TechSpot

Multiple Winlogons

By mcertini
May 29, 2012
  1. A few days ago I noted multiple Winlogons in my task manager. It was a concern to see this though I did not know if it was a problem or not. After loading Hookshark I noted that this file had multiple hardware break point hooks. I noted also today that I do not have two Winlogons running which causes me to wonder why I am not seeing this.

    On my computer I have a custom application that was built to patch memory addresses to expand virtual memory beyond Window's allocation. I do not think this would have anything to do with a login. Does anyone out know why I would have multiple logins?

    Edit: Attached image deleted by Bobbye as not useful.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am removing the image as I have not idea what it represents. You have posted in the Virus and Malware Forum.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. mcertini

    mcertini TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.29.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MikeCertini :: MCERTINI-PC [administrator]

    5/29/2012 9:07
    mbam-log-2012-05-29 (09-07-03).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204069
    Time elapsed: 2 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    -----------------------------------

    There was no GMER file.

    -----------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by MikeCertini at 9:32:51 on 2012-05-29
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8105.6019 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Wireshark\wireshark.exe
    C:\Program Files\Wireshark\dumpcap.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    "mWinlogon: Userinit=userinit.exe,"
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427095741.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    "TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - ""C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"""
    mRun: [<NO NAME>]
    "mRun: [SunJavaUpdateSched] ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"""
    "mRun: [mcui_exe] ""C:\Program Files\McAfee.com\Agent\mcagent.exe"" /runkey"
    "mRun: [RoxWatchTray] ""C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"""
    "mRun: [Desktop Disc Tool] ""C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"""
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    "mRun: [Adobe Reader Speed Launcher] ""C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"""
    "mRun: [Adobe ARM] ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"""
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5F85476B-B570-4D85-9BD6-B6C03248724A} : DhcpNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427095741.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    "TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - ""C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"""
    mRun-x64: [(Default)]
    "mRun-x64: [SunJavaUpdateSched] ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"""
    "mRun-x64: [mcui_exe] ""C:\Program Files\McAfee.com\Agent\mcagent.exe"" /runkey"
    "mRun-x64: [RoxWatchTray] ""C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"""
    "mRun-x64: [Desktop Disc Tool] ""C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"""
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    "mRun-x64: [Adobe Reader Speed Launcher] ""C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"""
    "mRun-x64: [Adobe ARM] ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"""
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-17 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-17 210584]
    "R2 mfevtp;McAfee Validation Trust Protection Service;""C:\Windows\system32\mfevtps.exe"" --> C:\Windows\system32\mfevtps.exe [?]"
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]
    R2 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-17 1692480]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
    S3 FilterMon;FilterMon;C:\Users\MikeCertini\Documents\Utilities\Kernel Filter Monitoring Tools\x86\FilterMon.sys [2009-10-20 33000]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-17 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
    S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
    .
    =============== Created Last 30 ================
    .
    5/26/2012 1:00 -------- d-----w- C:\Users\MikeCertini\My Backup Files
    5/26/2012 0:01 -------- d-----w- C:\Program Files\PC Optimizer Pro
    5/25/2012 19:49 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{154079A5-EFA2-4AC4-AB97-0C62FE34E401}\mpengine.dll
    5/25/2012 4:27 -------- d-----w- C:\ProgramData\Sophos
    5/25/2012 4:25 -------- d-----w- C:\scss_10
    5/24/2012 15:51 -------- d-----w- C:\Windows\pss
    5/24/2012 4:11 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    5/15/2012 5:13 -------- d-----w- C:\Program Files (x86)\HashCalc
    5/14/2012 6:01 -------- d-----w- C:\Program Files\Dell Support Center
    5/14/2012 5:53 -------- d-----w- C:\Users\MikeCertini\AppData\Roaming\PCDr
    5/14/2012 4:58 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    5/14/2012 4:58 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    5/14/2012 4:58 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    5/14/2012 4:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    5/14/2012 4:58 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    5/14/2012 4:58 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    5/14/2012 4:57 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    5/14/2012 4:57 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    5/14/2012 4:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    5/14/2012 4:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    5/14/2012 4:57 3146240 ----a-w- C:\Windows\System32\win32k.sys
    5/14/2012 4:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    5/14/2012 4:56 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    5/14/2012 4:22 27016 ----a-w- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
    4/30/2012 4:57 -------- d-----w- C:\Program Files\Windows XP Mode
    4/29/2012 22:41 -------- d-----r- C:\Users\MikeCertini\Virtual Machines
    4/29/2012 22:36 3584 ----a-w- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
    4/29/2012 22:35 3584 ----a-w- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
    .
    ==================== Find3M ====================
    .
    4/4/2012 22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    3/20/2012 20:11 162192 ----a-w- C:\Windows\System32\mfevtps.exe
    3/20/2012 6:44 5888792 ----a-w- C:\Windows\System32\GfxUI.exe
    3/20/2012 6:44 509720 ----a-w- C:\Windows\System32\igfxsrvc.exe
    3/20/2012 6:44 439064 ----a-w- C:\Windows\System32\igfxpers.exe
    3/20/2012 6:44 398616 ----a-w- C:\Windows\System32\hkcmd.exe
    3/20/2012 6:44 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
    3/20/2012 6:44 250136 ----a-w- C:\Windows\System32\igfxext.exe
    3/20/2012 6:44 184600 ----a-w- C:\Windows\System32\difx64.exe
    3/20/2012 6:44 170264 ----a-w- C:\Windows\System32\igfxtray.exe
    3/20/2012 6:42 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2696.dll
    3/20/2012 6:32 14745600 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    3/20/2012 6:31 8087040 ----a-w- C:\Windows\System32\igdumd64.dll
    3/20/2012 6:31 79360 ----a-w- C:\Windows\System32\igdde64.dll
    3/20/2012 6:26 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
    3/20/2012 6:25 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
    3/20/2012 6:22 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
    3/20/2012 6:11 7795200 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
    3/20/2012 5:31 18137088 ----a-w- C:\Windows\System32\ig4icd64.dll
    3/20/2012 5:21 13212672 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    3/20/2012 5:17 28672 ----a-w- C:\Windows\System32\igfxexps.dll
    3/20/2012 5:17 63488 ----a-w- C:\Windows\System32\igfxsrvc.dll
    3/20/2012 5:17 110592 ----a-w- C:\Windows\System32\hccutils.dll
    3/20/2012 5:17 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
    3/20/2012 5:17 434688 ----a-w- C:\Windows\System32\igfxdev.dll
    3/20/2012 5:17 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
    3/20/2012 5:16 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
    3/20/2012 5:16 142336 ----a-w- C:\Windows\System32\igfxdo.dll
    3/20/2012 5:16 9007616 ----a-w- C:\Windows\System32\igfxress.dll
    3/20/2012 5:12 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
    3/20/2012 5:11 325120 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
    3/1/2012 6:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    3/1/2012 6:38 220672 ----a-w- C:\Windows\System32\wintrust.dll
    3/1/2012 6:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    3/1/2012 6:28 5120 ----a-w- C:\Windows\System32\wmi.dll
    3/1/2012 5:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    3/1/2012 5:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    3/1/2012 5:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    .
    ============= FINISH: 9:33:08.92 ===============

    .
    "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG."
    "IF REQUESTED, ZIP IT UP & ATTACH IT"
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/20/2012 5:40:06 PM
    System Uptime: 5/29/2012 8:59:13 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0GDG8Y
    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
    .
    ==== Disk Partitions =========================
    .
    "C: is FIXED (NTFS) - 451 GiB total, 102.589 GiB free."
    D: is CDROM ()
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP92: 5/23/2012 8:20:55 PM - Removed Debugging Tools for Windows (x64)
    RP93: 5/23/2012 9:11:34 PM - Windows Update
    RP94: 5/24/2012 9:25:48 PM - Installed Sophos Computer Security Scan.
    RP95: 5/24/2012 9:26:28 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP96: 5/24/2012 9:38:46 PM - Installed Sophos Virus Removal Tool.
    RP97: 5/25/2012 7:57:43 AM - Removed Sophos Computer Security Scan.
    RP98: 5/25/2012 11:38:58 AM - Removed Sophos Virus Removal Tool.
    RP99: 5/25/2012 11:39:37 AM - Removed Sophos Computer Security Scan.
    RP100: 5/25/2012 1:04:20 PM - Windows Update
    RP101: 5/27/2012 11:06:20 AM - Removed Application Verifier (x64)
    RP102: 5/27/2012 6:42:58 PM - Removed SyncUP.
    RP103: 5/27/2012 6:43:40 PM - Removed SyncUP.
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe AIR
    Adobe Reader X MUI
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blio
    Boost C++ Libraries 1.47
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Consumer In-Home Service Agreement
    Cozi
    Crystal Reports Basic for Visual Studio 2008
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell VideoStage
    Diner Dash 2 Restaurant Rescue
    DirectX 9 Runtime
    Dora's World Adventure
    eBay
    Escape Whisper Valley (TM)
    Farm Frenzy
    FATE
    Final Drive Fury
    Final Drive Nitro
    FXCM MetaTrader 4
    HashCalc 2.02
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 31
    Jewel Quest
    Jewel Quest Solitaire 2
    Luxor
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee SecurityCenter
    MetaTrader 4.00
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Document Explorer 2008
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    Microsoft Office Single Image 2010
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 R2 Books Online
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows Debugging Symbols
    MSDN Library for Visual Studio 2008 - ENU
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars PAC-MAN
    Penguins!
    PhotoShowExpress
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Samantha Swift
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype™ 5.5
    Sonic CinePlayer Decoder Pack
    TrustedID
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
    Update Installer for WildTangent Games App
    VC Runtimes MSI
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    "Wedding Dash - Ready, Aim, Love!"
    WildTangent Games
    WildTangent Games App (Dell Games)
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows SDK IntellisenseNFX
    WinPcap 4.1.2
    Wireshark 1.6.5
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    "5/29/2012 9:04:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service."
    "5/29/2012 8:59:39 AM, Error: Service Control Manager [7024] - The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724."
    "5/29/2012 8:59:39 AM, Error: Service Control Manager [7024] - The SQL Active Directory Helper Service service terminated with service-specific error %%-1073741724."
    "5/25/2012 5:37:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service McNaiAnn with arguments """" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}"
    "5/25/2012 5:34:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service McNaiAnn with arguments """" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}"
    "5/25/2012 5:33:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1068"" attempting to start the service stisvc with arguments """" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}"
    "5/25/2012 5:30:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1068"" attempting to start the service netprofm with arguments """" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}"
    "5/25/2012 5:30:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1068"" attempting to start the service netman with arguments """" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}"
    "5/25/2012 5:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service EventSystem with arguments """" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}"
    "5/25/2012 5:30:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error ""1084"" attempting to start the service ShellHWDetection with arguments """" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}"
    "5/25/2012 5:30:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf"
    "5/25/2012 5:30:31 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:30:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning."
    "5/25/2012 5:14:43 PM, Error: Application Popup [1060] - \??\C:\Users\MikeCertini\Documents\Utilities\Kernel Detective\K has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver."
    "5/25/2012 4:51:17 PM, Error: Service Control Manager [7000] - The FilterMon service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source."
    "5/25/2012 4:34:22 PM, Error: Application Popup [1060] - \??\C:\Users\MikeCertini\Documents\Utilities\SSDT_Hooks_Reveale has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver."
    "5/24/2012 8:29:11 PM, Error: Service Control Manager [7034] - The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s)."
    "5/24/2012 3:17:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf"
    "5/22/2012 2:09:37 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit."
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What I'm seeing:
    There are 7 of these processes running:
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\***************.exe
    SQL Server Express > powerful and reliable data management product that delivers rich features, data protection, and performance for embedded application clients, light Web applications, and local data stores.

    There are 2 processes for Wireshark:
    Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

    You're running the HashCalc: Calculator to compute message digests, checksums and HMACs for files, as well as for text and hex strings.

    There are multiple errors for Services> either dependency isn't running or device (router?) isn't working.

    What is your use for all this data you are managing?
     
  5. mcertini

    mcertini TS Rookie Topic Starter

    Bobbye,

    Thank you for your response. I use SQL Server Express as a sandbox for learning SQL Server. I installed Wireshark so I am familiar with this. I have turned off some services that I am not familiar with. I need to clean this up and identify what is bonafide.

    Mike
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You need to get these Services running correctly, with their Dependencies:
    Always use a reference when changing Startup Type for Services. Dependencies aalso need to be deal with. I recommend using Black Viuper's site> scroll down to below the image for the Services. Changing Services usually works best in Safe Mode because of the need to have Dependencies running:

    http://www.blackviper.com/service-c...dows-7-service-pack-1-service-configurations/
    =====================================================
    Basically you'rew telling me that you have set or know about all of the multiple entries. If tht is correct, it isn't going to help point to the multiple logons.
    After you have reset the Services correctly, please go on to the following:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ==================================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave the 2 logs in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...