TechSpot

Random audio and Google search PC infection

By Jeshman
Jul 20, 2012
  1. My computer at random is playing clips of sounds and I don't know where they are coming from. It seems to be slowing my computer down, and when I do a search on google it redirects me to pages that don't fit the search. I have run a scan with Microsoft Security Essentials and with Malwarebytes Anti-Malware. I fixed one trojan but the problem is still there. I also tried to do a system restore but that didn't work, it said it failed to complete it. What do I need to do to fix the problem? Or is there more information I need to give you?

    Thanks
    Jesh
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.
     
  3. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is the log from the malwarebytes scan. I also noticed that under the Quarantine tab I have 2 items one called Trojan.Agent.EX... and the other is PUP.Zugo. Should I delete thoes?

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.18.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Hal :: HAL-PC [administrator]
    7/20/2012 10:23:54 AM
    mbam-log-2012-07-20 (10-23-54).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 256525
    Time elapsed: 28 minute(s), 34 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Sure. Please post the other logs when ready.
     
  5. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Im having some problems so I will just post one log at a time. Sorry about that. The internet keeps locking up if I try to do more than one. This is 1 of 3

    Thanks for your time.
    Jesh

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/24/2007 1:36:08 AM
    System Uptime: 7/20/2012 1:34:37 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0WG864
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 12.461 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.513 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    AcademicOnline Interactive Mathematics
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Audition 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Encore DVD 1.0
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Illustrator CS
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro
    Adobe Reader X (10.1.3)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe SVG Viewer 3.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advertising Center
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Art Deco Fonts, Version 4.0
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    BufferChm
    C3100
    c3100_Help
    Choice Guard
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Connect
    Copy
    Corel Paint Shop Pro Photo XI
    Corel Snapfire Plus
    Creative Audio Pack
    Creative MediaSource 5
    CustomerResearchQFolder
    Dell Games
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DocProc
    DocProcQFolder
    Documentation & Support Launcher
    DolbyFiles
    DVD Shrink 3.2
    EarthLink Setup Files
    eSupportQFolder
    Fax
    ffdshow (remove only)
    Games, Music, & Photos Launcher
    Google Desktop
    Google SketchUp 6
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Driver Diagnostics
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Product Assistant
    HP Solution Center 8.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    iCloud
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Internet Service Offers Launcher
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    kuler
    Mah Jong Quest II
    Mahjong Tales - Ancient Wisdom
    Mahjong World
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Streets & Trips 2009
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Diagnostic Tool
    Move Networks Media Player for Internet Explorer
    Movie Templates - Starter Kit
    Mozilla ActiveX Control v1.7.12
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9
    Nero Burning ROM Help
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero Disc Copy Gadget
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    Netflix Movie Viewer
    NetWaiting
    OGA Notifier 2.0.0048.0
    OpenAL
    OpenOffice.org Installer 1.0
    PayPal Plug-In
    PDF Settings CS4
    PENTAX Raw Codec
    Photoshop Camera Raw
    Picasa 2
    QuickBooks Pro 2008
    QuickTime
    RealArcade
    RealPlayer
    RealUpgrade 1.0
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Safari
    Scan
    Screen Grab Pro
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    ShopAtHome.com Toolbar
    Skype™ 5.9
    SolutionCenter
    Sonic Activation Module
    Sound Blaster X-Fi
    SoundTrax
    Spelling Dictionaries Support For Adobe Reader 8
    Spotify
    StartNow Toolbar
    Status
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    ToneThis
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    VideoLAN VLC media player 0.8.6f
    Virtual Earth 3D (Beta)
    Watchtower Library 2011 - English
    Watchtower Library 2011 - español
    WebEx Support Manager for Internet Explorer
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker Beta
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/20/2012 6:21:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    7/20/2012 5:51:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    7/20/2012 12:59:47 PM, Error: EventLog [6008] - The previous system shutdown at 12:56:59 PM on 7/20/2012 was unexpected.
    7/20/2012 1:38:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    7/20/2012 1:35:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C3100 series (Copy 1) with shared resource name . Error 1215. The printer cannot be used by others on the network.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/20/2012 1:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/20/2012 1:26:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    7/20/2012 1:26:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/20/2012 1:26:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:11 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    7/20/2012 1:23:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    7/20/2012 1:23:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/20/2012 1:21:34 PM, Error: EventLog [6008] - The previous system shutdown at 1:19:29 PM on 7/20/2012 was unexpected.
    7/20/2012 1:18:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
    7/20/2012 1:16:51 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:58 PM on 7/20/2012 was unexpected.
    7/20/2012 1:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 1:05:00 PM on 7/20/2012 was unexpected.
    7/19/2012 1:24:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.161.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80080005 Error description: Server execution failed
    7/18/2012 7:57:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.53.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    7/18/2012 7:20:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:29 PM on 7/17/2012 was unexpected.
    7/18/2012 11:15:14 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    7/18/2012 1:17:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    7/18/2012 1:17:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/18/2012 1:17:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/18/2012 1:13:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:11:54 PM on 7/18/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  6. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    I am having problems with copy and paste functions. My internet keeps stopping and resetting every time I try to post. I'll keep trying.

    Thanks for your time
    Jesh
     
  7. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    DDS Log #1

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Hal at 13:46:23 on 2012-07-20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.522 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\Ctxfihlp.exe
    C:\Windows\System32\CtHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\SYSTEM32\CTXFISPI.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.juno.com/start/sp.do?cf=www
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
    TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\hal\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
    uRun: [Spotify] "c:\users\hal\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [Spotify Web Helper] "c:\users\hal\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [<NO NAME>]
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [CTXFIREG] CTxfiReg.exe
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...DEwKzItRjEwTTEwRCsy"&"prod=92"&"ver=10.0.1204
    dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    StartupFolder: c:\users\hal\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUplden-us.cab
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{B22B405A-AA2D-4CBF-84EB-D18BC71B6026} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service;c:\program files\common files\creative labs shared\service\APLicensing.exe [2007-4-28 72704]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9d414ab8c82f8;Google Update Service (gupdate1c9d414ab8c82f8);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-13 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-20 19:36:33 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{019d5955-f68b-4070-89e0-066d1e593efe}\mpengine.dll
    2012-07-20 19:28:25 100864 ----a-w- C:\pwldipow.sys
    2012-07-18 19:27:15 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-07-11 12:15:59 -------- d-----w- c:\program files\Windows Portable Devices
    2012-07-11 11:36:09 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 11:34:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2012-07-11 11:34:43 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-07-11 11:34:43 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-07-11 11:11:29 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-07-11 11:11:29 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-07-11 11:11:29 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-07-11 11:11:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-11 08:22:39 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-11 08:22:39 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-11 08:22:39 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-11 08:22:29 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 08:22:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 08:22:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 08:21:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 08:21:40 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-07-11 08:21:40 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-07-11 08:21:40 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 08:21:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 08:21:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-07-10 14:23:33 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-07-10 14:23:33 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2012-07-10 14:23:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2012-07-10 14:23:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-07-10 14:23:28 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-07-10 14:23:28 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-07-10 14:23:14 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-07-10 14:23:04 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-07-10 14:21:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-07-10 14:21:42 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-07-10 14:21:42 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-07-10 14:21:41 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-07-10 14:21:41 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-07-10 14:21:22 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-10 14:21:20 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-10 14:21:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-07-10 14:21:18 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2012-07-10 14:20:37 231424 ----a-w- c:\windows\system32\msshsq.dll
    2012-07-10 14:08:40 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-07-10 13:49:53 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-10 13:49:10 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-10 13:49:00 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-07-10 13:49:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-10 02:26:01 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2012-07-10 02:26:00 98816 ----a-w- c:\windows\system32\mfps.dll
    2012-07-10 02:26:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2012-07-10 02:26:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2012-07-10 02:26:00 2873344 ----a-w- c:\windows\system32\mf.dll
    2012-07-10 02:26:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2012-07-10 02:23:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-07-10 02:23:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-07-10 02:23:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-07-10 02:23:18 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-07-10 02:23:17 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-07-10 02:23:17 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-07-10 02:23:17 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-07-10 01:56:28 -------- d-----w- c:\windows\system32\eu-ES
    2012-07-10 01:56:28 -------- d-----w- c:\windows\system32\ca-ES
    2012-07-10 01:56:27 -------- d-----w- c:\windows\system32\vi-VN
    2012-07-10 01:46:09 -------- d-----w- c:\windows\system32\SPReview
    2012-07-10 01:13:22 928768 ----a-w- c:\windows\system32\scavenge.dll
    2012-07-10 01:13:01 57856 ----a-w- c:\windows\system32\compcln.exe
    2012-07-10 01:01:55 93696 ----a-w- c:\windows\system32\eappgnui.dll
    2012-07-10 01:00:59 883712 ----a-w- c:\windows\system32\IMJP10.IME
    2012-07-10 00:59:57 558080 ----a-w- c:\windows\system32\sysmain.dll
    2012-07-10 00:58:59 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
    2012-07-10 00:44:18 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-09 18:28:30 -------- d-----w- c:\users\hal\appdata\local\ElevatedDiagnostics
    2012-07-04 04:19:25 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{51fd3e7c-6804-4c49-975c-e06d1799c958}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-07-18 19:07:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-18 19:07:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-10 02:25:59 209920 ----a-w- c:\windows\system32\mfplat.dll
    2012-07-10 02:23:23 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2012-07-10 01:54:05 409600 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-10 01:54:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2009-12-17 23:53:40 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
    .
    ============= FINISH: 13:50:02.88 ===============
     
  8. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    DDS Log #2

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/24/2007 1:36:08 AM
    System Uptime: 7/20/2012 1:34:37 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0WG864
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 12.461 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.513 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    AcademicOnline Interactive Mathematics
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Audition 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Encore DVD 1.0
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Illustrator CS
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro
    Adobe Reader X (10.1.3)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe SVG Viewer 3.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advertising Center
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Art Deco Fonts, Version 4.0
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    BufferChm
    C3100
    c3100_Help
    Choice Guard
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    Connect
    Copy
    Corel Paint Shop Pro Photo XI
    Corel Snapfire Plus
    Creative Audio Pack
    Creative MediaSource 5
    CustomerResearchQFolder
    Dell Games
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digital Line Detect
    DocProc
    DocProcQFolder
    Documentation & Support Launcher
    DolbyFiles
    DVD Shrink 3.2
    EarthLink Setup Files
    eSupportQFolder
    Fax
    ffdshow (remove only)
    Games, Music, & Photos Launcher
    Google Desktop
    Google SketchUp 6
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Driver Diagnostics
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Product Assistant
    HP Solution Center 8.0
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    iCloud
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Internet Service Offers Launcher
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    kuler
    Mah Jong Quest II
    Mahjong Tales - Ancient Wisdom
    Mahjong World
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Streets & Trips 2009
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Diagnostic Tool
    Move Networks Media Player for Internet Explorer
    Movie Templates - Starter Kit
    Mozilla ActiveX Control v1.7.12
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9
    Nero Burning ROM Help
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero Disc Copy Gadget
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    Netflix Movie Viewer
    NetWaiting
    OGA Notifier 2.0.0048.0
    OpenAL
    OpenOffice.org Installer 1.0
    PayPal Plug-In
    PDF Settings CS4
    PENTAX Raw Codec
    Photoshop Camera Raw
    Picasa 2
    QuickBooks Pro 2008
    QuickTime
    RealArcade
    RealPlayer
    RealUpgrade 1.0
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Safari
    Scan
    Screen Grab Pro
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    ShopAtHome.com Toolbar
    Skype™ 5.9
    SolutionCenter
    Sonic Activation Module
    Sound Blaster X-Fi
    SoundTrax
    Spelling Dictionaries Support For Adobe Reader 8
    Spotify
    StartNow Toolbar
    Status
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    ToneThis
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    VideoLAN VLC media player 0.8.6f
    Virtual Earth 3D (Beta)
    Watchtower Library 2011 - English
    Watchtower Library 2011 - español
    WebEx Support Manager for Internet Explorer
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker Beta
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/20/2012 6:21:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    7/20/2012 5:51:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    7/20/2012 12:59:47 PM, Error: EventLog [6008] - The previous system shutdown at 12:56:59 PM on 7/20/2012 was unexpected.
    7/20/2012 1:38:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    7/20/2012 1:35:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C3100 series (Copy 1) with shared resource name . Error 1215. The printer cannot be used by others on the network.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/20/2012 1:27:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/20/2012 1:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/20/2012 1:26:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    7/20/2012 1:26:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/20/2012 1:26:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
    7/20/2012 1:24:11 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    7/20/2012 1:23:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    7/20/2012 1:23:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/20/2012 1:21:34 PM, Error: EventLog [6008] - The previous system shutdown at 1:19:29 PM on 7/20/2012 was unexpected.
    7/20/2012 1:18:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
    7/20/2012 1:16:51 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:58 PM on 7/20/2012 was unexpected.
    7/20/2012 1:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 1:05:00 PM on 7/20/2012 was unexpected.
    7/19/2012 1:24:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.161.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80080005 Error description: Server execution failed
    7/18/2012 7:57:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.53.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    7/18/2012 7:20:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:29 PM on 7/17/2012 was unexpected.
    7/18/2012 11:15:14 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    7/18/2012 1:17:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    7/18/2012 1:17:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/18/2012 1:17:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/18/2012 1:13:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:11:54 PM on 7/18/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  9. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    GMER Log
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-20 13:34:06
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
    Running: cfnpcnzy.exe; Driver: C:\Users\Hal\AppData\Local\Temp\pwldipow.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- EOF - GMER 1.0.15 ----
     
  10. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Ok that should be all of the logs. Let me know if I need to do something esle.

    Thanks for all of your time.
    Jesh
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi again!

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  12. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Hi here is the scan log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-21 11:37:18
    -----------------------------
    11:37:18.458 OS Version: Windows 6.0.6002 Service Pack 2
    11:37:18.458 Number of processors: 2 586 0x604
    11:37:18.468 ComputerName: HAL-PC UserName: Hal
    11:37:28.429 Initialize success
    11:37:45.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:37:45.025 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
    11:37:45.038 Disk 0 MBR read successfully
    11:37:45.041 Disk 0 MBR scan
    11:37:45.044 Disk 0 Windows VISTA default MBR code
    11:37:45.047 Disk 0 MBR hidden
    11:37:45.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    11:37:45.087 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
    11:37:45.099 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
    11:37:45.113 Disk 0 scanning sectors +312496128
    11:37:45.166 Disk 0 scanning C:\Windows\system32\drivers
    11:38:01.288 Service scanning
    11:38:14.963 Service MpKslfd32894a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007F0FB0-563E-4F15-83DB-58147D3DC012}\MpKslfd32894a.sys **LOCKED** 32
    11:38:35.623 Modules scanning
    11:39:06.963 Disk 0 trace - called modules:
    11:39:06.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8717f4b1]<<
    11:39:06.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867feac8]
    11:39:07.011 3 CLASSPNP.SYS[8859d8b3] -> nt!IofCallDriver -> [0x871e9030]
    11:39:07.020 \Driver\iaStor[0x8714ff38] -> IRP_MJ_CREATE -> 0x8717f4b1
    11:39:07.033 Scan finished successfully
    11:41:22.569 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
    11:41:23.310 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  14. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is the Combofix log

    ComboFix 12-07-21.01 - Hal 07/22/2012 22:24:04.2.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1561 [GMT -6:00]
    Running from: c:\users\Hal\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files\SelectRebates\FFToolbar\chrome.manifest
    c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files\SelectRebates\SelectRebates.exe
    c:\program files\SelectRebates\SelectRebates.ini
    c:\program files\SelectRebates\SelectRebatesApi.exe
    c:\program files\SelectRebates\SelectRebatesDownload.exe
    c:\program files\SelectRebates\SelectRebatesUninstall.exe
    c:\program files\SelectRebates\SRebates.dll
    c:\program files\SelectRebates\SRFF3.dll
    c:\program files\SelectRebates\Toolbar\ShOPathometoolbar.dll
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\protect\index.html
    c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files\StartNow Toolbar\Resources\protect\window.css
    c:\program files\StartNow Toolbar\Resources\protect\window.js
    c:\program files\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\ToOLbar32.dll
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
    c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
    c:\windows\system\CW3215.DLL
    c:\windows\system32\odbcad32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-23 04:41 . 2012-07-23 04:42 -------- d-----w- c:\users\Hal\AppData\Local\temp
    2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-23 03:57 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3205BF1C-B83C-498C-B1EA-23F94AA3D5C5}\mpengine.dll
    2012-07-20 19:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-20 19:28 . 2012-07-20 19:28 100864 ----a-w- C:\pwldipow.sys
    2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- c:\program files\Windows Portable Devices
    2012-07-11 11:36 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 11:34 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2012-07-11 11:34 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-07-11 11:34 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-07-11 11:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-07-11 11:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
    2012-07-11 11:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2012-07-11 11:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-11 08:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-11 08:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-11 08:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-11 08:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 08:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 08:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 08:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 08:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 08:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 08:21 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-07-11 08:21 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-07-11 08:21 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-07-10 14:23 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2012-07-10 14:23 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2012-07-10 14:23 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-07-10 14:23 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-07-10 14:23 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-07-10 14:23 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-07-10 14:23 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-07-10 14:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-07-10 14:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-07-10 14:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-07-10 14:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-07-10 14:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-07-10 14:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-07-10 14:21 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-10 14:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-10 14:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-07-10 14:21 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-07-10 14:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2012-07-10 14:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-07-10 13:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-10 13:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-07-10 13:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-10 13:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-07-10 13:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-07-10 13:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-10 13:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-07-10 13:49 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-10 13:49 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-07-10 02:26 . 2012-07-10 02:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2012-07-10 02:26 . 2012-07-10 02:26 98816 ----a-w- c:\windows\system32\mfps.dll
    2012-07-10 02:26 . 2012-07-10 02:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2012-07-10 02:26 . 2012-07-10 02:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2012-07-10 02:26 . 2012-07-10 02:26 2873344 ----a-w- c:\windows\system32\mf.dll
    2012-07-10 02:26 . 2012-07-10 02:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2012-07-10 02:23 . 2012-07-10 02:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-07-10 02:23 . 2012-07-10 02:23 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-07-10 02:23 . 2012-07-10 02:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-07-10 02:23 . 2012-07-10 02:23 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-07-10 02:23 . 2012-07-10 02:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-07-10 02:23 . 2012-07-10 02:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-07-10 02:23 . 2012-07-10 02:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\ca-ES
    2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\eu-ES
    2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\vi-VN
    2012-07-10 01:46 . 2012-07-10 01:46 -------- d-----w- c:\windows\system32\SPReview
    2012-07-10 01:13 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
    2012-07-10 01:13 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
    2012-07-10 01:01 . 2009-04-11 05:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
    2012-07-10 01:00 . 2009-04-11 05:28 378368 ----a-w- c:\windows\system32\imapi2.dll
    2012-07-10 00:59 . 2009-04-11 05:28 558080 ----a-w- c:\windows\system32\sysmain.dll
    2012-07-10 00:58 . 2009-04-11 05:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
    2012-07-10 00:44 . 2012-07-10 00:44 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-09 18:28 . 2012-07-09 18:28 -------- d-----w- c:\users\Hal\AppData\Local\ElevatedDiagnostics
    2012-07-04 04:19 . 2012-02-10 16:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51FD3E7C-6804-4C49-975C-E06D1799C958}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-18 19:07 . 2012-04-03 14:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-18 19:07 . 2011-07-26 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-10 02:23 . 2012-07-10 02:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
    2012-07-10 01:54 . 2007-03-24 07:35 409600 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-10 01:54 . 2007-03-24 07:35 114688 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-03 19:46 . 2011-03-03 05:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-17 23:53 . 2009-12-17 23:34 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-07 39408]
    "Spotify"="c:\users\Hal\AppData\Roaming\Spotify\Spotify.exe" [2012-06-09 9478320]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Spotify Web Helper"="c:\users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-09 932528]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 1838592]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
    "CTXFIREG"="CTxfiReg.exe" [2006-11-28 44032]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-11-28 20480]
    "CTHelper"="CTHELPER.EXE" [2006-11-28 19456]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...VgyMDEwKzItRjEwTTEwRCsy&prod=92&ver=10.0.1204" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2006-11-28 28672]
    .
    c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2643686760-567394002-1274692540-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
    .
    2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
    .
    2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000Core1cb6f1766cf05cd.job
    - c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
    .
    2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000UA.job
    - c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
    .
    2012-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643686760-567394002-1274692540-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
    HKLM-Run-NBAgent - c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
    HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
    AddRemove-Artdeco_is1 - e:\art deco fonts\unins000.exe
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-22 22:41
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?
    CTHelper = CTHELPER.EXE?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,83,aa,c1,33,fc,4f,42,bb,d5,19,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(776)
    c:\windows\system32\igfxsrvc.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2012-07-22 22:52:19
    ComboFix-quarantined-files.txt 2012-07-23 04:52
    .
    Pre-Run: 13,384,421,376 bytes free
    Post-Run: 13,326,000,128 bytes free
    .
    - - End Of File - - CC86B282DC7B0EB541F567627095CB29
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  16. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is ESET Log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=c5f0c5c038de5544b9c4ea5a647b34df
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-23 04:56:16
    # local_time=2012-07-23 10:56:16 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1024 16777215 100 0 44127704 44127704 0 0
    # compatibility_mode=2561 16777214 0 14 89322063 89322063 0 0
    # compatibility_mode=5892 16776574 100 100 0 179662043 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=260726
    # found=3
    # cleaned=3
    # scan_time=8062
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Those were only quarantined files, harmless.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  18. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    It seems to be running slow and when I do a search on google tool bar and hit return it gives me usless search info. But if I hit the search botton next to it I get good search results, but it redirects me to some other random search engine. For example when I hit return ...when I search for computer problems it gives me This...
    1. Welcome to Facebook - Log In, Sign Up or Learn More
      www.facebook.com
      Facebook is a social utility that connects people with friends and others who work, study and live around them. People use Facebook to keep up with friends, upload an ...
    2. F: Summary for Ford Motor Company Common Stock- Yahoo! Finance
      finance.yahoo.com/q?s=f
      View the basic F stock chart on Yahoo! Finance. Change the date range, chart type and compare Ford Motor Company Common Stock against other companies.
    3. F - Wikipedia, the free encyclopedia
      en.wikipedia.org/wiki/F
      F is the sixth letter in the ISO basic Latin alphabet. Proto-Semitic W Phoenician waw Etruscan V or W Greek Digamma Roman F The origin of f is the Semitic ...
     
  19. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    I also have had problems with copy and paste. It just bogs down my computer. Sometimes I have to shut the screen and do it a few times and them I can paste. I have also had it go to a blue screen a few times when I was doing all the scans, that said a problem had been detected and windows had to shut down. It then restarted the computer. So far I haven't heard any audio noise, but I shut off the speakers because it was making me crazy. I have them on now, so I'll see if that problem is still there.
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    We'll get this taken care of...

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  21. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is the log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-21 11:37:18
    -----------------------------
    11:37:18.458 OS Version: Windows 6.0.6002 Service Pack 2
    11:37:18.458 Number of processors: 2 586 0x604
    11:37:18.468 ComputerName: HAL-PC UserName: Hal
    11:37:28.429 Initialize success
    11:37:45.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:37:45.025 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
    11:37:45.038 Disk 0 MBR read successfully
    11:37:45.041 Disk 0 MBR scan
    11:37:45.044 Disk 0 Windows VISTA default MBR code
    11:37:45.047 Disk 0 MBR hidden
    11:37:45.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    11:37:45.087 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
    11:37:45.099 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
    11:37:45.113 Disk 0 scanning sectors +312496128
    11:37:45.166 Disk 0 scanning C:\Windows\system32\drivers
    11:38:01.288 Service scanning
    11:38:14.963 Service MpKslfd32894a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007F0FB0-563E-4F15-83DB-58147D3DC012}\MpKslfd32894a.sys **LOCKED** 32
    11:38:35.623 Modules scanning
    11:39:06.963 Disk 0 trace - called modules:
    11:39:06.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8717f4b1]<<
    11:39:06.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867feac8]
    11:39:07.011 3 CLASSPNP.SYS[8859d8b3] -> nt!IofCallDriver -> [0x871e9030]
    11:39:07.020 \Driver\iaStor[0x8714ff38] -> IRP_MJ_CREATE -> 0x8717f4b1
    11:39:07.033 Scan finished successfully
    11:41:22.569 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
    11:41:23.310 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-26 09:49:16
    -----------------------------
    09:49:16.153 OS Version: Windows 6.0.6002 Service Pack 2
    09:49:16.153 Number of processors: 2 586 0x604
    09:49:16.153 ComputerName: HAL-PC UserName: Hal
    09:49:41.176 Initialize success
    09:50:41.158 AVAST engine defs: 12072601
    09:50:48.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:50:48.006 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
    09:50:48.022 Disk 0 MBR read successfully
    09:50:48.037 Disk 0 MBR scan
    09:50:48.053 Disk 0 Windows VISTA default MBR code
    09:50:48.053 Disk 0 MBR hidden
    09:50:48.053 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    09:50:48.084 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
    09:50:48.100 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
    09:50:48.115 Disk 0 scanning sectors +312496128
    09:50:48.193 Disk 0 scanning C:\Windows\system32\drivers
    09:51:03.076 Service scanning
    09:51:33.558 Modules scanning
    09:51:37.770 Disk 0 trace - called modules:
    09:51:37.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862954b1]<<
    09:51:37.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8601e030]
    09:51:37.801 3 CLASSPNP.SYS[8859f8b3] -> nt!IofCallDriver -> [0x85f9caf8]
    09:51:37.801 \Driver\iaStor[0x8621f110] -> IRP_MJ_CREATE -> 0x862954b1
    09:51:38.535 AVAST engine scan C:\Windows
    09:51:43.542 AVAST engine scan C:\Windows\system32
    09:55:35.311 AVAST engine scan C:\Windows\system32\drivers
    09:55:50.662 AVAST engine scan C:\Users\Hal
    10:07:43.223 AVAST engine scan C:\ProgramData
    10:10:33.559 Scan finished successfully
    10:24:00.391 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
    10:24:00.423 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-26 11:04:59
    -----------------------------
    11:04:59.171 OS Version: Windows 6.0.6002 Service Pack 2
    11:04:59.171 Number of processors: 2 586 0x604
    11:04:59.171 ComputerName: HAL-PC UserName: Hal
    11:05:00.777 Initialize success
    11:05:10.262 AVAST engine defs: 12072601
    11:05:19.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:05:19.731 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
    11:05:19.763 Disk 0 MBR read successfully
    11:05:19.763 Disk 0 MBR scan
    11:05:19.794 Disk 0 Windows VISTA default MBR code
    11:05:19.794 Disk 0 MBR hidden
    11:05:19.825 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    11:05:19.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
    11:05:19.934 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
    11:05:19.981 Disk 0 scanning sectors +312496128
    11:05:20.043 Disk 0 scanning C:\Windows\system32\drivers
    11:06:01.602 Service scanning
    11:06:33.630 Service MpKsld56dfd35 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{389BC1F9-63D1-4558-9188-74A346F0E83F}\MpKsld56dfd35.sys **LOCKED** 32
    11:07:05.532 Modules scanning
    11:07:51.006 Disk 0 trace - called modules:
    11:07:51.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870a54b1]<<
    11:07:51.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672d228]
    11:07:51.021 3 CLASSPNP.SYS[885a28b3] -> nt!IofCallDriver -> [0x87095030]
    11:07:51.021 \Driver\iaStor[0x8702bf38] -> IRP_MJ_CREATE -> 0x870a54b1
    11:07:52.160 AVAST engine scan C:\Windows
    11:08:11.582 AVAST engine scan C:\Windows\system32
    11:16:31.631 AVAST engine scan C:\Windows\system32\drivers
    11:17:08.559 AVAST engine scan C:\Users\Hal
    11:34:48.823 AVAST engine scan C:\ProgramData
    11:39:36.514 Scan finished successfully
    12:36:03.286 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
    12:36:03.520 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    • Double-click on MBRCheck.exe to run it.
    • It will open a black window...please do not fix anything (if it gives you an option).
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  23. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is the the MBRCheck log

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Dell DM061
    Logical Drives Mask: 0x0000007c
    Kernel Drivers (total 164):
    0x82407000 \SystemRoot\system32\ntkrnlpa.exe
    0x827C1000 \SystemRoot\system32\hal.dll
    0x87247000 \SystemRoot\system32\kdcom.dll
    0x80404000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80474000 \SystemRoot\system32\PSHED.dll
    0x80485000 \SystemRoot\system32\BOOTVID.dll
    0x8048D000 \SystemRoot\system32\CLFS.SYS
    0x804CE000 \SystemRoot\system32\CI.dll
    0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80689000 \SystemRoot\system32\drivers\acpi.sys
    0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E0000 \SystemRoot\system32\drivers\pci.sys
    0x80707000 \SystemRoot\System32\drivers\partmgr.sys
    0x80717000 \SystemRoot\system32\drivers\volmgr.sys
    0x80726000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80770000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82A08000 \SystemRoot\system32\drivers\iastor.sys
    0x82AC0000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82AF2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82B02000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x82B2A000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x82B40000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82B49000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82C07000 \SystemRoot\system32\drivers\ndis.sys
    0x82D12000 \SystemRoot\system32\drivers\msrpc.sys
    0x82D3D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x82E0F000 \SystemRoot\System32\drivers\tcpip.sys
    0x82EFC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8840D000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8851D000 \SystemRoot\system32\drivers\volsnap.sys
    0x88556000 \SystemRoot\System32\Drivers\spldr.sys
    0x8855E000 \SystemRoot\System32\Drivers\mup.sys
    0x8856D000 \SystemRoot\System32\drivers\ecache.sys
    0x88594000 \SystemRoot\system32\drivers\disk.sys
    0x885A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x885C6000 \SystemRoot\system32\drivers\crcdisk.sys
    0x885DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x885E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x885F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8D207000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8D832000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D8D2000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D8DE000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x8D918000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8D923000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8D961000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8D970000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0x8D9BA000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CE0E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8CF11000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8CFC5000 \SystemRoot\system32\drivers\modem.sys
    0x82D78000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x8CFD2000 \SystemRoot\system32\drivers\portcls.sys
    0x82FCF000 \SystemRoot\system32\drivers\drmk.sys
    0x82BBB000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x8CE00000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x8CE08000 \SystemRoot\system32\drivers\pfc.sys
    0x8CE0B000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x8D9E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D200000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x80780000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x807AF000 \SystemRoot\system32\DRIVERS\storport.sys
    0x88400000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x805AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x82FF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x805C5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x82E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x805E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8DC03000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8DC18000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DC28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8DC33000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8DC3E000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8DC40000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8DC4A000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8DC57000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8DC8C000 \SystemRoot\system32\drivers\ha20x2k.sys
    0x8DDAB000 \SystemRoot\system32\drivers\emupia2k.sys
    0x8DDDA000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x92209000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x92232000 \SystemRoot\system32\drivers\ctac32k.sys
    0x922CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x922D7000 \SystemRoot\System32\Drivers\Null.SYS
    0x922DE000 \SystemRoot\System32\Drivers\Beep.SYS
    0x922E5000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x922F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x922FB000 \SystemRoot\System32\drivers\vga.sys
    0x92307000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x92328000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x92330000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x92338000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x92343000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x92351000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x9235A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x92370000 \SystemRoot\system32\DRIVERS\smb.sys
    0x92384000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x923B6000 \SystemRoot\system32\drivers\afd.sys
    0x92200000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x9380A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x93820000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9382E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x93841000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9387D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x93887000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9389E000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0x938B2000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x938BF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x93977000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x93980000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x93990000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x93992000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x9399B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x939B2000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x939BF000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x939C9000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x939D6000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x8DDEB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x93800000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x9A480000 \SystemRoot\System32\win32k.sys
    0x885CF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x922EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x82F17000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9A6A0000 \SystemRoot\System32\TSDDD.dll
    0x9A6C0000 \SystemRoot\System32\cdd.dll
    0x9A6D0000 \SystemRoot\System32\ATMFD.DLL
    0x82F26000 \SystemRoot\system32\drivers\luafv.sys
    0x82F41000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0x93809000 \SystemRoot\System32\DLA\DLADResM.SYS
    0x82F4C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0x939FB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0x923FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0x82F64000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0x82F6B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0x82F72000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0x82F88000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xB6A05000 \SystemRoot\system32\drivers\spsys.sys
    0xB6AB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xB6AC5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xB6AD8000 \SystemRoot\system32\drivers\HTTP.sys
    0xB6B45000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xB6B62000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xB6B7B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xB6B90000 \SystemRoot\system32\drivers\mrxdav.sys
    0xB6BB1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8C09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xB8C42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xB8C5A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xB8C82000 \SystemRoot\System32\DRIVERS\srv.sys
    0xB8CD1000 \SystemRoot\System32\Drivers\adfs.SYS
    0xB8CE2000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
    0xB8CE4000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xB8D0C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB8D10000 \SystemRoot\system32\drivers\peauth.sys
    0xB8DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB6BD0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB6BDC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x82FAF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xB8DF8000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xC5E0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xC5E20000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xC5E22000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F73F1998-BF86-4489-B4E0-84EEE00FB6B8}\MpKsldaf2a6dc.sys
    0x77000000 \Windows\System32\ntdll.dll
    Processes (total 96):
    0 System Idle Process
    4 System
    416 C:\Windows\System32\smss.exe
    548 csrss.exe
    592 C:\Windows\System32\wininit.exe
    600 csrss.exe
    636 C:\Windows\System32\services.exe
    668 C:\Windows\System32\winlogon.exe
    680 C:\Windows\System32\lsass.exe
    688 C:\Windows\System32\lsm.exe
    840 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    972 C:\Program Files\Microsoft Security Client\MsMpEng.exe
    1072 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\audiodg.exe
    1624 C:\Windows\System32\svchost.exe
    1656 C:\Windows\System32\SLsvc.exe
    1700 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\svchost.exe
    2032 C:\Windows\System32\taskeng.exe
    304 C:\Windows\System32\spoolsv.exe
    344 C:\Windows\System32\svchost.exe
    12 C:\Windows\System32\taskeng.exe
    1192 C:\Windows\System32\dwm.exe
    1268 C:\Windows\explorer.exe
    1900 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1984 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
    1988 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1116 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    1580 C:\Windows\System32\Ctxfihlp.exe
    1440 C:\Windows\System32\CtHelper.exe
    1360 C:\Windows\System32\hkcmd.exe
    912 C:\Windows\System32\igfxpers.exe
    2140 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2148 C:\Program Files\Citrix\ICA Client\concentr.exe
    2176 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2184 C:\Program Files\Microsoft Security Client\msseces.exe
    2208 C:\Program Files\iTunes\iTunesHelper.exe
    2216 C:\Windows\ehome\ehtray.exe
    2232 C:\Program Files\DellSupport\DSAgnt.exe
    2240 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2256 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    2336 C:\Users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    2344 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2356 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2408 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    2452 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    2468 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2720 C:\Program Files\Bonjour\mDNSResponder.exe
    2740 C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
    2776 C:\Windows\System32\CTSVCCDA.EXE
    2808 C:\Windows\System32\svchost.exe
    2956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3148 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    3192 C:\Windows\System32\svchost.exe
    3276 C:\Windows\System32\IoctlSvc.exe
    3320 C:\Windows\System32\svchost.exe
    3336 C:\Windows\System32\svchost.exe
    3372 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    3496 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    3572 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    3632 C:\Windows\ehome\ehmsas.exe
    3660 C:\Windows\System32\svchost.exe
    3716 C:\Windows\System32\svchost.exe
    3852 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3904 C:\Windows\System32\SearchIndexer.exe
    2320 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    2384 WUDFHost.exe
    2332 C:\Windows\System32\CTxfispi.exe
    2592 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    2940 C:\Windows\System32\drivers\XAudio.exe
    2692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3744 C:\Windows\System32\svchost.exe
    4024 C:\Windows\System32\mobsync.exe
    3204 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2104 C:\Program Files\iPod\bin\iPodService.exe
    4484 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4536 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    5540 C:\Program Files\Internet Explorer\iexplore.exe
    5696 C:\Program Files\Internet Explorer\iexplore.exe
    3268 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    7060 C:\Program Files\Internet Explorer\iexplore.exe
    6000 MpCmdRun.exe
    2168 C:\Windows\System32\igfxsrvc.exe
    5932 C:\Users\Hal\Desktop\MBRCheck.exe
    6196 C:\Program Files\Real\RealPlayer\realplay.exe
    8160 C:\Program Files\Real\RealPlayer\realplay.exe
    7992 C:\Program Files\Real\RealPlayer\realplay.exe
    7708 C:\Program Files\Real\RealPlayer\realplay.exe
    7868 C:\Program Files\Real\RealPlayer\realplay.exe
    7700 C:\Program Files\Real\RealPlayer\realplay.exe
    6884 C:\Program Files\Real\RealPlayer\realplay.exe
    1096 C:\Program Files\Real\RealPlayer\realplay.exe
    5800 C:\Program Files\Real\RealPlayer\realplay.exe
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
    PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.ADJ
    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

    Done!
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Cool!

    Upload Dump Files:
    Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
    Left click on the first minidump file.
    Hold down the "Shift" key and left click on the last minidump file.
    Right click on the blue highlighted area and select "Send to"
    Select "Compressed (zipped) folder" and note where the folder is saved.
    Upload that .zip file with your next post.

    If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

    If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

    Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html
     
  25. Jeshman

    Jeshman TS Rookie Topic Starter Posts: 33

    Here is the attached minidump zip file.
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...