Jump to content

fenderstr8

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey guys, I hope everything is going good for you. I've come here seeking help, and if that is what youc ould give me, I would be very thankful. Very thankful indeed. So.. It seems that I have a "keylogger" I think? Each time I try to load malwarebytes, my internet explorer is shut down and a fake security program pops up saying I need to buy a full version. Lame. Here are my DDS and attach logs.. ALSO- When I downloaded DDS lods, a process started on my computer trying to block it and its name was "DDS- doesn't do squat" Again, thankyou for your time. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Justin at 11:21:25 on 2012-01-06 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1069 [GMT -6:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\sminst\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Users\Justin\AppData\Local\nbh.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ultimate-guitar.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [smad] "c:\users\justin\appdata\local\sanctionedmedia\smad\Smad.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{2716854E-5911-48C6-8E26-F8A9E4327EDF} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{3B0B8D85-1C6B-48C0-AB03-0AC16FD08B7D} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{96BA9D17-95F0-47BD-913A-D03F0E98782F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-28 632048] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-9-3 836384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-28 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-28 136176] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .exe=1H . =============== Created Last 30 ================ . 2012-01-06 16:39:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89409a03-7dba-4394-ad2b-43a7811c8815}\offreg.dll 2012-01-06 02:46:50 279040 ----a-w- c:\users\justin\appdata\local\nbh.exe 2012-01-06 02:46:50 279040 ----a-w- c:\users\justin\appdata\local\dfg.exe 2012-01-06 02:46:44 -------- d-----w- c:\users\justin\appdata\local\SanctionedMedia . ==================== Find3M ==================== . . ============= FINISH: 11:21:56.97 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 5/28/2009 12:22:30 PM System Uptime: 1/6/2012 10:38:53 AM (1 hours ago) . Motherboard: Dell Inc. | | 0G679R Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 172.007 GiB free. D: is FIXED (NTFS) - 15 GiB total, 8.045 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer AccuChef Acrobat.com Adobe Acrobat 8 Professional Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 All In Poker Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.9 (Unicode) Bodog Poker Bonjour Choice Guard Cisco Connect Compatibility Pack for the 2007 Office system Dell-eBay Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) DELL0703 ESET Online Scanner v3 FeltStars FL Studio 9 Google Chrome Google Earth Google Update Helper GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential HP Update HPSSupply IL Download Manager Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 11 Junk Mail filter update Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 PoiZone Poker4ever PowerDVD PWB 1.0 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Sakura SanctionedMedia Sawer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 12/30/2011 12:01:33 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{96BA9D17-95F0-47BD-913A-D03F0E98782F} because another computer on the network has the same name. The server could not start. 12/30/2011 12:01:33 PM, Error: netbt [4321] - The name "KARAN-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer. 12/30/2011 12:01:33 PM, Error: netbt [4321] - The name "KARAN-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.104 did not allow the name to be claimed by this computer. 12/30/2011 12:01:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:50 AM on 12/27/2011 was unexpected. 1/6/2012 11:18:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/6/2012 10:40:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL 1/6/2012 10:40:53 AM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied. 1/6/2012 10:39:21 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 1/5/2012 9:08:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Guest SID (S-1-5-21-1754434431-1100600640-2589103612-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/5/2012 8:51:06 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 1/5/2012 5:32:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/5/2012 5:11:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} . ==== End Of File ===========================
  2. Thankyou for responding to my post! Much thanks indeed. here is the TDS- 17:13:38.0965 5784 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24 17:13:39.0394 5784 ============================================================ 17:13:39.0394 5784 Current date / time: 2011/10/14 17:13:39.0394 17:13:39.0394 5784 SystemInfo: 17:13:39.0394 5784 17:13:39.0394 5784 OS Version: 6.0.6002 ServicePack: 2.0 17:13:39.0394 5784 Product type: Workstation 17:13:39.0394 5784 ComputerName: KARAN-PC 17:13:39.0394 5784 UserName: Justin 17:13:39.0394 5784 Windows directory: C:\Windows 17:13:39.0394 5784 System windows directory: C:\Windows 17:13:39.0394 5784 Processor architecture: Intel x86 17:13:39.0394 5784 Number of processors: 2 17:13:39.0394 5784 Page size: 0x1000 17:13:39.0394 5784 Boot type: Normal boot 17:13:39.0394 5784 ============================================================ 17:13:40.0712 5784 Initialize success 17:14:00.0211 5376 ============================================================ 17:14:00.0211 5376 Scan started 17:14:00.0211 5376 Mode: Manual; 17:14:00.0211 5376 ============================================================ 17:14:01.0819 5376 2340f1bc (b58859b92ef15a251d22488e9e5412a6) C:\Windows\3169927203:3703508547.exe 17:14:01.0819 5376 Suspicious file (Hidden): C:\Windows\3169927203:3703508547.exe. md5: b58859b92ef15a251d22488e9e5412a6 17:14:01.0820 5376 2340f1bc ( HiddenFile.Multi.Generic ) - warning 17:14:01.0820 5376 2340f1bc - detected HiddenFile.Multi.Generic (1) 17:14:01.0875 5376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 17:14:01.0880 5376 ACPI - ok 17:14:01.0917 5376 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 17:14:01.0924 5376 adp94xx - ok 17:14:01.0958 5376 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 17:14:01.0965 5376 adpahci - ok 17:14:01.0984 5376 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 17:14:01.0987 5376 adpu160m - ok 17:14:02.0002 5376 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 17:14:02.0006 5376 adpu320 - ok 17:14:02.0062 5376 AE1000 (5efe06456dbc5cd87cadc42af8d31cd9) C:\Windows\system32\DRIVERS\ae1000va.sys 17:14:02.0075 5376 AE1000 - ok 17:14:02.0149 5376 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 17:14:02.0154 5376 AFD - ok 17:14:02.0224 5376 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 17:14:02.0226 5376 agp440 - ok 17:14:02.0279 5376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 17:14:02.0282 5376 aic78xx - ok 17:14:02.0299 5376 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 17:14:02.0301 5376 aliide - ok 17:14:02.0318 5376 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 17:14:02.0320 5376 amdagp - ok 17:14:02.0336 5376 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 17:14:02.0338 5376 amdide - ok 17:14:02.0355 5376 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 17:14:02.0357 5376 AmdK7 - ok 17:14:02.0369 5376 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 17:14:02.0371 5376 AmdK8 - ok 17:14:02.0408 5376 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 17:14:02.0411 5376 arc - ok 17:14:02.0433 5376 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 17:14:02.0435 5376 arcsas - ok 17:14:02.0457 5376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 17:14:02.0459 5376 AsyncMac - ok 17:14:02.0487 5376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 17:14:02.0487 5376 atapi - ok 17:14:02.0521 5376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 17:14:02.0523 5376 Beep - ok 17:14:02.0556 5376 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 17:14:02.0558 5376 blbdrive - ok 17:14:02.0606 5376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 17:14:02.0609 5376 bowser - ok 17:14:02.0625 5376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 17:14:02.0626 5376 BrFiltLo - ok 17:14:02.0639 5376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 17:14:02.0641 5376 BrFiltUp - ok 17:14:02.0676 5376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 17:14:02.0678 5376 Brserid - ok 17:14:02.0694 5376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 17:14:02.0696 5376 BrSerWdm - ok 17:14:02.0713 5376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 17:14:02.0715 5376 BrUsbMdm - ok 17:14:02.0725 5376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 17:14:02.0726 5376 BrUsbSer - ok 17:14:02.0752 5376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 17:14:02.0754 5376 BTHMODEM - ok 17:14:02.0785 5376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 17:14:02.0787 5376 cdfs - ok 17:14:02.0813 5376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 17:14:02.0815 5376 cdrom - ok 17:14:02.0838 5376 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 17:14:02.0840 5376 circlass - ok 17:14:02.0887 5376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 17:14:02.0891 5376 CLFS - ok 17:14:02.0922 5376 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 17:14:02.0924 5376 cmdide - ok 17:14:02.0933 5376 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys 17:14:02.0942 5376 Compbatt - ok 17:14:02.0954 5376 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 17:14:02.0959 5376 crcdisk - ok 17:14:02.0983 5376 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 17:14:02.0985 5376 Crusoe - ok 17:14:03.0067 5376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 17:14:03.0069 5376 disk - ok 17:14:03.0125 5376 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 17:14:03.0128 5376 Dot4 - ok 17:14:03.0149 5376 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:14:03.0151 5376 Dot4Print - ok 17:14:03.0174 5376 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 17:14:03.0176 5376 dot4usb - ok 17:14:03.0215 5376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 17:14:03.0217 5376 drmkaud - ok 17:14:03.0335 5376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 17:14:03.0347 5376 DXGKrnl - ok 17:14:03.0392 5376 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys 17:14:03.0396 5376 e1express - ok 17:14:03.0427 5376 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 17:14:03.0430 5376 E1G60 - ok 17:14:03.0483 5376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 17:14:03.0520 5376 Ecache - ok 17:14:03.0562 5376 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 17:14:03.0568 5376 elxstor - ok 17:14:03.0589 5376 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys 17:14:03.0591 5376 ErrDev - ok 17:14:03.0649 5376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 17:14:03.0678 5376 exfat - ok 17:14:03.0722 5376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 17:14:03.0728 5376 fastfat - ok 17:14:03.0743 5376 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 17:14:03.0744 5376 fdc - ok 17:14:03.0772 5376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 17:14:03.0774 5376 FileInfo - ok 17:14:03.0790 5376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 17:14:03.0791 5376 Filetrace - ok 17:14:03.0809 5376 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 17:14:03.0811 5376 flpydisk - ok 17:14:03.0852 5376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 17:14:03.0856 5376 FltMgr - ok 17:14:03.0900 5376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 17:14:03.0902 5376 Fs_Rec - ok 17:14:03.0921 5376 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 17:14:03.0923 5376 gagp30kx - ok 17:14:03.0953 5376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:14:03.0955 5376 GEARAspiWDM - ok 17:14:04.0048 5376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:14:04.0057 5376 HDAudBus - ok 17:14:04.0092 5376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 17:14:04.0095 5376 HidBth - ok 17:14:04.0109 5376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 17:14:04.0111 5376 HidIr - ok 17:14:04.0129 5376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 17:14:04.0130 5376 HidUsb - ok 17:14:04.0151 5376 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 17:14:04.0153 5376 HpCISSs - ok 17:14:04.0262 5376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 17:14:04.0298 5376 HTTP - ok 17:14:04.0316 5376 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 17:14:04.0318 5376 i2omp - ok 17:14:04.0346 5376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 17:14:04.0348 5376 i8042prt - ok 17:14:04.0385 5376 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 17:14:04.0390 5376 iaStor - ok 17:14:04.0411 5376 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 17:14:04.0416 5376 iaStorV - ok 17:14:04.0493 5376 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:14:04.0532 5376 igfx - ok 17:14:04.0547 5376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 17:14:04.0549 5376 iirsp - ok 17:14:04.0625 5376 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys 17:14:04.0667 5376 IntcAzAudAddService - ok 17:14:04.0694 5376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 17:14:04.0696 5376 intelide - ok 17:14:04.0722 5376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 17:14:04.0724 5376 intelppm - ok 17:14:04.0745 5376 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:14:04.0747 5376 IpFilterDriver - ok 17:14:04.0759 5376 IpInIp - ok 17:14:04.0777 5376 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 17:14:04.0780 5376 IPMIDRV - ok 17:14:04.0793 5376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 17:14:04.0797 5376 IPNAT - ok 17:14:04.0822 5376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 17:14:04.0825 5376 IRENUM - ok 17:14:04.0839 5376 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 17:14:04.0841 5376 isapnp - ok 17:14:04.0868 5376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 17:14:04.0871 5376 iScsiPrt - ok 17:14:04.0884 5376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 17:14:04.0885 5376 iteatapi - ok 17:14:04.0913 5376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 17:14:04.0914 5376 iteraid - ok 17:14:04.0929 5376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 17:14:04.0930 5376 kbdclass - ok 17:14:04.0958 5376 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 17:14:04.0959 5376 kbdhid - ok 17:14:04.0985 5376 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 17:14:04.0991 5376 KSecDD - ok 17:14:05.0051 5376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 17:14:05.0055 5376 lltdio - ok 17:14:05.0089 5376 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 17:14:05.0091 5376 LSI_FC - ok 17:14:05.0132 5376 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 17:14:05.0134 5376 LSI_SAS - ok 17:14:05.0150 5376 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 17:14:05.0152 5376 LSI_SCSI - ok 17:14:05.0168 5376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 17:14:05.0170 5376 luafv - ok 17:14:05.0202 5376 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 17:14:05.0203 5376 megasas - ok 17:14:05.0234 5376 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 17:14:05.0239 5376 MegaSR - ok 17:14:05.0259 5376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 17:14:05.0260 5376 Modem - ok 17:14:05.0276 5376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 17:14:05.0278 5376 monitor - ok 17:14:05.0295 5376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 17:14:05.0297 5376 mouclass - ok 17:14:05.0305 5376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 17:14:05.0306 5376 mouhid - ok 17:14:05.0327 5376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 17:14:05.0329 5376 MountMgr - ok 17:14:05.0355 5376 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 17:14:05.0358 5376 mpio - ok 17:14:05.0372 5376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 17:14:05.0374 5376 mpsdrv - ok 17:14:05.0392 5376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 17:14:05.0393 5376 Mraid35x - ok 17:14:05.0429 5376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 17:14:05.0431 5376 MRxDAV - ok 17:14:05.0485 5376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:14:05.0487 5376 mrxsmb - ok 17:14:05.0516 5376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:14:05.0519 5376 mrxsmb10 - ok 17:14:05.0546 5376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:14:05.0548 5376 mrxsmb20 - ok 17:14:05.0577 5376 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 17:14:05.0578 5376 msahci - ok 17:14:05.0593 5376 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 17:14:05.0595 5376 msdsm - ok 17:14:05.0627 5376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 17:14:05.0629 5376 Msfs - ok 17:14:05.0660 5376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 17:14:05.0662 5376 msisadrv - ok 17:14:05.0687 5376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 17:14:05.0688 5376 MSKSSRV - ok 17:14:05.0707 5376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 17:14:05.0708 5376 MSPCLOCK - ok 17:14:05.0723 5376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 17:14:05.0724 5376 MSPQM - ok 17:14:05.0759 5376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 17:14:05.0762 5376 MsRPC - ok 17:14:05.0777 5376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 17:14:05.0779 5376 mssmbios - ok 17:14:05.0795 5376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 17:14:05.0797 5376 MSTEE - ok 17:14:05.0815 5376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 17:14:05.0817 5376 Mup - ok 17:14:05.0867 5376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 17:14:05.0870 5376 NativeWifiP - ok 17:14:05.0925 5376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 17:14:05.0934 5376 NDIS - ok 17:14:05.0955 5376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 17:14:05.0956 5376 NdisTapi - ok 17:14:05.0970 5376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 17:14:05.0972 5376 Ndisuio - ok 17:14:06.0017 5376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:14:06.0020 5376 NdisWan - ok 17:14:06.0075 5376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 17:14:06.0081 5376 NDProxy - ok 17:14:06.0141 5376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 17:14:06.0143 5376 NetBIOS - ok 17:14:06.0188 5376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 17:14:06.0192 5376 netbt - ok 17:14:06.0246 5376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 17:14:06.0249 5376 nfrd960 - ok 17:14:06.0296 5376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 17:14:06.0297 5376 Npfs - ok 17:14:06.0313 5376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 17:14:06.0314 5376 nsiproxy - ok 17:14:06.0369 5376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 17:14:06.0394 5376 Ntfs - ok 17:14:06.0420 5376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 17:14:06.0422 5376 ntrigdigi - ok 17:14:06.0437 5376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 17:14:06.0439 5376 Null - ok 17:14:06.0464 5376 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 17:14:06.0467 5376 nvraid - ok 17:14:06.0483 5376 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 17:14:06.0487 5376 nvstor - ok 17:14:06.0508 5376 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 17:14:06.0510 5376 nv_agp - ok 17:14:06.0520 5376 NwlnkFlt - ok 17:14:06.0529 5376 NwlnkFwd - ok 17:14:06.0563 5376 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 17:14:06.0565 5376 ohci1394 - ok 17:14:06.0592 5376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 17:14:06.0595 5376 Parport - ok 17:14:06.0620 5376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 17:14:06.0621 5376 partmgr - ok 17:14:06.0639 5376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 17:14:06.0641 5376 Parvdm - ok 17:14:06.0722 5376 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms 17:14:06.0748 5376 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok 17:14:06.0799 5376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 17:14:06.0802 5376 pci - ok 17:14:06.0833 5376 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 17:14:06.0835 5376 pciide - ok 17:14:06.0861 5376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 17:14:06.0864 5376 pcmcia - ok 17:14:06.0906 5376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 17:14:06.0918 5376 PEAUTH - ok 17:14:07.0003 5376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 17:14:07.0005 5376 PptpMiniport - ok 17:14:07.0023 5376 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 17:14:07.0025 5376 Processor - ok 17:14:07.0084 5376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 17:14:07.0086 5376 PSched - ok 17:14:07.0117 5376 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 17:14:07.0119 5376 PxHelp20 - ok 17:14:07.0163 5376 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 17:14:07.0189 5376 ql2300 - ok 17:14:07.0216 5376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 17:14:07.0218 5376 ql40xx - ok 17:14:07.0235 5376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 17:14:07.0237 5376 QWAVEdrv - ok 17:14:07.0306 5376 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 17:14:07.0348 5376 R300 - ok 17:14:07.0358 5376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 17:14:07.0360 5376 RasAcd - ok 17:14:07.0399 5376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:14:07.0402 5376 Rasl2tp - ok 17:14:07.0445 5376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 17:14:07.0447 5376 RasPppoe - ok 17:14:07.0486 5376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 17:14:07.0488 5376 RasSstp - ok 17:14:07.0529 5376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 17:14:07.0534 5376 rdbss - ok 17:14:07.0544 5376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:14:07.0545 5376 RDPCDD - ok 17:14:07.0573 5376 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 17:14:07.0577 5376 rdpdr - ok 17:14:07.0587 5376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 17:14:07.0589 5376 RDPENCDD - ok 17:14:07.0638 5376 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 17:14:07.0641 5376 RDPWD - ok 17:14:07.0670 5376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 17:14:07.0672 5376 rspndr - ok 17:14:07.0763 5376 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS 17:14:07.0765 5376 SASDIFSV - ok 17:14:07.0798 5376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS 17:14:07.0800 5376 SASKUTIL - ok 17:14:07.0839 5376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 17:14:07.0843 5376 sbp2port - ok 17:14:07.0901 5376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:14:07.0903 5376 secdrv - ok 17:14:07.0925 5376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 17:14:07.0927 5376 Serenum - ok 17:14:07.0943 5376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 17:14:07.0946 5376 Serial - ok 17:14:07.0960 5376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 17:14:07.0962 5376 sermouse - ok 17:14:07.0998 5376 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 17:14:08.0000 5376 sffdisk - ok 17:14:08.0013 5376 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 17:14:08.0015 5376 sffp_mmc - ok 17:14:08.0034 5376 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 17:14:08.0036 5376 sffp_sd - ok 17:14:08.0047 5376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 17:14:08.0050 5376 sfloppy - ok 17:14:08.0074 5376 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 17:14:08.0076 5376 sisagp - ok 17:14:08.0096 5376 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 17:14:08.0098 5376 SiSRaid2 - ok 17:14:08.0112 5376 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 17:14:08.0115 5376 SiSRaid4 - ok 17:14:08.0154 5376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 17:14:08.0157 5376 Smb - ok 17:14:08.0183 5376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 17:14:08.0185 5376 spldr - ok 17:14:08.0225 5376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 17:14:08.0230 5376 srv - ok 17:14:08.0284 5376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 17:14:08.0287 5376 srv2 - ok 17:14:08.0298 5376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 17:14:08.0301 5376 srvnet - ok 17:14:08.0344 5376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 17:14:08.0346 5376 swenum - ok 17:14:08.0363 5376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 17:14:08.0365 5376 Symc8xx - ok 17:14:08.0381 5376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 17:14:08.0383 5376 Sym_hi - ok 17:14:08.0395 5376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 17:14:08.0397 5376 Sym_u3 - ok 17:14:08.0451 5376 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 17:14:08.0464 5376 Tcpip - ok 17:14:08.0482 5376 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 17:14:08.0489 5376 Tcpip6 - ok 17:14:08.0540 5376 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 17:14:08.0541 5376 tcpipreg - ok 17:14:08.0551 5376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 17:14:08.0553 5376 TDPIPE - ok 17:14:08.0569 5376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 17:14:08.0570 5376 TDTCP - ok 17:14:08.0607 5376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 17:14:08.0609 5376 tdx - ok 17:14:08.0629 5376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 17:14:08.0631 5376 TermDD - ok 17:14:08.0658 5376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:14:08.0660 5376 tssecsrv - ok 17:14:08.0689 5376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 17:14:08.0691 5376 tunmp - ok 17:14:08.0736 5376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 17:14:08.0737 5376 tunnel - ok 17:14:08.0750 5376 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 17:14:08.0752 5376 uagp35 - ok 17:14:08.0768 5376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 17:14:08.0772 5376 udfs - ok 17:14:08.0795 5376 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 17:14:08.0797 5376 uliagpkx - ok 17:14:08.0811 5376 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 17:14:08.0814 5376 uliahci - ok 17:14:08.0829 5376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 17:14:08.0832 5376 UlSata - ok 17:14:08.0847 5376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 17:14:08.0850 5376 ulsata2 - ok 17:14:08.0866 5376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 17:14:08.0867 5376 umbus - ok 17:14:08.0924 5376 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys 17:14:08.0925 5376 USBAAPL - ok 17:14:08.0948 5376 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 17:14:08.0950 5376 usbaudio - ok 17:14:08.0986 5376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 17:14:08.0988 5376 usbccgp - ok 17:14:09.0007 5376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 17:14:09.0009 5376 usbcir - ok 17:14:09.0030 5376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 17:14:09.0031 5376 usbehci - ok 17:14:09.0066 5376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 17:14:09.0070 5376 usbhub - ok 17:14:09.0082 5376 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 17:14:09.0084 5376 usbohci - ok 17:14:09.0108 5376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 17:14:09.0110 5376 usbprint - ok 17:14:09.0133 5376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 17:14:09.0135 5376 usbscan - ok 17:14:09.0151 5376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:14:09.0153 5376 USBSTOR - ok 17:14:09.0168 5376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 17:14:09.0169 5376 usbuhci - ok 17:14:09.0189 5376 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 17:14:09.0190 5376 vga - ok 17:14:09.0208 5376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 17:14:09.0209 5376 VgaSave - ok 17:14:09.0228 5376 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 17:14:09.0230 5376 viaagp - ok 17:14:09.0249 5376 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 17:14:09.0251 5376 ViaC7 - ok 17:14:09.0262 5376 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 17:14:09.0264 5376 viaide - ok 17:14:09.0280 5376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 17:14:09.0282 5376 volmgr - ok 17:14:09.0331 5376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 17:14:09.0335 5376 volmgrx - ok 17:14:09.0364 5376 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 17:14:09.0368 5376 volsnap - ok 17:14:09.0396 5376 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 17:14:09.0399 5376 vsmraid - ok 17:14:09.0451 5376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 17:14:09.0453 5376 WacomPen - ok 17:14:09.0472 5376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:14:09.0474 5376 Wanarp - ok 17:14:09.0484 5376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:14:09.0485 5376 Wanarpv6 - ok 17:14:09.0512 5376 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 17:14:09.0514 5376 Wd - ok 17:14:09.0533 5376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 17:14:09.0541 5376 Wdf01000 - ok 17:14:09.0598 5376 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys 17:14:09.0600 5376 WmiAcpi - ok 17:14:09.0650 5376 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 17:14:09.0651 5376 WpdUsb - ok 17:14:09.0677 5376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 17:14:09.0679 5376 ws2ifsl - ok 17:14:09.0714 5376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:14:09.0716 5376 WUDFRd - ok 17:14:09.0754 5376 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0 17:14:09.0768 5376 \Device\Harddisk0\DR0 - ok 17:14:09.0785 5376 Boot (0x1200) (4ca8d0e4a3dc032e20ea5445404e0d43) \Device\Harddisk0\DR0\Partition0 17:14:09.0786 5376 \Device\Harddisk0\DR0\Partition0 - ok 17:14:09.0790 5376 Boot (0x1200) (5e41560e0b6f991bb006d92f56ea2e83) \Device\Harddisk0\DR0\Partition1 17:14:09.0790 5376 \Device\Harddisk0\DR0\Partition1 - ok 17:14:09.0792 5376 ============================================================ 17:14:09.0792 5376 Scan finished 17:14:09.0792 5376 ============================================================ 17:14:09.0805 4996 Detected object count: 1 17:14:09.0805 4996 Actual detected object count: 1 17:14:34.0514 4996 HKLM\SYSTEM\ControlSet001\services\2340f1bc - will be deleted on reboot 17:14:34.0538 4996 HKLM\SYSTEM\ControlSet003\services\2340f1bc - will be deleted on reboot 17:14:34.0549 4996 C:\Windows\3169927203:3703508547.exe - will be deleted on reboot 17:14:34.0549 4996 2340f1bc ( HiddenFile.Multi.Generic ) - User select action: Delete 17:14:37.0977 4656 Deinitialize success Malwarebytes scan- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7949 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 10/14/2011 5:41:17 PM mbam-log-2011-10-14 (17-41-17).txt Scan type: Quick scan Objects scanned: 209870 Time elapsed: 7 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 5 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\Users\Justin\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot. c:\Users\Justin\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot. c:\programdata\mousetrayverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot. c:\Users\Justin\AppData\Local\CPN\cpnupdate\cpnupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PartyGaming Update (Trojan.SHarpro) -> Value: PartyGaming Update -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseTrayVerifier (Trojan.SHarpro.PGen) -> Value: MouseTrayVerifier -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-402243691 (Trojan.Agent.Gen) -> Value: -402243691 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Update (Trojan.SHarpro.PGen) -> Value: Adobe Update -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Justin\AppData\Local\Temp\0.7085036367719241.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully. c:\Users\Justin\AppData\Local\Temp\etjykapfuk (Trojan.Exploit.Drop) -> Quarantined and deleted successfully. c:\Users\Justin\AppData\Local\Temp\oMIHV2.exe (PUP.Casino) -> Not selected for removal. c:\Users\Justin\AppData\Local\Temp\aWcAIH.exe (PUP.Casino) -> Not selected for removal. c:\Users\Justin\AppData\Local\Temp\M5jTx.exe (PUP.Casino) -> Not selected for removal. c:\Users\Justin\AppData\Local\Temp\thpm2208490689554551235.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully. c:\Users\Justin\local settings\application data\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot. c:\Users\Justin\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot. c:\Users\Justin\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot. c:\Users\Justin\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot. c:\programdata\mousetrayverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot. c:\Users\Justin\AppData\Local\Temp\jucheck.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\Users\Justin\AppData\Local\CPN\cpnupdate\cpnupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot. Ok, this is Combofix. Im not sure if this is the right log or not. I closed the log after it popped up immediately following the scan completetion, and reopened what I think is the log. If its not,I'll do the scan again and get it right off the bat. ComboFix 11-10-14.04 - Justin 10/14/2011 19:08:43.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1364 [GMT -5:00] Running from: c:\users\Justin\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\5yboNX6.jpg c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\kMYln3.jpg c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\mbYx7.jpg c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\oaB87.jpg c:\users\Justin\AppData\Roaming\Adobe\plugs c:\users\Justin\AppData\Roaming\Adobe\shed c:\windows\$NtUninstallKB11523$ c:\windows\$NtUninstallKB11523$\3394396455 c:\windows\$NtUninstallKB11523$\591458748\@ c:\windows\$NtUninstallKB11523$\591458748\bckfg.tmp c:\windows\$NtUninstallKB11523$\591458748\cfg.ini c:\windows\$NtUninstallKB11523$\591458748\Desktop.ini c:\windows\$NtUninstallKB11523$\591458748\keywords c:\windows\$NtUninstallKB11523$\591458748\kwrd.dll c:\windows\$NtUninstallKB11523$\591458748\L\qnbwvoto c:\windows\$NtUninstallKB11523$\591458748\lsflt7.ver c:\windows\$NtUninstallKB11523$\591458748\U\00000001.@ c:\windows\$NtUninstallKB11523$\591458748\U\00000002.@ c:\windows\$NtUninstallKB11523$\591458748\U\80000000.@ c:\windows\$NtUninstallKB11523$\591458748\U\80000032.@ D:\AUTORUN.INF . . ((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 ))))))))))))))))))))))))))))))) . . 2011-10-15 00:15 . 2011-10-15 00:16 -------- d-----w- c:\users\Justin\AppData\Local\temp 2011-10-15 00:15 . 2011-10-15 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-15 00:15 . 2011-10-15 00:15 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-10-14 22:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-14 06:43 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89409A03-7DBA-4394-AD2B-43A7811C8815}\mpengine.dll 2011-10-13 19:20 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 19:19 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-10-13 19:19 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 19:19 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 19:19 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-13 19:19 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-13 19:19 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-13 19:19 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 19:19 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 19:19 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-07 03:58 . 2011-10-07 03:58 -------- d-----w- c:\program files\ESET 2011-10-07 03:31 . 2011-10-14 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-07 02:32 . 2011-10-07 02:32 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp 2011-10-07 02:26 . 2011-10-07 02:53 -------- d-----w- c:\program files\Real . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 02:26 . 2009-05-28 22:36 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-10-07 02:26 . 2009-05-28 22:36 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-19 17:51 . 2011-08-19 17:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-05-28 22:36 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2006-10-23 04:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online] 2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 136176] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 SASDIFSV;SASDIFSV;c:\users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [2010-03-23 836384] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 05:33] . 2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 05:33] . 2011-10-15 c:\windows\Tasks\User_Feed_Synchronization-{BCD50305-EF4F-4775-A6D9-B3B445F6300E}.job - c:\windows\system32\msfeedssync.exe [2011-04-11 20:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ultimate-guitar.com/ IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-CPN Notifier - c:\program files\All In Poker\PokerNotifier.exe HKCU-Run-MouseTrayVerifier - c:\programdata\MouseTrayVerifier.dll SafeBoot-94919667.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-14 19:16 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . Completion time: 2011-10-14 19:18:01 ComboFix-quarantined-files.txt 2011-10-15 00:17 . Pre-Run: 206,713,638,912 bytes free Post-Run: 208,050,495,488 bytes free . - - End Of File - - 3D6B7C83CE2A134CA98AA240A8DFE110 New dds DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Justin at 19:43:26 on 2011-10-14 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.829 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\sminst\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ultimate-guitar.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{2716854E-5911-48C6-8E26-F8A9E4327EDF} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{3B0B8D85-1C6B-48C0-AB03-0AC16FD08B7D} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{96BA9D17-95F0-47BD-913A-D03F0E98782F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-28 632048] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-9-3 836384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-10-15 00:20:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89409a03-7dba-4394-ad2b-43a7811c8815}\offreg.dll 2011-10-15 00:18:05 -------- d-sh--w- C:\$RECYCLE.BIN 2011-10-15 00:18:03 -------- d-----w- c:\users\justin\appdata\local\temp 2011-10-14 22:50:56 98816 ----a-w- c:\windows\sed.exe 2011-10-14 22:50:56 518144 ----a-w- c:\windows\SWREG.exe 2011-10-14 22:50:56 256000 ----a-w- c:\windows\PEV.exe 2011-10-14 22:50:56 208896 ----a-w- c:\windows\MBR.exe 2011-10-14 22:23:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-14 06:43:02 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89409a03-7dba-4394-ad2b-43a7811c8815}\mpengine.dll 2011-10-13 19:20:01 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 19:19:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-13 19:19:59 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-13 19:19:59 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 19:19:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-10-13 19:19:59 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 19:19:55 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 19:19:55 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-13 19:19:55 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-13 19:19:55 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-07 03:58:08 -------- d-----w- c:\program files\ESET 2011-10-07 03:31:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-07 02:32:18 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp . ==================== Find3M ==================== . 2011-10-07 02:26:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-10-07 02:26:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-19 17:51:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 19:43:39.00 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 5/28/2009 12:22:30 PM System Uptime: 10/14/2011 7:05:49 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G679R Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 193.795 GiB free. D: is FIXED (NTFS) - 15 GiB total, 8.045 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer AccuChef Acrobat.com Adobe Acrobat 8 Professional Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 All In Poker Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.9 (Unicode) Bodog Poker Bonjour Choice Guard Cisco Connect Compatibility Pack for the 2007 Office system Dell-eBay Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) DELL0703 ESET Online Scanner v3 FeltStars FL Studio 9 Google Chrome Google Earth Google Update Helper GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential HP Update HPSSupply IL Download Manager Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 11 Junk Mail filter update Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 PoiZone Poker4ever PowerDVD PWB 1.0 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Sakura Sawer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 10/8/2011 8:00:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:15 AM on 10/8/2011 was unexpected. 10/8/2011 7:59:23 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. 10/8/2011 12:14:23 AM, Error: EventLog [6008] - The previous system shutdown at 12:12:29 AM on 10/8/2011 was unexpected. 10/7/2011 9:04:51 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:04 PM on 10/7/2011 was unexpected. 10/7/2011 7:11:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:08:44 AM on 10/7/2011 was unexpected. 10/7/2011 7:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/7/2011 7:05:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 7:05:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/7/2011 7:05:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/7/2011 7:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/7/2011 7:04:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/7/2011 6:47:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:46:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:18 PM on 10/7/2011 was unexpected. 10/7/2011 6:33:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 10/7/2011 6:30:36 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/7/2011 6:01:28 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:04 PM on 10/7/2011 was unexpected. 10/7/2011 3:19:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/7/2011 3:19:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 10/7/2011 3:17:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:56:02 AM on 10/7/2011 was unexpected. 10/14/2011 7:28:27 PM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied. 10/14/2011 7:21:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 10/14/2011 7:16:10 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/14/2011 5:48:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/14/2011 5:28:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/14/2011 3:49:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 10/14/2011 3:28:16 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 10/14/2011 3:01:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A} 10/11/2011 7:57:41 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Sirefef.B&threatid=144459 Scan ID: {83D60067-DBB4-41E8-B887-5BD2063EF562} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: TrojanDropper:Win32/Sirefef.B ID: 144459 Severity ID: 5 Category ID: 37 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer. 10/11/2011 7:48:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{96BA9D17-95F0-47BD-913A-D03F0E98782F} because another computer on the network has the same name. The server could not start. 10/11/2011 7:48:37 PM, Error: netbt [4321] - The name "KARAN-PC :20" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 10/11/2011 7:48:36 PM, Error: netbt [4321] - The name "KARAN-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 10/11/2011 7:47:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:19:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:18:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:18:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:04:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} 10/11/2011 6:54:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 10/11/2011 6:54:05 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 10/11/2011 6:52:26 AM, Error: EventLog [6008] - The previous system shutdown at 6:50:39 AM on 10/11/2011 was unexpected. 10/11/2011 11:46:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:52 AM on 10/11/2011 was unexpected. . ==== End Of File =========================== Thankyou again for helping!
  3. Hi guys. I hope I have posted all the proper logs to help you help me. Thankyou for taking the time out to read my post and possibly help the problem get resolved. Malwarebytes stops running after 4 seconds on scanning, then it will not reopen. I get a message saying the pathway is denied. Google rediects my search results to "stopzilla". My computer randomly reboots and internet explorer changes format for no reason. Here goes. Malwarebytes- Cant run successfully. The GMER- Couldn't complete the scan. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 5/28/2009 12:22:30 PM System Uptime: 10/11/2011 4:14:37 PM (2 hours ago) . Motherboard: Dell Inc. | | 0G679R Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 207.022 GiB free. D: is FIXED (NTFS) - 15 GiB total, 8.044 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP704: 10/8/2011 8:03:40 AM - Windows Update RP705: 10/11/2011 6:56:27 AM - Windows Update RP706: 10/11/2011 7:19:37 AM - Windows Update RP708: 10/11/2011 7:56:35 AM - Windows Defender Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer AccuChef Acrobat.com Adobe Acrobat 8 Professional Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 All In Poker Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.9 (Unicode) Bodog Poker Bonjour Choice Guard Cisco Connect Compatibility Pack for the 2007 Office system Dell-eBay Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) DELL0703 ESET Online Scanner v3 FeltStars FL Studio 9 Google Chrome Google Earth Google Update Helper GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart Essential HP Update HPSSupply IL Download Manager Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 11 Junk Mail filter update Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OGA Notifier 2.0.0048.0 PoiZone Poker4ever PowerDVD PWB 1.0 QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Sakura Sawer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2553110) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 10/8/2011 8:00:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:15 AM on 10/8/2011 was unexpected. 10/8/2011 7:59:23 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. 10/8/2011 12:14:23 AM, Error: EventLog [6008] - The previous system shutdown at 12:12:29 AM on 10/8/2011 was unexpected. 10/7/2011 9:04:51 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:04 PM on 10/7/2011 was unexpected. 10/7/2011 7:11:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:08:44 AM on 10/7/2011 was unexpected. 10/7/2011 7:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/7/2011 7:05:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 7:05:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/7/2011 7:05:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/7/2011 7:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/7/2011 7:04:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/7/2011 6:47:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2011 6:46:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:18 PM on 10/7/2011 was unexpected. 10/7/2011 6:33:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 10/7/2011 6:30:36 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 10/7/2011 6:01:28 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:04 PM on 10/7/2011 was unexpected. 10/7/2011 3:19:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/7/2011 3:19:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 10/7/2011 3:17:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:56:02 AM on 10/7/2011 was unexpected. 10/6/2011 10:12:02 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 10/11/2011 7:57:41 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/? linkid=37020&name=TrojanDropper:Win32/Sirefef.B&threatid=144459 Scan ID: {83D60067-DBB4-41E8-B887-5BD2063EF562} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: TrojanDropper:Win32/Sirefef.B ID: 144459 Severity ID: 5 Category ID: 37 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer. 10/11/2011 7:47:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:19:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:18:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:18:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 10/11/2011 7:04:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} 10/11/2011 7:02:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 10/11/2011 6:58:01 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Justin SID (S-1-5-21- 1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/11/2011 6:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user Karan-PC\Justin SID (S-1-5-21- 1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/11/2011 6:54:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 10/11/2011 6:54:05 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 10/11/2011 6:52:26 AM, Error: EventLog [6008] - The previous system shutdown at 6:50:39 AM on 10/11/2011 was unexpected. 10/11/2011 11:48:14 AM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied. 10/11/2011 11:46:52 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 10/11/2011 11:46:47 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{96BA9D17-95F0-47BD-913A- D03F0E98782F} because another computer on the network has the same name. The server could not start. 10/11/2011 11:46:47 AM, Error: netbt [4321] - The name "KARAN-PC :20" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 10/11/2011 11:46:47 AM, Error: netbt [4321] - The name "KARAN-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer. 10/11/2011 11:46:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:52 AM on 10/11/2011 was unexpected. . ==== End Of File =========================== DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Justin at 18:58:09 on 2011-10-11 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.661 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\sminst\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\wscript.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ultimate-guitar.com/ BHO: {179ec2c9-f409-4d6a-b5f4-a65614a1e030} - c:\users\justin\appdata\local\Shellx86_x64.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CPN Notifier] c:\program files\all in poker\PokerNotifier.exe uRun: [-402243691] c:\users\justin\appdata\local\temp\\jucheck.exe uRun: [MouseTrayVerifier] rundll32.exe "c:\programdata\MouseTrayVerifier.dll",DllRegisterServer uRun: [Adobe Update] rundll32 "c:\users\justin\appdata\local\cpn\cpnupdate\CPNupdt32.dll",DllRegisterServer uRun: [PartyGaming Update] rundll32 "c:\users\justin\appdata\local\adobe\adobeupdate\Adobeupdt32.dll",DllRegisterServer mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [<NO NAME>] mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: mswsock.dll DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{2716854E-5911-48C6-8E26-F8A9E4327EDF} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 TCP: Interfaces\{3B0B8D85-1C6B-48C0-AB03-0AC16FD08B7D} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{96BA9D17-95F0-47BD-913A-D03F0E98782F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\users\justin\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-12 12880] R1 SASKUTIL;SASKUTIL;c:\users\justin\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-12 67664] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-28 632048] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-9-3 836384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010 -3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319 \wpf\WPFFontCache_v0400.exe [2010-3-18 753504] SUnknown vnllwvlh;vnllwvlh; [x] . =============== Created Last 30 ================ . 2011-10-11 12:20:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0131f67d-f2e8-4a77-b8f9-cb53c390e709} \offreg.dll 2011-10-11 12:20:11 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0131f67d-f2e8-4a77-b8f9-cb53c390e709} \mpengine.dll 2011-10-07 03:58:08 -------- d-----w- c:\program files\ESET 2011-10-07 03:31:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-07 03:31:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-07 02:32:18 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp 2011-10-07 02:28:19 268800 ----a-w- c:\users\justin\appdata\local\Shellx86_x64.dll 2011-10-07 02:27:58 101888 ----a-w- c:\programdata\MouseTrayVerifier.dll 2011-09-15 23:08:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-10-07 02:26:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-10-07 02:26:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-08-19 17:51:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 18:58:23.12 ===============
  4. Hey guys. I posted a topic in the hijackthis forum and I got no reply after four days. I think I should have posted some logs along with it, but I'm not sure what specofocally to post. I remember seeing guidelines for that but I can't find where it is. Thanks in advance to anyone who can help me!
  5. Hi guy(s). I've come to learn that I could get some help with this problem here. I have tried to do this on my own but I simply can not. I, like many others from what I can see, have a problem when running Malwarebytes. It stops after 5-6 seconds and i can not reopen it. Here is what I get. "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." It would be very kind if someone could help me. I thank you in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.