:03 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:40 PM	iPod Service	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:37 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:09 PM	AlbumCore9	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:06 PM	SecurityCenter	None	1800	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:05 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:05 PM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:05 PM	RoxSniffer9	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:05 PM	SQLBrowser	None	12	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:05 PM	SQLBrowser	None	16	N/A	EAGLE-7146553CE
Warning	2/2/2011	7:05:05 PM	SQLBrowser	None	3	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:01 PM	Bonjour Service	None	100	N/A	EAGLE-7146553CE
Information	2/2/2011	7:05:01 PM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	19032	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17204	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17207	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	19030	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	1485	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17125	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17164	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17162	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17110	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17176	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17111	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	15268	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17104	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17103	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17101	N/A	EAGLE-7146553CE
Information	2/2/2011	4:37:27 PM	MSSQL$MSSMLBIZ	(2)	17069	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:19 PM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:19 PM	Outlook	None	34	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:18 PM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/2/2011	4:37:18 PM	Outlook	None	34	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	19032	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	17204	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	17207	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	19030	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	17137	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	1485	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:57 AM	MSSQL$MSSMLBIZ	(2)	17125	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17164	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17162	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17110	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17176	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17111	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	15268	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17104	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17103	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17101	N/A	EAGLE-7146553CE
Information	2/2/2011	11:30:56 AM	MSSQL$MSSMLBIZ	(2)	17069	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:49 AM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:49 AM	Outlook	None	34	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:48 AM	Outlook	None	35	N/A	EAGLE-7146553CE
Error	2/2/2011	11:30:48 AM	Outlook	None	34	N/A	EAGLE-7146553CE
Information	2/2/2011	11:29:13 AM	iPod Service	None	0	N/A	EAGLE-7146553CE
Warning	2/2/2011	11:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	10:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	9:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	8:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	7:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	6:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	5:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Warning	2/2/2011	4:04:14 AM	Google Update	None	20	SYSTEM	EAGLE-7146553CE
Information	2/2/2011	12:04:44 AM	gupdate	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:17 AM	AlbumCore9	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:14 AM	SecurityCenter	None	1800	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:13 AM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:13 AM	WDSmartWareBackgroundService	None	0	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:12 AM	SQLBrowser	None	12	N/A	EAGLE-7146553CE
Information	2/2/2011	12:04:12 AM	SQLBrowser	None	16	N/A	EAGLE-7146553CE
Warning	2/2/2011	12:04:12 AM	SQLBrowser	None	3	N/A	EAGLE-7146553CE
Inf
Type	Date	Time	Source	Category	Event	User	Computer
Information	2/3/2011	12:30:05 AM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:40:04 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:40:04 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:40:04 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:38:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:38:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:38:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:36:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:36:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:36:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:34:04 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:34:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:34:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:32:04 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:32:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:32:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:30:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:30:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:30:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:28:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:28:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:28:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:26:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:26:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:26:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:24:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:24:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:24:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:22:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:22:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:22:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:20:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:20:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:20:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:18:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:18:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:18:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:16:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:16:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:16:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:14:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:14:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:14:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:12:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:12:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:12:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:10:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:10:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:10:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:08:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:08:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:08:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:06:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:06:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:06:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:04:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:04:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:04:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:02:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:02:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:02:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:00:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	10:00:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	10:00:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:58:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:58:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:58:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:56:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:56:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:56:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:54:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Error	2/2/2011	9:53:06 PM	Service Control Manager	None	7001	N/A	EAGLE-7146553CE
Error	2/2/2011	9:53:06 PM	DCOM	None	10005	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:52:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:52:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:52:03 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:50:03 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:50:02 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:50:02 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:46:39 PM	e1express	None	33	N/A	EAGLE-7146553CE
Error	2/2/2011	9:47:08 PM	Service Control Manager	None	7001	N/A	EAGLE-7146553CE
Information	2/2/2011	9:46:06 PM	eventlog	None	6006	N/A	EAGLE-7146553CE
Information	2/2/2011	9:45:52 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:45:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:45:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:43:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:43:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:43:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:41:52 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:41:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:41:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:39:52 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:39:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:39:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:37:52 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:37:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:37:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:35:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:35:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:35:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:33:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:33:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:33:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:31:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:31:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:31:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:29:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:29:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:29:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:27:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:27:51 PM	Service Control Manager	None	7035	Wayne Hollimon	EAGLE-7146553CE
Information	2/2/2011	9:27:51 PM	Service Control Manager	None	7036	N/A	EAGLE-7146553CE
Information	2/2/2011	9:25:51 PM	Service Control Man
0

That worked just fine, Eagle. Apart from the connection problem could you give a rundown of your symptoms?
Run these tools, post their logs also, please.
==Download DDS by sUBs and save it to your Desktop. http://download.bleepingcomputer.com/sUBs/dds.scr
Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

0

[ATTACH]19218[/ATTACH]

[ATTACH]19219[/ATTACH]

[ATTACH]19220[/ATTACH]

I am very sorry, I have been busy and haven't been able to get back to you

10bit Security 360 Anti Virus program, Quarantined and deleted: "Three Trojans"

1.Trojan.agent: C:\Windows\$NtServicePackUninstall$\ntbackup.exe  02\04\2011..02:51:05
2.Trojan.agent: C:\System Volume Information\restore{CD77296-FE58-49E3-818F-F3C1AD9068E6}
                                                     \RP15\A000 1820.Dll

3.Trojan.agent  C:\System Volume Information\restore{CD77296-FE58-49E3-818F-F2C1AD9068E6}
                                                 \RP15\A000 3949.exe

Hope that will help you, in 10bit log all the way across, on two ran out of room

Edited by Reverend Jim: Fixed formatting

Attachments
AVG 2011 Anti-Virus command line scanner
Copyright (c) 1992 - 2010 AVG Technologies
Program version 10.0.1191, engine 10.0.1435
Virus Database: Version 1435/3344 2010-12-28

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. 
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested. 
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested. 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. 
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested. 
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested. 
C:\Documents and Settings\Wayne Hollimon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. 
C:\Documents and Settings\Wayne Hollimon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
DDS (Ver_10-12-12.02) - NTFSx86  
Run by Wayne Hollimon at 14:13:04.07 on Mon 02/07/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3317.2092 [GMT -6:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\AVG\AVG10\avgam.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Wayne Hollimon\Local Settings\Temp\A1.tmp\MBR.DAT
C:\Documents and Settings\Wayne Hollimon\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wayneh~1\applic~1\mozilla\firefox\profiles\9ksy0lpf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF -
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5735

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2011 3:20:58 PM
mbam-log-2011-02-10 (15-20-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 237652
Time elapsed: 25 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0

Eagle, I cannot find any problems with those logs. You will have to elucidate the difficulty you are experiencing.
The 3 files removed by IoBit are adware delivery agents.

0

I am concerned that a hacker has hacked through my programs and there is a root, a virus, and my anti virus programs are not picking it up, they ( the hacker) is coming through Outlook, and the reason for this is my printer and all programs relating to it are unplugged, along with external hard drive, I have several browsers I am using, I do not use internet explorer, at the moment Firefox, which is a Google program, as you can see he is interfering with Google Update, I do not feel there is a compatibility program, he is hitting SQL server hard, and for that reason My Contact Manager which is connected to Outlook will not work, it takes anywhere from a half a minute to a minute may be more to load, and I get a error message "do you want to work off line" I reply no and my outlook loads and I can receive and send messages.

I can format this computer and it will work perfectly, I have been there too many times, if it is a compatibility problem i do not know how to solve it, I have had this computer in the shop so many times, I could have bought a brand new computer, but they won't show me the problem, that is how they make there money.

That is about all I can tell you, I have disconnected several hardware and programs so the hacker will not have access to them, I am no good at reading logs, so that is why I have asked for help.

0

Hi, Eagle,let's see what we can find, then.
First, clean with one of these two:
Either ==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it only to Open and Run from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option], and using the default settings select the Cleaner icon, press Run Cleaner.

Or ==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.

==Next, run this rootkit scan and post the results. Do not use your computer during scan.

==Download gmer.zip from http://www.majorgeeks.com/GMER_d5198.html ...or the exe from http://www.gmer.net/download.php - it will have some obscure name.
-dclick on gmer.zip and unzip the file to its own folder or to your desktop.
-disconnect from the Internet and close all running programs.
-dclick the .exe to start it; wait for the intial scan to complete [a few seconds]. Press the Copy button, open Notepad and paste into it.
-Then, if you did NOT get a warning at startup about rootkit activity, place checkmarks ONLY at IAT/EAT, Devices, Modules, Processes, Threads; click the Scan button and wait for the scan to finish (do not use your computer during the scan); again press the Copy button, paste also into that Notepad.
-please post that log.

And finally scan for malware with one of these:
==Eset Online Scanner using IE only: http://www.eset.com/online-scanner
==Pandasoftware ActiveScan using IE or Firefox from http://www.pandasecurity.com/activescan/index/
==Bitdefender Online Scan using IE only: http://www.bitdefender.com/scanner/online/free.html - post the results, please.

0

Hey Gerbil,

Not to get in your way or anything, but HERE is a little tool to look at recent event viewer entries.
It produce a nice and easy log.....

PP:)

Edited by PhilliePhan: n/a

0

[ATTACH]19332[/ATTACH]

Here is the Log from Gmer,I exited all my programs from the tray,with the exceptions of my Anti Virus, and WD Smartware which is my exterior hardrive, my AVG will not just exit I have to totally remove and the Smart Ware did not have a means to exit from the tray, I hope I did not mess up the log.

I have Malwarebytes already and did a scan yesterday and got no results, will run another scan and see what happens.

I an considering deleting my Outlook and reloading it and see what happens, but want to wait till I here from you.

If there is a virus, hopefully by totally removing my Outlook and reloading it might take care of the problem, I am not sure.

Attachments
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-16 18:32:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-75VYA0 rev.12.01B02
Running: ep0vxh0h.exe; Driver: C:\DOCUME~1\WAYNEH~1\LOCALS~1\Temp\ffnorfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs       AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \FileSystem\Fastfat \Fat     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat     AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-16 18:40:35
Windows 5.1.2600 Service Pack 3 
Running: ep0vxh0h.exe; Driver: C:\DOCUME~1\WAYNEH~1\LOCALS~1\Temp\ffnorfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                       AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \FileSystem\UdfReadr_xp \Device\UdfReadr_XP  DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice  \Driver\Tcpip \Device\Tcp                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device                                                       ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \FileSystem\cdudf_xp \Device\CdUdf_XP        DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice  \FileSystem\Fastfat \Fat                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                     AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device          \FileSystem\Cdfs \Cdfs                       DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----
0

That GMer log shows clean, Eagle. Reinstalling Outlook will only spoil a very poor sort of virus; their function is to replicate as well as damage/interpose themselves, so there would be copies of it all through your system. But they would have to be hidden with a rootkit or two otherwise they would show in scans. I take it that the online scans showed nothing?
PP, feel very free to get in my way... :)

Edited by gerbil: n/a

0

My computer just crashed a few minutes ago, so what do I do next, or is there anything that can be done, and yes the scan was negative, it showed nothing, and so I am at ends wits.

PS. I thought the rootkit tool would expose it, I guess not, a Man's home is no longer his castle, it belongs crackers.

0

Oh yes I should have mentioned, it was outlook that caused my computer to crash, I sure hate to re-format, it is such a pain, but he (the Cracker) just comes back.

Your a good guy gerbil, I just wish I could help you more, I just don't know what to do.

0

Let's have a closer look, Eagle. Download to your desktop this scanner, http://oldtimer.geekstogo.com/OTL.exe.
Start it via the icon, and for an initial scan simply set the file age to scan at 60 days, then press Run Scan button.
Two logs will be produced, OTL and Extras. Please post both. If really long you might attach them via the Use Advanced Editor button.

Edited by gerbil: n/a

0

gerbil,

Here are the two Text Documents you requested, and again thank you for helping, also I need to break down this tread, its too long, Event Viewer, which we already have done, and I can send it to the forum as done, and this thread am not sure what to name it, got any suggestions.

I guess I will call it root kit, I am not sure.

Attachments
OTL Extras logfile created on: 2/21/2011 7:59:34 PM - Run 1

OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Wayne Hollimon\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.04 Gb Total Space | 270.63 Gb Free Space | 90.81% Space Free | Partition Type: NTFS

 

Computer Name: EAGLE-7146553CE | User Name: Wayne Hollimon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[color=#E56717]========== System Restore Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

[color=#E56717]========== Firewall Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Wind
0

Start OTL.exe
Paste the text written inside the box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
[2011/02/11 03:03:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

:Commands
[purity]
[emptytemp]
[Reboot]

Click the Run Fix button; post the results of the log.
Does this file exist:
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mssqlsystemresource.mdf ?
It is probably overkill to run both IoBit and SAS services.
I could see no other problems in those logs you posted. If after running the above fix there is no improvement then I can only suggest this further tool:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will want to download and install the Recovery Console on your system -agree.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

0

Hey gerbel,

GMER just come up with something, not sure what to do with it, will have the other stuff to you in few minutes.

Attachments
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-22 18:01:16
Windows 5.1.2600 Service Pack 3 
Running: 1blu4qb4.exe; Driver: C:\DOCUME~1\WAYNEH~1\LOCALS~1\Temp\ffnorfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                 AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                               avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \FileSystem\UdfReadr_xp \Device\UdfReadr_XP                            DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device                                                                                 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \FileSystem\cdudf_xp \Device\CdUdf_XP                                  DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice  \FileSystem\Fastfat \Fat                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                               AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device          \FileSystem\Cdfs \Cdfs                                                 DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Processes - GMER 1.0.15 ----

Process         hidden process (*** hidden *** )                                       24628                                                                                            
Process         C:\Program Files\IObit\IObit Security 360\is360.exe (*** hidden *** )  24632                                                                                            
Process         C:\Program Files\IObit\IObit Security 360\is360.exe (*** hidden *** )  25352                                                                                            

---- EOF - GMER 1.0.15 ----
0

Here is the OTL Log file you requested yesterday

Attachments
OTL logfile created on: 2/21/2011 8:19:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Wayne Hollimon\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 270.64 Gb Free Space | 90.81% Space Free | Partition Type: NTFS
 
Computer Name: EAGLE-7146553CE | User Name: Wayne Hollimon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/02/21 19:36:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne Hollimon\My Documents\Downloads\OTL(4).exe
PRC - [2011/01/15 03:45:27 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/10 17:07:01 | 000,020,480 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/12/10 17:05:37 | 000,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/20 14:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/01/21 16:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 16:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2003/01/13 10:19:26 | 000,757,760 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
PRC - [2003/01/09 10:20:20 | 000,114,688 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
PRC - [2003/01/09 09:21:26 | 000,253,952 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
PRC - [2002/09/09 17:16:10 | 000,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
0

Eagle, was IoBit on your system when you did the earlier GMER run shown at the top of this page[to save me checking back...]?
That last OTL report is not right... could you restart OTL, and paste in what is shown in the box above [all of it] and then press RUN FIX button, not the Run Scan button.

Edited by gerbil: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.