Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jonatutu

Jonatutu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 March 2011 - 09:24 PM

Sorry for that short title but I do not know how to put it on the title.
Please help. My laptop was working fine but recently it just hangs by itself
,screen refreshes(black screen for awhile and flicker) before it is able to work again.
Sometimes it just hangs I have to press power button to restart.

I tried to troubleshoot myself, svchost was increasing slowly.
I soon found out that SYSMAIN(superfetch) was causing that
particular svchost memory to increase. Although disabling
superfetch service reduce svchost memory, my laptop
still hang by itself. I find it very weird, processes
were now running at very high memory all of a sudden.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 11 March 2011 - 10:16 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 March 2011 - 10:51 PM

Ok thanks for trying to help. I have attach Procexp.txt

I have stop quite a number of programs to run on start up even my
anti virus. And some services like BITS, windows update, superfetch
to reduce svchost memory. Do I have to start them before saving
Procexp.txt I thought it might be more accurate as to what is causing
the problem.

Attached Files


Edited by Jonatutu, 11 March 2011 - 10:57 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 11 March 2011 - 10:56 PM

CPU usage looks perfectly fine.
System Idle Process (CPU NOT used) is listed at 100%.

Let's check something else.

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 March 2011 - 11:13 PM

Sorry I have restarted some services and this is the new procexp.txt

Attached Files



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 11 March 2011 - 11:21 PM

Still looks fine.
System Idle Process at almost 85%.

Temperatures are OK as well.

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System


Under Select type to list, select:
Critical (Vista only)
Error


Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

========================================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 March 2011 - 11:26 PM

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/03/2011 12:22:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/03/2011 4:16:42 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Log: 'Application' Date/Time: 12/03/2011 4:10:43 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Log: 'Application' Date/Time: 12/03/2011 4:09:13 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: siw.exe, version: 2010.7.14.0, time stamp: 0x4cca0262 Faulting module name: siw.exe, version: 2010.7.14.0, time stamp: 0x4cca0262 Exception code: 0xc0000005 Fault offset: 0x000ce278 Faulting process id: 0x9a8 Faulting application start time: 0x01cbe06b228f43e6 Faulting application path: D:\Documents\Downloads\Programs\siw.exe Faulting module path: D:\Documents\Downloads\Programs\siw.exe Report Id: 7d00b056-4c5e-11e0-a68b-f88746e87487

Log: 'Application' Date/Time: 12/03/2011 4:08:36 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Log: 'Application' Date/Time: 12/03/2011 4:00:09 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Log: 'Application' Date/Time: 12/03/2011 3:58:03 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Log: 'Application' Date/Time: 11/03/2011 4:39:42 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ae3299e3-d2f4-42bd-95f6-9eea410bce59}

Log: 'Application' Date/Time: 11/03/2011 2:59:29 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fe2e3ede-32e8-4043-94f6-99d760e04cf2}

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSysCare.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSSysKit.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSKSP.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TCSafeBox.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TcHardWare.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:58 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary QqNetflpwControl.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSysCare.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSSysKit.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TSKSP.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TCSafeBox.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary TcHardWare.

System Error:
The system cannot find the file specified. .

Log: 'Application' Date/Time: 11/03/2011 2:42:41 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary QqNetflpwControl.

System Error:
The system cannot find the file specified. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/03/2011 4:05:56 AM
Type: Error Category: 0
Event: 1067 Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

Log: 'System' Date/Time: 12/03/2011 4:03:29 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 12/03/2011 4:03:27 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 12/03/2011 4:03:22 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 12/03/2011 4:03:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CT Device Query service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 12/03/2011 4:03:17 AM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain RP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Log: 'System' Date/Time: 12/03/2011 4:03:04 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 12/03/2011 4:03:07 AM
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-WER-SystemErrorReporting
Unable to produce a minidump file from the full dump file.

Log: 'System' Date/Time: 12/03/2011 4:03:05 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 12:00:42 PM on ?3/?12/?2011 was unexpected.

Log: 'System' Date/Time: 12/03/2011 3:45:21 AM
Type: Error Category: 0
Event: 1067 Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

Log: 'System' Date/Time: 12/03/2011 3:43:10 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 12/03/2011 3:43:00 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Log: 'System' Date/Time: 12/03/2011 3:42:50 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 12/03/2011 3:42:49 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CT Device Query service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 12/03/2011 3:42:49 AM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain RP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Log: 'System' Date/Time: 12/03/2011 3:42:41 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 12/03/2011 3:42:43 AM
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-WER-SystemErrorReporting
Unable to produce a minidump file from the full dump file.

Log: 'System' Date/Time: 12/03/2011 3:42:42 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 11:39:27 AM on ?3/?12/?2011 was unexpected.

Log: 'System' Date/Time: 12/03/2011 1:25:05 AM
Type: Error Category: 0
Event: 1067 Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

Log: 'System' Date/Time: 12/03/2011 1:22:54 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Attached Files



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 11 March 2011 - 11:42 PM

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 11 March 2011 - 11:56 PM

Same problem.....
I have disable all start up and services

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 12 March 2011 - 12:08 AM

Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 March 2011 - 12:33 AM

I am using a Fujitsu laptop, I am using a WD Mobile/WD ScorpioŽ
I downloaded Data Lifeguard from WD download page
This is the result, smart test and a extended test.

Attached Files


Edited by Jonatutu, 12 March 2011 - 02:14 AM.


#12 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 March 2011 - 02:17 AM

While my laptop was doing that extended check, I realize that
whenever it hangs and refreshes(when lucky I do not have to power off to restart).
This things happen I checked the time when this log were created they were always
around the time when the whole system hangs. Would it be the problem.

My laptop is in running in normal mode with all user services and start up disabled.

=====================================================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/03/2011 3:11:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/03/2011 6:20:12 AM
Type: Information Category: 0
Event: 9013 Source: Desktop Window Manager
The Desktop Window Manager was unable to start because composition was disabled by a running application

Log: 'Application' Date/Time: 12/03/2011 6:20:12 AM
Type: Information Category: 0
Event: 9010 Source: Desktop Window Manager
A request to disable the Desktop Window Manager was made by process (4)

Log: 'Application' Date/Time: 12/03/2011 5:59:40 AM
Type: Information Category: 0
Event: 9013 Source: Desktop Window Manager
The Desktop Window Manager was unable to start because composition was disabled by a running application

Log: 'Application' Date/Time: 12/03/2011 5:59:40 AM
Type: Information Category: 0
Event: 9010 Source: Desktop Window Manager
A request to disable the Desktop Window Manager was made by process (4)

Log: 'Application' Date/Time: 12/03/2011 5:15:48 AM
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 12/03/2011 5:14:58 AM
Type: Information Category: 0
Event: 9013 Source: Desktop Window Manager
The Desktop Window Manager was unable to start because composition was disabled by a running application

Log: 'Application' Date/Time: 12/03/2011 5:14:58 AM
Type: Information Category: 0
Event: 9010 Source: Desktop Window Manager
A request to disable the Desktop Window Manager was made by process (4)

Log: 'Application' Date/Time: 12/03/2011 4:53:47 AM
Type: Information Category: 0
Event: 903 Source: Microsoft-Windows-Security-SPP
The Software Protection service has stopped.

Log: 'Application' Date/Time: 12/03/2011 4:48:46 AM
Type: Information Category: 0
Event: 902 Source: Microsoft-Windows-Security-SPP
The Software Protection service has started. 6.1.7600.16385

Log: 'Application' Date/Time: 12/03/2011 4:48:46 AM
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-SPP
The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
1: 358fb95b-0090-44fb-883a-75734e060c30, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 8dffd6e4-0497-4c35-b7d7-e47cf464cf30, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 30 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
4: ae2ee509-1b34-41c0-acb7-6d4650168915, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: b793ff2d-9d80-407c-b521-85111c51028c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: d188820a-cb63-4bad-a9a2-40b843ee23b7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]



Log: 'Application' Date/Time: 12/03/2011 4:48:46 AM
Type: Information Category: 0
Event: 1066 Source: Microsoft-Windows-Security-SPP
Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000


Log: 'Application' Date/Time: 12/03/2011 4:48:46 AM
Type: Information Category: 0
Event: 900 Source: Microsoft-Windows-Security-SPP
The Software Protection service is starting.

Log: 'Application' Date/Time: 12/03/2011 4:47:51 AM
Type: Information Category: 0
Event: 9013 Source: Desktop Window Manager
The Desktop Window Manager was unable to start because composition was disabled by a running application

Log: 'Application' Date/Time: 12/03/2011 4:47:51 AM
Type: Information Category: 0
Event: 9010 Source: Desktop Window Manager
A request to disable the Desktop Window Manager was made by process (4)

Log: 'Application' Date/Time: 12/03/2011 4:46:54 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 12/03/2011 4:46:54 AM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.

Log: 'Application' Date/Time: 12/03/2011 4:46:54 AM
Type: Information Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 12/03/2011 4:46:52 AM
Type: Information Category: 0
Event: 5617 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service subsystems initialized successfully

Log: 'Application' Date/Time: 12/03/2011 4:46:45 AM
Type: Information Category: 0
Event: 5615 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service started sucessfully

Log: 'Application' Date/Time: 12/03/2011 4:46:44 AM
Type: Information Category: 0
Event: 4625 Source: Microsoft-Windows-EventSystem
The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/03/2011 7:11:07 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 6:56:21 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 12/03/2011 6:54:37 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 12/03/2011 6:52:03 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 6:51:05 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 6:39:26 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 12/03/2011 6:34:35 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 12/03/2011 6:31:02 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 6:30:41 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 6:14:32 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 12/03/2011 6:10:59 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 5:57:42 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 12/03/2011 5:54:29 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 12/03/2011 5:53:57 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 5:50:56 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 5:46:39 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 12/03/2011 5:42:11 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the stopped state.

Log: 'System' Date/Time: 12/03/2011 5:34:26 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 12/03/2011 5:31:29 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the running state.

Log: 'System' Date/Time: 12/03/2011 5:31:09 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 12 March 2011 - 11:03 AM

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Jonatutu

Jonatutu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 March 2011 - 12:41 PM

Thanks for helping me. Giving me very detailed steps.
I have created a topic at malware site attach a SDD log.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:44 AM

Posted 12 March 2011 - 01:12 PM

Cool :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users