Solved Random audio and Google search PC infection

Status
Not open for further replies.

Jeshman

Posts: 33   +0
My computer at random is playing clips of sounds and I don't know where they are coming from. It seems to be slowing my computer down, and when I do a search on google it redirects me to pages that don't fit the search. I have run a scan with Microsoft Security Essentials and with Malwarebytes Anti-Malware. I fixed one trojan but the problem is still there. I also tried to do a system restore but that didn't work, it said it failed to complete it. What do I need to do to fix the problem? Or is there more information I need to give you?

Thanks
Jesh
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.
 
Here is the log from the malwarebytes scan. I also noticed that under the Quarantine tab I have 2 items one called Trojan.Agent.EX... and the other is PUP.Zugo. Should I delete thoes?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.18.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hal :: HAL-PC [administrator]
7/20/2012 10:23:54 AM
mbam-log-2012-07-20 (10-23-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256525
Time elapsed: 28 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Im having some problems so I will just post one log at a time. Sorry about that. The internet keeps locking up if I try to do more than one. This is 1 of 3

Thanks for your time.
Jesh

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/24/2007 1:36:08 AM
System Uptime: 7/20/2012 1:34:37 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 12.461 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.513 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
AcademicOnline Interactive Mathematics
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Encore DVD 1.0
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Illustrator CS
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro
Adobe Reader X (10.1.3)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art Deco Fonts, Version 4.0
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Bonjour
BufferChm
C3100
c3100_Help
Choice Guard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Connect
Copy
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Creative Audio Pack
Creative MediaSource 5
CustomerResearchQFolder
Dell Games
Dell Support Center
Dell System Customization Wizard
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
DolbyFiles
DVD Shrink 3.2
EarthLink Setup Files
eSupportQFolder
Fax
ffdshow (remove only)
Games, Music, & Photos Launcher
Google Desktop
Google SketchUp 6
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Product Assistant
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
kuler
Mah Jong Quest II
Mahjong Tales - Ancient Wisdom
Mahjong World
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Streets & Trips 2009
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
Movie Templates - Starter Kit
Mozilla ActiveX Control v1.7.12
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Netflix Movie Viewer
NetWaiting
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org Installer 1.0
PayPal Plug-In
PDF Settings CS4
PENTAX Raw Codec
Photoshop Camera Raw
Picasa 2
QuickBooks Pro 2008
QuickTime
RealArcade
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Scan
Screen Grab Pro
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
ShopAtHome.com Toolbar
Skype™ 5.9
SolutionCenter
Sonic Activation Module
Sound Blaster X-Fi
SoundTrax
Spelling Dictionaries Support For Adobe Reader 8
Spotify
StartNow Toolbar
Status
Suite Shared Configuration CS4
SupportSoft Assisted Service
ToneThis
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VideoLAN VLC media player 0.8.6f
Virtual Earth 3D (Beta)
Watchtower Library 2011 - English
Watchtower Library 2011 - español
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 6:21:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/20/2012 5:51:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/20/2012 12:59:47 PM, Error: EventLog [6008] - The previous system shutdown at 12:56:59 PM on 7/20/2012 was unexpected.
7/20/2012 1:38:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/20/2012 1:35:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C3100 series (Copy 1) with shared resource name . Error 1215. The printer cannot be used by others on the network.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/20/2012 1:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/20/2012 1:26:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/20/2012 1:26:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/20/2012 1:26:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/20/2012 1:24:12 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.
7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure.
7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
7/20/2012 1:24:11 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/20/2012 1:23:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/20/2012 1:23:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 1:21:34 PM, Error: EventLog [6008] - The previous system shutdown at 1:19:29 PM on 7/20/2012 was unexpected.
7/20/2012 1:18:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
7/20/2012 1:16:51 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:58 PM on 7/20/2012 was unexpected.
7/20/2012 1:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 1:05:00 PM on 7/20/2012 was unexpected.
7/19/2012 1:24:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.161.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80080005 Error description: Server execution failed
7/18/2012 7:57:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.53.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/18/2012 7:20:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:29 PM on 7/17/2012 was unexpected.
7/18/2012 11:15:14 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
7/18/2012 1:17:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/18/2012 1:17:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/18/2012 1:17:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/18/2012 1:13:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:11:54 PM on 7/18/2012 was unexpected.
.
==== End Of File ===========================
 
I am having problems with copy and paste functions. My internet keeps stopping and resetting every time I try to post. I'll keep trying.

Thanks for your time
Jesh
 
DDS Log #1

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Hal at 13:46:23 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.522 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.juno.com/start/sp.do?cf=www
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\hal\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Spotify] "c:\users\hal\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Spotify Web Helper] "c:\users\hal\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...DEwKzItRjEwTTEwRCsy"&"prod=92"&"ver=10.0.1204
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\hal\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUplden-us.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B22B405A-AA2D-4CBF-84EB-D18BC71B6026} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service;c:\program files\common files\creative labs shared\service\APLicensing.exe [2007-4-28 72704]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9d414ab8c82f8;Google Update Service (gupdate1c9d414ab8c82f8);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-13 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-13 133104]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-20 19:36:33 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{019d5955-f68b-4070-89e0-066d1e593efe}\mpengine.dll
2012-07-20 19:28:25 100864 ----a-w- C:\pwldipow.sys
2012-07-18 19:27:15 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-11 12:15:59 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-11 11:36:09 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:34:48 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-11 11:34:43 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-11 11:34:43 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-11 11:11:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 11:11:29 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 11:11:29 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 11:11:28 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 08:22:39 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 08:22:39 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 08:22:39 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 08:22:29 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 08:22:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:22:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:21:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:21:40 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-11 08:21:40 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-11 08:21:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:21:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:21:40 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-10 14:23:33 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-10 14:23:33 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-10 14:23:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-10 14:23:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-10 14:23:28 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-07-10 14:23:28 189952 ----a-w- c:\windows\system32\winmm.dll
2012-07-10 14:23:14 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-07-10 14:23:04 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-10 14:21:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-07-10 14:21:42 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-10 14:21:42 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-10 14:21:41 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-10 14:21:41 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-10 14:21:22 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-10 14:21:20 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-10 14:21:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-10 14:21:18 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-07-10 14:20:37 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-07-10 14:08:40 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-10 13:49:53 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 13:49:10 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 13:49:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 13:49:00 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 02:26:01 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-10 02:26:00 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-10 02:26:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-10 02:26:00 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-10 02:26:00 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-10 02:26:00 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-10 02:23:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-10 02:23:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-10 02:23:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-10 02:23:18 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-10 02:23:17 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-10 02:23:17 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 02:23:17 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-10 01:56:28 -------- d-----w- c:\windows\system32\eu-ES
2012-07-10 01:56:28 -------- d-----w- c:\windows\system32\ca-ES
2012-07-10 01:56:27 -------- d-----w- c:\windows\system32\vi-VN
2012-07-10 01:46:09 -------- d-----w- c:\windows\system32\SPReview
2012-07-10 01:13:22 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-07-10 01:13:01 57856 ----a-w- c:\windows\system32\compcln.exe
2012-07-10 01:01:55 93696 ----a-w- c:\windows\system32\eappgnui.dll
2012-07-10 01:00:59 883712 ----a-w- c:\windows\system32\IMJP10.IME
2012-07-10 00:59:57 558080 ----a-w- c:\windows\system32\sysmain.dll
2012-07-10 00:58:59 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-07-10 00:44:18 -------- d-----w- c:\windows\system32\EventProviders
2012-07-09 18:28:30 -------- d-----w- c:\users\hal\appdata\local\ElevatedDiagnostics
2012-07-04 04:19:25 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{51fd3e7c-6804-4c49-975c-e06d1799c958}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-18 19:07:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 19:07:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 02:25:59 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-10 02:23:23 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-07-10 01:54:05 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 01:54:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2009-12-17 23:53:40 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
.
============= FINISH: 13:50:02.88 ===============
 
DDS Log #2

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/24/2007 1:36:08 AM
System Uptime: 7/20/2012 1:34:37 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 12.461 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.513 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
AcademicOnline Interactive Mathematics
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Encore DVD 1.0
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Illustrator CS
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro
Adobe Reader X (10.1.3)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art Deco Fonts, Version 4.0
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Bonjour
BufferChm
C3100
c3100_Help
Choice Guard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Connect
Copy
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Creative Audio Pack
Creative MediaSource 5
CustomerResearchQFolder
Dell Games
Dell Support Center
Dell System Customization Wizard
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
DolbyFiles
DVD Shrink 3.2
EarthLink Setup Files
eSupportQFolder
Fax
ffdshow (remove only)
Games, Music, & Photos Launcher
Google Desktop
Google SketchUp 6
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Product Assistant
HP Solution Center 8.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
kuler
Mah Jong Quest II
Mahjong Tales - Ancient Wisdom
Mahjong World
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Streets & Trips 2009
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
Movie Templates - Starter Kit
Mozilla ActiveX Control v1.7.12
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
Netflix Movie Viewer
NetWaiting
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org Installer 1.0
PayPal Plug-In
PDF Settings CS4
PENTAX Raw Codec
Photoshop Camera Raw
Picasa 2
QuickBooks Pro 2008
QuickTime
RealArcade
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Scan
Screen Grab Pro
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
ShopAtHome.com Toolbar
Skype™ 5.9
SolutionCenter
Sonic Activation Module
Sound Blaster X-Fi
SoundTrax
Spelling Dictionaries Support For Adobe Reader 8
Spotify
StartNow Toolbar
Status
Suite Shared Configuration CS4
SupportSoft Assisted Service
ToneThis
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VideoLAN VLC media player 0.8.6f
Virtual Earth 3D (Beta)
Watchtower Library 2011 - English
Watchtower Library 2011 - español
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 6:21:48 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/20/2012 5:51:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/20/2012 12:59:47 PM, Error: EventLog [6008] - The previous system shutdown at 12:56:59 PM on 7/20/2012 was unexpected.
7/20/2012 1:38:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/20/2012 1:35:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C3100 series (Copy 1) with shared resource name . Error 1215. The printer cannot be used by others on the network.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2012 1:27:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2012 1:27:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/20/2012 1:27:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/20/2012 1:26:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/20/2012 1:26:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/20/2012 1:26:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/20/2012 1:26:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The TapiSrv service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/20/2012 1:24:12 PM, Error: Service Control Manager [7038] - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: A system shutdown is in progress. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/20/2012 1:24:12 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service did not start due to a logon failure.
7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not start due to a logon failure.
7/20/2012 1:24:12 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The service did not start due to a logon failure.
7/20/2012 1:24:11 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/20/2012 1:23:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
7/20/2012 1:23:05 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 1:21:34 PM, Error: EventLog [6008] - The previous system shutdown at 1:19:29 PM on 7/20/2012 was unexpected.
7/20/2012 1:18:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
7/20/2012 1:16:51 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:58 PM on 7/20/2012 was unexpected.
7/20/2012 1:06:31 PM, Error: EventLog [6008] - The previous system shutdown at 1:05:00 PM on 7/20/2012 was unexpected.
7/19/2012 1:24:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.161.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80080005 Error description: Server execution failed
7/18/2012 7:57:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.53.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/18/2012 7:20:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:29 PM on 7/17/2012 was unexpected.
7/18/2012 11:15:14 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
7/18/2012 1:17:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/18/2012 1:17:49 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/18/2012 1:17:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/18/2012 1:13:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:11:54 PM on 7/18/2012 was unexpected.
.
==== End Of File ===========================
 
GMER Log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-20 13:34:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.AD
Running: cfnpcnzy.exe; Driver: C:\Users\Hal\AppData\Local\Temp\pwldipow.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
 
Ok that should be all of the logs. Let me know if I need to do something esle.

Thanks for all of your time.
Jesh
 
Hi again!

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
Hi here is the scan log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 11:37:18
-----------------------------
11:37:18.458 OS Version: Windows 6.0.6002 Service Pack 2
11:37:18.458 Number of processors: 2 586 0x604
11:37:18.468 ComputerName: HAL-PC UserName: Hal
11:37:28.429 Initialize success
11:37:45.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:37:45.025 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
11:37:45.038 Disk 0 MBR read successfully
11:37:45.041 Disk 0 MBR scan
11:37:45.044 Disk 0 Windows VISTA default MBR code
11:37:45.047 Disk 0 MBR hidden
11:37:45.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:37:45.087 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
11:37:45.099 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
11:37:45.113 Disk 0 scanning sectors +312496128
11:37:45.166 Disk 0 scanning C:\Windows\system32\drivers
11:38:01.288 Service scanning
11:38:14.963 Service MpKslfd32894a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007F0FB0-563E-4F15-83DB-58147D3DC012}\MpKslfd32894a.sys **LOCKED** 32
11:38:35.623 Modules scanning
11:39:06.963 Disk 0 trace - called modules:
11:39:06.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8717f4b1]<<
11:39:06.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867feac8]
11:39:07.011 3 CLASSPNP.SYS[8859d8b3] -> nt!IofCallDriver -> [0x871e9030]
11:39:07.020 \Driver\iaStor[0x8714ff38] -> IRP_MJ_CREATE -> 0x8717f4b1
11:39:07.033 Scan finished successfully
11:41:22.569 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
11:41:23.310 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"
 
ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
Here is the Combofix log

ComboFix 12-07-21.01 - Hal 07/22/2012 22:24:04.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1561 [GMT -6:00]
Running from: c:\users\Hal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\ShOPathometoolbar.dll
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\ToOLbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\windows\system\CW3215.DLL
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 04:41 . 2012-07-23 04:42 -------- d-----w- c:\users\Hal\AppData\Local\temp
2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 03:57 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3205BF1C-B83C-498C-B1EA-23F94AA3D5C5}\mpengine.dll
2012-07-20 19:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 19:28 . 2012-07-20 19:28 100864 ----a-w- C:\pwldipow.sys
2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-11 11:36 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:34 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-11 11:34 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-11 11:34 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-11 11:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 11:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 11:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 11:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 08:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 08:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 08:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 08:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 08:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:21 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-11 08:21 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-11 08:21 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-10 14:23 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-10 14:23 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-10 14:23 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-10 14:23 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-10 14:23 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-07-10 14:23 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-07-10 14:23 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-07-10 14:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-10 14:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-10 14:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-10 14:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-10 14:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-10 14:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-10 14:21 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-10 14:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-10 14:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-10 14:21 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-10 14:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-07-10 14:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-10 13:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 13:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 13:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 13:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 13:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-10 13:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 13:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 13:49 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 13:49 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 02:26 . 2012-07-10 02:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-10 02:26 . 2012-07-10 02:26 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-10 02:26 . 2012-07-10 02:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-10 02:26 . 2012-07-10 02:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-10 02:26 . 2012-07-10 02:26 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-10 02:26 . 2012-07-10 02:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-10 02:23 . 2012-07-10 02:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-10 02:23 . 2012-07-10 02:23 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-10 02:23 . 2012-07-10 02:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-10 02:23 . 2012-07-10 02:23 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-10 02:23 . 2012-07-10 02:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-10 02:23 . 2012-07-10 02:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 02:23 . 2012-07-10 02:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\ca-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\eu-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\vi-VN
2012-07-10 01:46 . 2012-07-10 01:46 -------- d-----w- c:\windows\system32\SPReview
2012-07-10 01:13 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-07-10 01:13 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-07-10 01:01 . 2009-04-11 05:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-07-10 01:00 . 2009-04-11 05:28 378368 ----a-w- c:\windows\system32\imapi2.dll
2012-07-10 00:59 . 2009-04-11 05:28 558080 ----a-w- c:\windows\system32\sysmain.dll
2012-07-10 00:58 . 2009-04-11 05:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-07-10 00:44 . 2012-07-10 00:44 -------- d-----w- c:\windows\system32\EventProviders
2012-07-09 18:28 . 2012-07-09 18:28 -------- d-----w- c:\users\Hal\AppData\Local\ElevatedDiagnostics
2012-07-04 04:19 . 2012-02-10 16:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51FD3E7C-6804-4C49-975C-E06D1799C958}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 19:07 . 2012-04-03 14:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 19:07 . 2011-07-26 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-10 02:23 . 2012-07-10 02:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-10 01:54 . 2007-03-24 07:35 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 01:54 . 2007-03-24 07:35 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-03 19:46 . 2011-03-03 05:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 23:53 . 2009-12-17 23:34 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-07 39408]
"Spotify"="c:\users\Hal\AppData\Roaming\Spotify\Spotify.exe" [2012-06-09 9478320]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-09 932528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"CTXFIREG"="CTxfiReg.exe" [2006-11-28 44032]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-11-28 20480]
"CTHelper"="CTHELPER.EXE" [2006-11-28 19456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...VgyMDEwKzItRjEwTTEwRCsy&prod=92&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-11-28 28672]
.
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2643686760-567394002-1274692540-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000Core1cb6f1766cf05cd.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000UA.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
2012-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643686760-567394002-1274692540-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
HKLM-Run-NBAgent - c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
AddRemove-Artdeco_is1 - e:\art deco fonts\unins000.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 22:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,83,aa,c1,33,fc,4f,42,bb,d5,19,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(776)
c:\windows\system32\igfxsrvc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-07-22 22:52:19
ComboFix-quarantined-files.txt 2012-07-23 04:52
.
Pre-Run: 13,384,421,376 bytes free
Post-Run: 13,326,000,128 bytes free
.
- - End Of File - - CC86B282DC7B0EB541F567627095CB29
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Here is ESET Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c5f0c5c038de5544b9c4ea5a647b34df
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 04:56:16
# local_time=2012-07-23 10:56:16 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 44127704 44127704 0 0
# compatibility_mode=2561 16777214 0 14 89322063 89322063 0 0
# compatibility_mode=5892 16776574 100 100 0 179662043 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260726
# found=3
# cleaned=3
# scan_time=8062
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Those were only quarantined files, harmless.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
It seems to be running slow and when I do a search on google tool bar and hit return it gives me usless search info. But if I hit the search botton next to it I get good search results, but it redirects me to some other random search engine. For example when I hit return ...when I search for computer problems it gives me This...
  1. Welcome to Facebook - Log In, Sign Up or Learn More
    www.facebook.com
    Facebook is a social utility that connects people with friends and others who work, study and live around them. People use Facebook to keep up with friends, upload an ...
  2. F: Summary for Ford Motor Company Common Stock- Yahoo! Finance
    finance.yahoo.com/q?s=f
    View the basic F stock chart on Yahoo! Finance. Change the date range, chart type and compare Ford Motor Company Common Stock against other companies.
  3. F - Wikipedia, the free encyclopedia
    en.wikipedia.org/wiki/F
    F is the sixth letter in the ISO basic Latin alphabet. Proto-Semitic W Phoenician waw Etruscan V or W Greek Digamma Roman F The origin of f is the Semitic ...
 
I also have had problems with copy and paste. It just bogs down my computer. Sometimes I have to shut the screen and do it a few times and them I can paste. I have also had it go to a blue screen a few times when I was doing all the scans, that said a problem had been detected and windows had to shut down. It then restarted the computer. So far I haven't heard any audio noise, but I shut off the speakers because it was making me crazy. I have them on now, so I'll see if that problem is still there.
 
We'll get this taken care of...

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
Here is the log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 11:37:18
-----------------------------
11:37:18.458 OS Version: Windows 6.0.6002 Service Pack 2
11:37:18.458 Number of processors: 2 586 0x604
11:37:18.468 ComputerName: HAL-PC UserName: Hal
11:37:28.429 Initialize success
11:37:45.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:37:45.025 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
11:37:45.038 Disk 0 MBR read successfully
11:37:45.041 Disk 0 MBR scan
11:37:45.044 Disk 0 Windows VISTA default MBR code
11:37:45.047 Disk 0 MBR hidden
11:37:45.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:37:45.087 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
11:37:45.099 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
11:37:45.113 Disk 0 scanning sectors +312496128
11:37:45.166 Disk 0 scanning C:\Windows\system32\drivers
11:38:01.288 Service scanning
11:38:14.963 Service MpKslfd32894a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{007F0FB0-563E-4F15-83DB-58147D3DC012}\MpKslfd32894a.sys **LOCKED** 32
11:38:35.623 Modules scanning
11:39:06.963 Disk 0 trace - called modules:
11:39:06.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8717f4b1]<<
11:39:06.999 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867feac8]
11:39:07.011 3 CLASSPNP.SYS[8859d8b3] -> nt!IofCallDriver -> [0x871e9030]
11:39:07.020 \Driver\iaStor[0x8714ff38] -> IRP_MJ_CREATE -> 0x8717f4b1
11:39:07.033 Scan finished successfully
11:41:22.569 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
11:41:23.310 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 09:49:16
-----------------------------
09:49:16.153 OS Version: Windows 6.0.6002 Service Pack 2
09:49:16.153 Number of processors: 2 586 0x604
09:49:16.153 ComputerName: HAL-PC UserName: Hal
09:49:41.176 Initialize success
09:50:41.158 AVAST engine defs: 12072601
09:50:48.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:50:48.006 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
09:50:48.022 Disk 0 MBR read successfully
09:50:48.037 Disk 0 MBR scan
09:50:48.053 Disk 0 Windows VISTA default MBR code
09:50:48.053 Disk 0 MBR hidden
09:50:48.053 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:50:48.084 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
09:50:48.100 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
09:50:48.115 Disk 0 scanning sectors +312496128
09:50:48.193 Disk 0 scanning C:\Windows\system32\drivers
09:51:03.076 Service scanning
09:51:33.558 Modules scanning
09:51:37.770 Disk 0 trace - called modules:
09:51:37.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862954b1]<<
09:51:37.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8601e030]
09:51:37.801 3 CLASSPNP.SYS[8859f8b3] -> nt!IofCallDriver -> [0x85f9caf8]
09:51:37.801 \Driver\iaStor[0x8621f110] -> IRP_MJ_CREATE -> 0x862954b1
09:51:38.535 AVAST engine scan C:\Windows
09:51:43.542 AVAST engine scan C:\Windows\system32
09:55:35.311 AVAST engine scan C:\Windows\system32\drivers
09:55:50.662 AVAST engine scan C:\Users\Hal
10:07:43.223 AVAST engine scan C:\ProgramData
10:10:33.559 Scan finished successfully
10:24:00.391 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
10:24:00.423 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-26 11:04:59
-----------------------------
11:04:59.171 OS Version: Windows 6.0.6002 Service Pack 2
11:04:59.171 Number of processors: 2 586 0x604
11:04:59.171 ComputerName: HAL-PC UserName: Hal
11:05:00.777 Initialize success
11:05:10.262 AVAST engine defs: 12072601
11:05:19.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:05:19.731 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
11:05:19.763 Disk 0 MBR read successfully
11:05:19.763 Disk 0 MBR scan
11:05:19.794 Disk 0 Windows VISTA default MBR code
11:05:19.794 Disk 0 MBR hidden
11:05:19.825 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:05:19.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
11:05:19.934 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
11:05:19.981 Disk 0 scanning sectors +312496128
11:05:20.043 Disk 0 scanning C:\Windows\system32\drivers
11:06:01.602 Service scanning
11:06:33.630 Service MpKsld56dfd35 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{389BC1F9-63D1-4558-9188-74A346F0E83F}\MpKsld56dfd35.sys **LOCKED** 32
11:07:05.532 Modules scanning
11:07:51.006 Disk 0 trace - called modules:
11:07:51.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x870a54b1]<<
11:07:51.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672d228]
11:07:51.021 3 CLASSPNP.SYS[885a28b3] -> nt!IofCallDriver -> [0x87095030]
11:07:51.021 \Driver\iaStor[0x8702bf38] -> IRP_MJ_CREATE -> 0x870a54b1
11:07:52.160 AVAST engine scan C:\Windows
11:08:11.582 AVAST engine scan C:\Windows\system32
11:16:31.631 AVAST engine scan C:\Windows\system32\drivers
11:17:08.559 AVAST engine scan C:\Users\Hal
11:34:48.823 AVAST engine scan C:\ProgramData
11:39:36.514 Scan finished successfully
12:36:03.286 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
12:36:03.520 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"
 
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.
 
Here is the the MBRCheck log

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Dell DM061
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 164):
0x82407000 \SystemRoot\system32\ntkrnlpa.exe
0x827C1000 \SystemRoot\system32\hal.dll
0x87247000 \SystemRoot\system32\kdcom.dll
0x80404000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80474000 \SystemRoot\system32\PSHED.dll
0x80485000 \SystemRoot\system32\BOOTVID.dll
0x8048D000 \SystemRoot\system32\CLFS.SYS
0x804CE000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80717000 \SystemRoot\system32\drivers\volmgr.sys
0x80726000 \SystemRoot\System32\drivers\volmgrx.sys
0x80770000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A08000 \SystemRoot\system32\drivers\iastor.sys
0x82AC0000 \SystemRoot\system32\drivers\fltmgr.sys
0x82AF2000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B02000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x82B2A000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82B40000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B49000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C07000 \SystemRoot\system32\drivers\ndis.sys
0x82D12000 \SystemRoot\system32\drivers\msrpc.sys
0x82D3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E0F000 \SystemRoot\System32\drivers\tcpip.sys
0x82EFC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851D000 \SystemRoot\system32\drivers\volsnap.sys
0x88556000 \SystemRoot\System32\Drivers\spldr.sys
0x8855E000 \SystemRoot\System32\Drivers\mup.sys
0x8856D000 \SystemRoot\System32\drivers\ecache.sys
0x88594000 \SystemRoot\system32\drivers\disk.sys
0x885A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x885DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D207000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D832000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D8D2000 \SystemRoot\System32\drivers\watchdog.sys
0x8D8DE000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8D918000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D923000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D961000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D970000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8D9BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CE0E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CF11000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CFC5000 \SystemRoot\system32\drivers\modem.sys
0x82D78000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8CFD2000 \SystemRoot\system32\drivers\portcls.sys
0x82FCF000 \SystemRoot\system32\drivers\drmk.sys
0x82BBB000 \SystemRoot\system32\drivers\ctoss2k.sys
0x8CE00000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8CE08000 \SystemRoot\system32\drivers\pfc.sys
0x8CE0B000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8D9E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D200000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x80780000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x807AF000 \SystemRoot\system32\DRIVERS\storport.sys
0x88400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x805AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82FF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805C5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DC03000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DC18000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DC28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DC33000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DC3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DC40000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DC4A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DC57000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DC8C000 \SystemRoot\system32\drivers\ha20x2k.sys
0x8DDAB000 \SystemRoot\system32\drivers\emupia2k.sys
0x8DDDA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92209000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x92232000 \SystemRoot\system32\drivers\ctac32k.sys
0x922CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x922D7000 \SystemRoot\System32\Drivers\Null.SYS
0x922DE000 \SystemRoot\System32\Drivers\Beep.SYS
0x922E5000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x922F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x922FB000 \SystemRoot\System32\drivers\vga.sys
0x92307000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92328000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92330000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92338000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92343000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92351000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9235A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92370000 \SystemRoot\system32\DRIVERS\smb.sys
0x92384000 \SystemRoot\System32\DRIVERS\netbt.sys
0x923B6000 \SystemRoot\system32\drivers\afd.sys
0x92200000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9380A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x93820000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9382E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93841000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9387D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93887000 \SystemRoot\System32\Drivers\dfsc.sys
0x9389E000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x938B2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x938BF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93977000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x93980000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x93990000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93992000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9399B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x939B2000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x939BF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x939C9000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x939D6000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x8DDEB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93800000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x9A480000 \SystemRoot\System32\win32k.sys
0x885CF000 \SystemRoot\System32\drivers\Dxapi.sys
0x922EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82F17000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A6A0000 \SystemRoot\System32\TSDDD.dll
0x9A6C0000 \SystemRoot\System32\cdd.dll
0x9A6D0000 \SystemRoot\System32\ATMFD.DLL
0x82F26000 \SystemRoot\system32\drivers\luafv.sys
0x82F41000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x93809000 \SystemRoot\System32\DLA\DLADResM.SYS
0x82F4C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x939FB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x923FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x82F64000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x82F6B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x82F72000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x82F88000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB6A05000 \SystemRoot\system32\drivers\spsys.sys
0xB6AB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB6AC5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB6AD8000 \SystemRoot\system32\drivers\HTTP.sys
0xB6B45000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB6B62000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB6B7B000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB6B90000 \SystemRoot\system32\drivers\mrxdav.sys
0xB6BB1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8C09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB8C42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB8C5A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB8C82000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8CD1000 \SystemRoot\System32\Drivers\adfs.SYS
0xB8CE2000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
0xB8CE4000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB8D0C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8D10000 \SystemRoot\system32\drivers\peauth.sys
0xB8DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB6BD0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB6BDC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x82FAF000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB8DF8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xC5E0A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xC5E20000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xC5E22000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F73F1998-BF86-4489-B4E0-84EEE00FB6B8}\MpKsldaf2a6dc.sys
0x77000000 \Windows\System32\ntdll.dll
Processes (total 96):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
548 csrss.exe
592 C:\Windows\System32\wininit.exe
600 csrss.exe
636 C:\Windows\System32\services.exe
668 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
972 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1072 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1624 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\SLsvc.exe
1700 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\taskeng.exe
304 C:\Windows\System32\spoolsv.exe
344 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\taskeng.exe
1192 C:\Windows\System32\dwm.exe
1268 C:\Windows\explorer.exe
1900 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1984 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
1988 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1116 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1580 C:\Windows\System32\Ctxfihlp.exe
1440 C:\Windows\System32\CtHelper.exe
1360 C:\Windows\System32\hkcmd.exe
912 C:\Windows\System32\igfxpers.exe
2140 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2148 C:\Program Files\Citrix\ICA Client\concentr.exe
2176 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2184 C:\Program Files\Microsoft Security Client\msseces.exe
2208 C:\Program Files\iTunes\iTunesHelper.exe
2216 C:\Windows\ehome\ehtray.exe
2232 C:\Program Files\DellSupport\DSAgnt.exe
2240 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2256 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
2336 C:\Users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
2344 C:\Program Files\Windows Media Player\wmpnscfg.exe
2356 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2408 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2452 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2468 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2720 C:\Program Files\Bonjour\mDNSResponder.exe
2740 C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
2776 C:\Windows\System32\CTSVCCDA.EXE
2808 C:\Windows\System32\svchost.exe
2956 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3148 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
3192 C:\Windows\System32\svchost.exe
3276 C:\Windows\System32\IoctlSvc.exe
3320 C:\Windows\System32\svchost.exe
3336 C:\Windows\System32\svchost.exe
3372 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
3496 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
3572 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
3632 C:\Windows\ehome\ehmsas.exe
3660 C:\Windows\System32\svchost.exe
3716 C:\Windows\System32\svchost.exe
3852 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3904 C:\Windows\System32\SearchIndexer.exe
2320 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
2384 WUDFHost.exe
2332 C:\Windows\System32\CTxfispi.exe
2592 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
2940 C:\Windows\System32\drivers\XAudio.exe
2692 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3744 C:\Windows\System32\svchost.exe
4024 C:\Windows\System32\mobsync.exe
3204 C:\Program Files\Windows Media Player\wmpnetwk.exe
2104 C:\Program Files\iPod\bin\iPodService.exe
4484 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4536 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
5540 C:\Program Files\Internet Explorer\iexplore.exe
5696 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
7060 C:\Program Files\Internet Explorer\iexplore.exe
6000 MpCmdRun.exe
2168 C:\Windows\System32\igfxsrvc.exe
5932 C:\Users\Hal\Desktop\MBRCheck.exe
6196 C:\Program Files\Real\RealPlayer\realplay.exe
8160 C:\Program Files\Real\RealPlayer\realplay.exe
7992 C:\Program Files\Real\RealPlayer\realplay.exe
7708 C:\Program Files\Real\RealPlayer\realplay.exe
7868 C:\Program Files\Real\RealPlayer\realplay.exe
7700 C:\Program Files\Real\RealPlayer\realplay.exe
6884 C:\Program Files\Real\RealPlayer\realplay.exe
1096 C:\Program Files\Real\RealPlayer\realplay.exe
5800 C:\Program Files\Real\RealPlayer\realplay.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.ADJ
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!
 
Cool!

Upload Dump Files:
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend Windows Live SkyDrive - http://skydrive.live.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html
 
Status
Not open for further replies.
Back