Jump to content

Malwarebytes Scan Problems/Google Redirects Results


Recommended Posts

Hi guys. I hope I have posted all the proper logs to help you help me. Thankyou for taking the time out to read my post and possibly help the problem get resolved.

Malwarebytes stops running after 4 seconds on scanning, then it will not reopen. I get a message saying the pathway is denied. Google rediects my search results to "stopzilla". My computer randomly reboots and internet explorer changes format for no reason. Here goes.

Malwarebytes- Cant run successfully.

The GMER- Couldn't complete the scan.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 5/28/2009 12:22:30 PM

System Uptime: 10/11/2011 4:14:37 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0G679R

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 207.022 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 8.044 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP704: 10/8/2011 8:03:40 AM - Windows Update

RP705: 10/11/2011 6:56:27 AM - Windows Update

RP706: 10/11/2011 7:19:37 AM - Windows Update

RP708: 10/11/2011 7:56:35 AM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

AccuChef

Acrobat.com

Adobe Acrobat 8 Professional

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9

All In Poker

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.9 (Unicode)

Bodog Poker

Bonjour

Choice Guard

Cisco Connect

Compatibility Pack for the 2007 Office system

Dell-eBay

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

DELL0703

ESET Online Scanner v3

FeltStars

FL Studio 9

Google Chrome

Google Earth

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Photosmart Essential

HP Update

HPSSupply

IL Download Manager

Intel® PRO Network Connections 12.1.11.0

iTunes

Java 6 Update 11

Junk Mail filter update

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

PoiZone

Poker4ever

PowerDVD

PWB 1.0

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Sakura

Sawer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2553110)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

10/8/2011 8:00:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:15 AM on 10/8/2011 was unexpected.

10/8/2011 7:59:23 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider

reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

10/8/2011 12:14:23 AM, Error: EventLog [6008] - The previous system shutdown at 12:12:29 AM on 10/8/2011 was unexpected.

10/7/2011 9:04:51 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:04 PM on 10/7/2011 was unexpected.

10/7/2011 7:11:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:08:44 AM on 10/7/2011 was unexpected.

10/7/2011 7:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments ""

in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/7/2011 7:05:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which

failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 7:05:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments ""

in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/7/2011 7:05:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in

order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments ""

in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in

order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments ""

in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/7/2011 7:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with

arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/7/2011 7:04:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with

arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/7/2011 6:47:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt

nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to

start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem

service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to

start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which

failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock

service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub

Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine

service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which

failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which

failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service

which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to

start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed

to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which

failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the

following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start

because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to

start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:46:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:18 PM on 10/7/2011 was unexpected.

10/7/2011 6:33:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

10/7/2011 6:30:36 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.

10/7/2011 6:01:28 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:04 PM on 10/7/2011 was unexpected.

10/7/2011 3:19:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 30000 milliseconds: Restart the service.

10/7/2011 3:19:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

10/7/2011 3:17:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:56:02 AM on 10/7/2011 was unexpected.

10/6/2011 10:12:02 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

10/11/2011 7:57:41 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or

other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?

linkid=37020&name=TrojanDropper:Win32/Sirefef.B&threatid=144459 Scan ID: {83D60067-DBB4-41E8-B887-5BD2063EF562} Scan

Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: TrojanDropper:Win32/Sirefef.B ID: 144459 Severity

ID: 5 Category ID: 37 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other

potentially unwanted software, restart the computer.

10/11/2011 7:47:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already

running.

10/11/2011 7:19:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already

running.

10/11/2011 7:18:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.

10/11/2011 7:18:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the

unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already

running.

10/11/2011 7:04:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in

order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

10/11/2011 7:02:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in

order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/11/2011 6:58:01 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation

permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Justin SID (S-1-5-21-

1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services

administrative tool.

10/11/2011 6:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation

permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user Karan-PC\Justin SID (S-1-5-21-

1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services

administrative tool.

10/11/2011 6:54:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service

which failed to start because of the following error: Cannot create a file when that file already exists.

10/11/2011 6:54:05 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error:

Cannot create a file when that file already exists.

10/11/2011 6:52:26 AM, Error: EventLog [6008] - The previous system shutdown at 6:50:39 AM on 10/11/2011 was unexpected.

10/11/2011 11:48:14 AM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is

denied.

10/11/2011 11:46:52 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be

restarted. hr=80042505

10/11/2011 11:46:47 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{96BA9D17-95F0-47BD-913A-

D03F0E98782F} because another computer on the network has the same name. The server could not start.

10/11/2011 11:46:47 AM, Error: netbt [4321] - The name "KARAN-PC :20" could not be registered on the interface with IP address 192.168.1.101. The

computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.

10/11/2011 11:46:47 AM, Error: netbt [4321] - The name "KARAN-PC :0" could not be registered on the interface with IP address 192.168.1.101. The

computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.

10/11/2011 11:46:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:52 AM on 10/11/2011 was unexpected.

.

==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Justin at 18:58:09 on 2011-10-11

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.661 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\sminst\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\wscript.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ultimate-guitar.com/

BHO: {179ec2c9-f409-4d6a-b5f4-a65614a1e030} - c:\users\justin\appdata\local\Shellx86_x64.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [CPN Notifier] c:\program files\all in poker\PokerNotifier.exe

uRun: [-402243691] c:\users\justin\appdata\local\temp\\jucheck.exe

uRun: [MouseTrayVerifier] rundll32.exe "c:\programdata\MouseTrayVerifier.dll",DllRegisterServer

uRun: [Adobe Update] rundll32 "c:\users\justin\appdata\local\cpn\cpnupdate\CPNupdt32.dll",DllRegisterServer

uRun: [PartyGaming Update] rundll32 "c:\users\justin\appdata\local\adobe\adobeupdate\Adobeupdt32.dll",DllRegisterServer

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{2716854E-5911-48C6-8E26-F8A9E4327EDF} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{3B0B8D85-1C6B-48C0-AB03-0AC16FD08B7D} : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{96BA9D17-95F0-47BD-913A-D03F0E98782F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\users\justin\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;c:\users\justin\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-12 67664]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-28 632048]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-9-3 836384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010

-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper

Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

SUnknown vnllwvlh;vnllwvlh; [x]

.

=============== Created Last 30 ================

.

2011-10-11 12:20:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0131f67d-f2e8-4a77-b8f9-cb53c390e709}

\offreg.dll

2011-10-11 12:20:11 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0131f67d-f2e8-4a77-b8f9-cb53c390e709}

\mpengine.dll

2011-10-07 03:58:08 -------- d-----w- c:\program files\ESET

2011-10-07 03:31:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 03:31:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-07 02:32:18 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp

2011-10-07 02:28:19 268800 ----a-w- c:\users\justin\appdata\local\Shellx86_x64.dll

2011-10-07 02:27:58 101888 ----a-w- c:\programdata\MouseTrayVerifier.dll

2011-09-15 23:08:52 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-10-07 02:26:35 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-10-07 02:26:34 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-08-19 17:51:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 18:58:23.12 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thankyou for responding to my post! Much thanks indeed.

here is the TDS-

17:13:38.0965 5784 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24

17:13:39.0394 5784 ============================================================

17:13:39.0394 5784 Current date / time: 2011/10/14 17:13:39.0394

17:13:39.0394 5784 SystemInfo:

17:13:39.0394 5784

17:13:39.0394 5784 OS Version: 6.0.6002 ServicePack: 2.0

17:13:39.0394 5784 Product type: Workstation

17:13:39.0394 5784 ComputerName: KARAN-PC

17:13:39.0394 5784 UserName: Justin

17:13:39.0394 5784 Windows directory: C:\Windows

17:13:39.0394 5784 System windows directory: C:\Windows

17:13:39.0394 5784 Processor architecture: Intel x86

17:13:39.0394 5784 Number of processors: 2

17:13:39.0394 5784 Page size: 0x1000

17:13:39.0394 5784 Boot type: Normal boot

17:13:39.0394 5784 ============================================================

17:13:40.0712 5784 Initialize success

17:14:00.0211 5376 ============================================================

17:14:00.0211 5376 Scan started

17:14:00.0211 5376 Mode: Manual;

17:14:00.0211 5376 ============================================================

17:14:01.0819 5376 2340f1bc (b58859b92ef15a251d22488e9e5412a6) C:\Windows\3169927203:3703508547.exe

17:14:01.0819 5376 Suspicious file (Hidden): C:\Windows\3169927203:3703508547.exe. md5: b58859b92ef15a251d22488e9e5412a6

17:14:01.0820 5376 2340f1bc ( HiddenFile.Multi.Generic ) - warning

17:14:01.0820 5376 2340f1bc - detected HiddenFile.Multi.Generic (1)

17:14:01.0875 5376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

17:14:01.0880 5376 ACPI - ok

17:14:01.0917 5376 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

17:14:01.0924 5376 adp94xx - ok

17:14:01.0958 5376 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

17:14:01.0965 5376 adpahci - ok

17:14:01.0984 5376 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

17:14:01.0987 5376 adpu160m - ok

17:14:02.0002 5376 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

17:14:02.0006 5376 adpu320 - ok

17:14:02.0062 5376 AE1000 (5efe06456dbc5cd87cadc42af8d31cd9) C:\Windows\system32\DRIVERS\ae1000va.sys

17:14:02.0075 5376 AE1000 - ok

17:14:02.0149 5376 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

17:14:02.0154 5376 AFD - ok

17:14:02.0224 5376 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

17:14:02.0226 5376 agp440 - ok

17:14:02.0279 5376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:14:02.0282 5376 aic78xx - ok

17:14:02.0299 5376 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

17:14:02.0301 5376 aliide - ok

17:14:02.0318 5376 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

17:14:02.0320 5376 amdagp - ok

17:14:02.0336 5376 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

17:14:02.0338 5376 amdide - ok

17:14:02.0355 5376 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

17:14:02.0357 5376 AmdK7 - ok

17:14:02.0369 5376 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

17:14:02.0371 5376 AmdK8 - ok

17:14:02.0408 5376 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

17:14:02.0411 5376 arc - ok

17:14:02.0433 5376 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

17:14:02.0435 5376 arcsas - ok

17:14:02.0457 5376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:14:02.0459 5376 AsyncMac - ok

17:14:02.0487 5376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

17:14:02.0487 5376 atapi - ok

17:14:02.0521 5376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:14:02.0523 5376 Beep - ok

17:14:02.0556 5376 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

17:14:02.0558 5376 blbdrive - ok

17:14:02.0606 5376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

17:14:02.0609 5376 bowser - ok

17:14:02.0625 5376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:14:02.0626 5376 BrFiltLo - ok

17:14:02.0639 5376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:14:02.0641 5376 BrFiltUp - ok

17:14:02.0676 5376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:14:02.0678 5376 Brserid - ok

17:14:02.0694 5376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:14:02.0696 5376 BrSerWdm - ok

17:14:02.0713 5376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:14:02.0715 5376 BrUsbMdm - ok

17:14:02.0725 5376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:14:02.0726 5376 BrUsbSer - ok

17:14:02.0752 5376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:14:02.0754 5376 BTHMODEM - ok

17:14:02.0785 5376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:14:02.0787 5376 cdfs - ok

17:14:02.0813 5376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

17:14:02.0815 5376 cdrom - ok

17:14:02.0838 5376 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

17:14:02.0840 5376 circlass - ok

17:14:02.0887 5376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

17:14:02.0891 5376 CLFS - ok

17:14:02.0922 5376 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

17:14:02.0924 5376 cmdide - ok

17:14:02.0933 5376 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys

17:14:02.0942 5376 Compbatt - ok

17:14:02.0954 5376 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

17:14:02.0959 5376 crcdisk - ok

17:14:02.0983 5376 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

17:14:02.0985 5376 Crusoe - ok

17:14:03.0067 5376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

17:14:03.0069 5376 disk - ok

17:14:03.0125 5376 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

17:14:03.0128 5376 Dot4 - ok

17:14:03.0149 5376 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

17:14:03.0151 5376 Dot4Print - ok

17:14:03.0174 5376 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

17:14:03.0176 5376 dot4usb - ok

17:14:03.0215 5376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:14:03.0217 5376 drmkaud - ok

17:14:03.0335 5376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

17:14:03.0347 5376 DXGKrnl - ok

17:14:03.0392 5376 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

17:14:03.0396 5376 e1express - ok

17:14:03.0427 5376 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:14:03.0430 5376 E1G60 - ok

17:14:03.0483 5376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

17:14:03.0520 5376 Ecache - ok

17:14:03.0562 5376 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

17:14:03.0568 5376 elxstor - ok

17:14:03.0589 5376 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys

17:14:03.0591 5376 ErrDev - ok

17:14:03.0649 5376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

17:14:03.0678 5376 exfat - ok

17:14:03.0722 5376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

17:14:03.0728 5376 fastfat - ok

17:14:03.0743 5376 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

17:14:03.0744 5376 fdc - ok

17:14:03.0772 5376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:14:03.0774 5376 FileInfo - ok

17:14:03.0790 5376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:14:03.0791 5376 Filetrace - ok

17:14:03.0809 5376 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

17:14:03.0811 5376 flpydisk - ok

17:14:03.0852 5376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

17:14:03.0856 5376 FltMgr - ok

17:14:03.0900 5376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:14:03.0902 5376 Fs_Rec - ok

17:14:03.0921 5376 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

17:14:03.0923 5376 gagp30kx - ok

17:14:03.0953 5376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:14:03.0955 5376 GEARAspiWDM - ok

17:14:04.0048 5376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:14:04.0057 5376 HDAudBus - ok

17:14:04.0092 5376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:14:04.0095 5376 HidBth - ok

17:14:04.0109 5376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:14:04.0111 5376 HidIr - ok

17:14:04.0129 5376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

17:14:04.0130 5376 HidUsb - ok

17:14:04.0151 5376 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

17:14:04.0153 5376 HpCISSs - ok

17:14:04.0262 5376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

17:14:04.0298 5376 HTTP - ok

17:14:04.0316 5376 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

17:14:04.0318 5376 i2omp - ok

17:14:04.0346 5376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:14:04.0348 5376 i8042prt - ok

17:14:04.0385 5376 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

17:14:04.0390 5376 iaStor - ok

17:14:04.0411 5376 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

17:14:04.0416 5376 iaStorV - ok

17:14:04.0493 5376 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:14:04.0532 5376 igfx - ok

17:14:04.0547 5376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:14:04.0549 5376 iirsp - ok

17:14:04.0625 5376 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys

17:14:04.0667 5376 IntcAzAudAddService - ok

17:14:04.0694 5376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

17:14:04.0696 5376 intelide - ok

17:14:04.0722 5376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:14:04.0724 5376 intelppm - ok

17:14:04.0745 5376 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:14:04.0747 5376 IpFilterDriver - ok

17:14:04.0759 5376 IpInIp - ok

17:14:04.0777 5376 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

17:14:04.0780 5376 IPMIDRV - ok

17:14:04.0793 5376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:14:04.0797 5376 IPNAT - ok

17:14:04.0822 5376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:14:04.0825 5376 IRENUM - ok

17:14:04.0839 5376 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

17:14:04.0841 5376 isapnp - ok

17:14:04.0868 5376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

17:14:04.0871 5376 iScsiPrt - ok

17:14:04.0884 5376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:14:04.0885 5376 iteatapi - ok

17:14:04.0913 5376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:14:04.0914 5376 iteraid - ok

17:14:04.0929 5376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:14:04.0930 5376 kbdclass - ok

17:14:04.0958 5376 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

17:14:04.0959 5376 kbdhid - ok

17:14:04.0985 5376 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

17:14:04.0991 5376 KSecDD - ok

17:14:05.0051 5376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:14:05.0055 5376 lltdio - ok

17:14:05.0089 5376 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

17:14:05.0091 5376 LSI_FC - ok

17:14:05.0132 5376 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

17:14:05.0134 5376 LSI_SAS - ok

17:14:05.0150 5376 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

17:14:05.0152 5376 LSI_SCSI - ok

17:14:05.0168 5376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:14:05.0170 5376 luafv - ok

17:14:05.0202 5376 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

17:14:05.0203 5376 megasas - ok

17:14:05.0234 5376 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

17:14:05.0239 5376 MegaSR - ok

17:14:05.0259 5376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:14:05.0260 5376 Modem - ok

17:14:05.0276 5376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:14:05.0278 5376 monitor - ok

17:14:05.0295 5376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:14:05.0297 5376 mouclass - ok

17:14:05.0305 5376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

17:14:05.0306 5376 mouhid - ok

17:14:05.0327 5376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:14:05.0329 5376 MountMgr - ok

17:14:05.0355 5376 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

17:14:05.0358 5376 mpio - ok

17:14:05.0372 5376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:14:05.0374 5376 mpsdrv - ok

17:14:05.0392 5376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:14:05.0393 5376 Mraid35x - ok

17:14:05.0429 5376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

17:14:05.0431 5376 MRxDAV - ok

17:14:05.0485 5376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:14:05.0487 5376 mrxsmb - ok

17:14:05.0516 5376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:14:05.0519 5376 mrxsmb10 - ok

17:14:05.0546 5376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:14:05.0548 5376 mrxsmb20 - ok

17:14:05.0577 5376 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

17:14:05.0578 5376 msahci - ok

17:14:05.0593 5376 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

17:14:05.0595 5376 msdsm - ok

17:14:05.0627 5376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:14:05.0629 5376 Msfs - ok

17:14:05.0660 5376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:14:05.0662 5376 msisadrv - ok

17:14:05.0687 5376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:14:05.0688 5376 MSKSSRV - ok

17:14:05.0707 5376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:14:05.0708 5376 MSPCLOCK - ok

17:14:05.0723 5376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:14:05.0724 5376 MSPQM - ok

17:14:05.0759 5376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

17:14:05.0762 5376 MsRPC - ok

17:14:05.0777 5376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:14:05.0779 5376 mssmbios - ok

17:14:05.0795 5376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:14:05.0797 5376 MSTEE - ok

17:14:05.0815 5376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

17:14:05.0817 5376 Mup - ok

17:14:05.0867 5376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

17:14:05.0870 5376 NativeWifiP - ok

17:14:05.0925 5376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

17:14:05.0934 5376 NDIS - ok

17:14:05.0955 5376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:14:05.0956 5376 NdisTapi - ok

17:14:05.0970 5376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:14:05.0972 5376 Ndisuio - ok

17:14:06.0017 5376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:14:06.0020 5376 NdisWan - ok

17:14:06.0075 5376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:14:06.0081 5376 NDProxy - ok

17:14:06.0141 5376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:14:06.0143 5376 NetBIOS - ok

17:14:06.0188 5376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

17:14:06.0192 5376 netbt - ok

17:14:06.0246 5376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:14:06.0249 5376 nfrd960 - ok

17:14:06.0296 5376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

17:14:06.0297 5376 Npfs - ok

17:14:06.0313 5376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:14:06.0314 5376 nsiproxy - ok

17:14:06.0369 5376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

17:14:06.0394 5376 Ntfs - ok

17:14:06.0420 5376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:14:06.0422 5376 ntrigdigi - ok

17:14:06.0437 5376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:14:06.0439 5376 Null - ok

17:14:06.0464 5376 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

17:14:06.0467 5376 nvraid - ok

17:14:06.0483 5376 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

17:14:06.0487 5376 nvstor - ok

17:14:06.0508 5376 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

17:14:06.0510 5376 nv_agp - ok

17:14:06.0520 5376 NwlnkFlt - ok

17:14:06.0529 5376 NwlnkFwd - ok

17:14:06.0563 5376 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

17:14:06.0565 5376 ohci1394 - ok

17:14:06.0592 5376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:14:06.0595 5376 Parport - ok

17:14:06.0620 5376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

17:14:06.0621 5376 partmgr - ok

17:14:06.0639 5376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:14:06.0641 5376 Parvdm - ok

17:14:06.0722 5376 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms

17:14:06.0748 5376 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok

17:14:06.0799 5376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

17:14:06.0802 5376 pci - ok

17:14:06.0833 5376 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

17:14:06.0835 5376 pciide - ok

17:14:06.0861 5376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

17:14:06.0864 5376 pcmcia - ok

17:14:06.0906 5376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:14:06.0918 5376 PEAUTH - ok

17:14:07.0003 5376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:14:07.0005 5376 PptpMiniport - ok

17:14:07.0023 5376 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

17:14:07.0025 5376 Processor - ok

17:14:07.0084 5376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

17:14:07.0086 5376 PSched - ok

17:14:07.0117 5376 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

17:14:07.0119 5376 PxHelp20 - ok

17:14:07.0163 5376 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

17:14:07.0189 5376 ql2300 - ok

17:14:07.0216 5376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:14:07.0218 5376 ql40xx - ok

17:14:07.0235 5376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:14:07.0237 5376 QWAVEdrv - ok

17:14:07.0306 5376 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

17:14:07.0348 5376 R300 - ok

17:14:07.0358 5376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:14:07.0360 5376 RasAcd - ok

17:14:07.0399 5376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:14:07.0402 5376 Rasl2tp - ok

17:14:07.0445 5376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

17:14:07.0447 5376 RasPppoe - ok

17:14:07.0486 5376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

17:14:07.0488 5376 RasSstp - ok

17:14:07.0529 5376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

17:14:07.0534 5376 rdbss - ok

17:14:07.0544 5376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:14:07.0545 5376 RDPCDD - ok

17:14:07.0573 5376 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

17:14:07.0577 5376 rdpdr - ok

17:14:07.0587 5376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:14:07.0589 5376 RDPENCDD - ok

17:14:07.0638 5376 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

17:14:07.0641 5376 RDPWD - ok

17:14:07.0670 5376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:14:07.0672 5376 rspndr - ok

17:14:07.0763 5376 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS

17:14:07.0765 5376 SASDIFSV - ok

17:14:07.0798 5376 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS

17:14:07.0800 5376 SASKUTIL - ok

17:14:07.0839 5376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:14:07.0843 5376 sbp2port - ok

17:14:07.0901 5376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:14:07.0903 5376 secdrv - ok

17:14:07.0925 5376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:14:07.0927 5376 Serenum - ok

17:14:07.0943 5376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:14:07.0946 5376 Serial - ok

17:14:07.0960 5376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:14:07.0962 5376 sermouse - ok

17:14:07.0998 5376 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

17:14:08.0000 5376 sffdisk - ok

17:14:08.0013 5376 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

17:14:08.0015 5376 sffp_mmc - ok

17:14:08.0034 5376 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

17:14:08.0036 5376 sffp_sd - ok

17:14:08.0047 5376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:14:08.0050 5376 sfloppy - ok

17:14:08.0074 5376 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

17:14:08.0076 5376 sisagp - ok

17:14:08.0096 5376 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

17:14:08.0098 5376 SiSRaid2 - ok

17:14:08.0112 5376 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

17:14:08.0115 5376 SiSRaid4 - ok

17:14:08.0154 5376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

17:14:08.0157 5376 Smb - ok

17:14:08.0183 5376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:14:08.0185 5376 spldr - ok

17:14:08.0225 5376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

17:14:08.0230 5376 srv - ok

17:14:08.0284 5376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

17:14:08.0287 5376 srv2 - ok

17:14:08.0298 5376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

17:14:08.0301 5376 srvnet - ok

17:14:08.0344 5376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:14:08.0346 5376 swenum - ok

17:14:08.0363 5376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:14:08.0365 5376 Symc8xx - ok

17:14:08.0381 5376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:14:08.0383 5376 Sym_hi - ok

17:14:08.0395 5376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:14:08.0397 5376 Sym_u3 - ok

17:14:08.0451 5376 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

17:14:08.0464 5376 Tcpip - ok

17:14:08.0482 5376 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

17:14:08.0489 5376 Tcpip6 - ok

17:14:08.0540 5376 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

17:14:08.0541 5376 tcpipreg - ok

17:14:08.0551 5376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:14:08.0553 5376 TDPIPE - ok

17:14:08.0569 5376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:14:08.0570 5376 TDTCP - ok

17:14:08.0607 5376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

17:14:08.0609 5376 tdx - ok

17:14:08.0629 5376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

17:14:08.0631 5376 TermDD - ok

17:14:08.0658 5376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:14:08.0660 5376 tssecsrv - ok

17:14:08.0689 5376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:14:08.0691 5376 tunmp - ok

17:14:08.0736 5376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

17:14:08.0737 5376 tunnel - ok

17:14:08.0750 5376 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

17:14:08.0752 5376 uagp35 - ok

17:14:08.0768 5376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

17:14:08.0772 5376 udfs - ok

17:14:08.0795 5376 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

17:14:08.0797 5376 uliagpkx - ok

17:14:08.0811 5376 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

17:14:08.0814 5376 uliahci - ok

17:14:08.0829 5376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:14:08.0832 5376 UlSata - ok

17:14:08.0847 5376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:14:08.0850 5376 ulsata2 - ok

17:14:08.0866 5376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:14:08.0867 5376 umbus - ok

17:14:08.0924 5376 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys

17:14:08.0925 5376 USBAAPL - ok

17:14:08.0948 5376 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

17:14:08.0950 5376 usbaudio - ok

17:14:08.0986 5376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

17:14:08.0988 5376 usbccgp - ok

17:14:09.0007 5376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:14:09.0009 5376 usbcir - ok

17:14:09.0030 5376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

17:14:09.0031 5376 usbehci - ok

17:14:09.0066 5376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

17:14:09.0070 5376 usbhub - ok

17:14:09.0082 5376 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

17:14:09.0084 5376 usbohci - ok

17:14:09.0108 5376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:14:09.0110 5376 usbprint - ok

17:14:09.0133 5376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

17:14:09.0135 5376 usbscan - ok

17:14:09.0151 5376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:14:09.0153 5376 USBSTOR - ok

17:14:09.0168 5376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:14:09.0169 5376 usbuhci - ok

17:14:09.0189 5376 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

17:14:09.0190 5376 vga - ok

17:14:09.0208 5376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:14:09.0209 5376 VgaSave - ok

17:14:09.0228 5376 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

17:14:09.0230 5376 viaagp - ok

17:14:09.0249 5376 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

17:14:09.0251 5376 ViaC7 - ok

17:14:09.0262 5376 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

17:14:09.0264 5376 viaide - ok

17:14:09.0280 5376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:14:09.0282 5376 volmgr - ok

17:14:09.0331 5376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

17:14:09.0335 5376 volmgrx - ok

17:14:09.0364 5376 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

17:14:09.0368 5376 volsnap - ok

17:14:09.0396 5376 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

17:14:09.0399 5376 vsmraid - ok

17:14:09.0451 5376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:14:09.0453 5376 WacomPen - ok

17:14:09.0472 5376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:14:09.0474 5376 Wanarp - ok

17:14:09.0484 5376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:14:09.0485 5376 Wanarpv6 - ok

17:14:09.0512 5376 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

17:14:09.0514 5376 Wd - ok

17:14:09.0533 5376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:14:09.0541 5376 Wdf01000 - ok

17:14:09.0598 5376 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys

17:14:09.0600 5376 WmiAcpi - ok

17:14:09.0650 5376 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

17:14:09.0651 5376 WpdUsb - ok

17:14:09.0677 5376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:14:09.0679 5376 ws2ifsl - ok

17:14:09.0714 5376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:14:09.0716 5376 WUDFRd - ok

17:14:09.0754 5376 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

17:14:09.0768 5376 \Device\Harddisk0\DR0 - ok

17:14:09.0785 5376 Boot (0x1200) (4ca8d0e4a3dc032e20ea5445404e0d43) \Device\Harddisk0\DR0\Partition0

17:14:09.0786 5376 \Device\Harddisk0\DR0\Partition0 - ok

17:14:09.0790 5376 Boot (0x1200) (5e41560e0b6f991bb006d92f56ea2e83) \Device\Harddisk0\DR0\Partition1

17:14:09.0790 5376 \Device\Harddisk0\DR0\Partition1 - ok

17:14:09.0792 5376 ============================================================

17:14:09.0792 5376 Scan finished

17:14:09.0792 5376 ============================================================

17:14:09.0805 4996 Detected object count: 1

17:14:09.0805 4996 Actual detected object count: 1

17:14:34.0514 4996 HKLM\SYSTEM\ControlSet001\services\2340f1bc - will be deleted on reboot

17:14:34.0538 4996 HKLM\SYSTEM\ControlSet003\services\2340f1bc - will be deleted on reboot

17:14:34.0549 4996 C:\Windows\3169927203:3703508547.exe - will be deleted on reboot

17:14:34.0549 4996 2340f1bc ( HiddenFile.Multi.Generic ) - User select action: Delete

17:14:37.0977 4656 Deinitialize success

Malwarebytes scan-

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7949

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/14/2011 5:41:17 PM

mbam-log-2011-10-14 (17-41-17).txt

Scan type: Quick scan

Objects scanned: 209870

Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 4

Registry Keys Infected: 5

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\Justin\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot.

c:\Users\Justin\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\programdata\mousetrayverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\Users\Justin\AppData\Local\CPN\cpnupdate\cpnupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{179EC2C9-F409-4D6A-B5F4-A65614A1E030} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PartyGaming Update (Trojan.SHarpro) -> Value: PartyGaming Update -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MouseTrayVerifier (Trojan.SHarpro.PGen) -> Value: MouseTrayVerifier -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\-402243691 (Trojan.Agent.Gen) -> Value: -402243691 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Update (Trojan.SHarpro.PGen) -> Value: Adobe Update -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Justin\AppData\Local\Temp\0.7085036367719241.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.

c:\Users\Justin\AppData\Local\Temp\etjykapfuk (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.

c:\Users\Justin\AppData\Local\Temp\oMIHV2.exe (PUP.Casino) -> Not selected for removal.

c:\Users\Justin\AppData\Local\Temp\aWcAIH.exe (PUP.Casino) -> Not selected for removal.

c:\Users\Justin\AppData\Local\Temp\M5jTx.exe (PUP.Casino) -> Not selected for removal.

c:\Users\Justin\AppData\Local\Temp\thpm2208490689554551235.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

c:\Users\Justin\local settings\application data\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot.

c:\Users\Justin\AppData\Local\shellx86_x64.dll (Trojan.SHarpro.Gen) -> Delete on reboot.

c:\Users\Justin\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\Users\Justin\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.

c:\programdata\mousetrayverifier.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

c:\Users\Justin\AppData\Local\Temp\jucheck.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\Users\Justin\AppData\Local\CPN\cpnupdate\cpnupdt32.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

Ok, this is Combofix. Im not sure if this is the right log or not. I closed the log after it popped up immediately following the scan completetion, and reopened what I think is the log. If its not,I'll do the scan again and get it right off the bat.

ComboFix 11-10-14.04 - Justin 10/14/2011 19:08:43.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1364 [GMT -5:00]

Running from: c:\users\Justin\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\5yboNX6.jpg

c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\kMYln3.jpg

c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\mbYx7.jpg

c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\oaB87.jpg

c:\users\Justin\AppData\Roaming\Adobe\plugs

c:\users\Justin\AppData\Roaming\Adobe\shed

c:\windows\$NtUninstallKB11523$

c:\windows\$NtUninstallKB11523$\3394396455

c:\windows\$NtUninstallKB11523$\591458748\@

c:\windows\$NtUninstallKB11523$\591458748\bckfg.tmp

c:\windows\$NtUninstallKB11523$\591458748\cfg.ini

c:\windows\$NtUninstallKB11523$\591458748\Desktop.ini

c:\windows\$NtUninstallKB11523$\591458748\keywords

c:\windows\$NtUninstallKB11523$\591458748\kwrd.dll

c:\windows\$NtUninstallKB11523$\591458748\L\qnbwvoto

c:\windows\$NtUninstallKB11523$\591458748\lsflt7.ver

c:\windows\$NtUninstallKB11523$\591458748\U\00000001.@

c:\windows\$NtUninstallKB11523$\591458748\U\00000002.@

c:\windows\$NtUninstallKB11523$\591458748\U\80000000.@

c:\windows\$NtUninstallKB11523$\591458748\U\80000032.@

D:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))

.

.

2011-10-15 00:15 . 2011-10-15 00:16 -------- d-----w- c:\users\Justin\AppData\Local\temp

2011-10-15 00:15 . 2011-10-15 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-15 00:15 . 2011-10-15 00:15 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-10-14 22:23 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-14 06:43 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89409A03-7DBA-4394-AD2B-43A7811C8815}\mpengine.dll

2011-10-13 19:20 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 19:19 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-13 19:19 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 19:19 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 19:19 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 19:19 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 19:19 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 19:19 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 19:19 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 19:19 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-07 03:58 . 2011-10-07 03:58 -------- d-----w- c:\program files\ESET

2011-10-07 03:31 . 2011-10-14 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-07 02:32 . 2011-10-07 02:32 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp

2011-10-07 02:26 . 2011-10-07 02:53 -------- d-----w- c:\program files\Real

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 02:26 . 2009-05-28 22:36 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-10-07 02:26 . 2009-05-28 22:36 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-08-19 17:51 . 2011-08-19 17:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-05-28 22:36 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk

backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

path=c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

backup=c:\windows\pss\Dell Dock.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2006-10-23 04:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]

2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 SASDIFSV;SASDIFSV;c:\users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\users\Justin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]

S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [2010-03-23 836384]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 05:33]

.

2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 05:33]

.

2011-10-15 c:\windows\Tasks\User_Feed_Synchronization-{BCD50305-EF4F-4775-A6D9-B3B445F6300E}.job

- c:\windows\system32\msfeedssync.exe [2011-04-11 20:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ultimate-guitar.com/

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-CPN Notifier - c:\program files\All In Poker\PokerNotifier.exe

HKCU-Run-MouseTrayVerifier - c:\programdata\MouseTrayVerifier.dll

SafeBoot-94919667.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-14 19:16

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

Completion time: 2011-10-14 19:18:01

ComboFix-quarantined-files.txt 2011-10-15 00:17

.

Pre-Run: 206,713,638,912 bytes free

Post-Run: 208,050,495,488 bytes free

.

- - End Of File - - 3D6B7C83CE2A134CA98AA240A8DFE110

New dds

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Justin at 19:43:26 on 2011-10-14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.829 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\sminst\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\explorer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ultimate-guitar.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{2716854E-5911-48C6-8E26-F8A9E4327EDF} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{3B0B8D85-1C6B-48C0-AB03-0AC16FD08B7D} : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{96BA9D17-95F0-47BD-913A-D03F0E98782F} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-28 632048]

R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-9-3 836384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 136176]

S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-15 00:20:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89409a03-7dba-4394-ad2b-43a7811c8815}\offreg.dll

2011-10-15 00:18:05 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-15 00:18:03 -------- d-----w- c:\users\justin\appdata\local\temp

2011-10-14 22:50:56 98816 ----a-w- c:\windows\sed.exe

2011-10-14 22:50:56 518144 ----a-w- c:\windows\SWREG.exe

2011-10-14 22:50:56 256000 ----a-w- c:\windows\PEV.exe

2011-10-14 22:50:56 208896 ----a-w- c:\windows\MBR.exe

2011-10-14 22:23:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-14 06:43:02 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{89409a03-7dba-4394-ad2b-43a7811c8815}\mpengine.dll

2011-10-13 19:20:01 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 19:19:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 19:19:59 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 19:19:59 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 19:19:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-13 19:19:59 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 19:19:55 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 19:19:55 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 19:19:55 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-13 19:19:55 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-07 03:58:08 -------- d-----w- c:\program files\ESET

2011-10-07 03:31:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-07 02:32:18 0 ---ha-w- c:\windows\system32\pwwedvnsgc.tmp

.

==================== Find3M ====================

.

2011-10-07 02:26:35 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-10-07 02:26:34 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-19 17:51:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 19:43:39.00 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 5/28/2009 12:22:30 PM

System Uptime: 10/14/2011 7:05:49 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G679R

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 193.795 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 8.045 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

AccuChef

Acrobat.com

Adobe Acrobat 8 Professional

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9

All In Poker

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.9 (Unicode)

Bodog Poker

Bonjour

Choice Guard

Cisco Connect

Compatibility Pack for the 2007 Office system

Dell-eBay

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

DELL0703

ESET Online Scanner v3

FeltStars

FL Studio 9

Google Chrome

Google Earth

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Photosmart Essential

HP Update

HPSSupply

IL Download Manager

Intel® PRO Network Connections 12.1.11.0

iTunes

Java 6 Update 11

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

PoiZone

Poker4ever

PowerDVD

PWB 1.0

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Sakura

Sawer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

10/8/2011 8:00:02 AM, Error: EventLog [6008] - The previous system shutdown at 1:37:15 AM on 10/8/2011 was unexpected.

10/8/2011 7:59:23 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

10/8/2011 12:14:23 AM, Error: EventLog [6008] - The previous system shutdown at 12:12:29 AM on 10/8/2011 was unexpected.

10/7/2011 9:04:51 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:04 PM on 10/7/2011 was unexpected.

10/7/2011 7:11:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:08:44 AM on 10/7/2011 was unexpected.

10/7/2011 7:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/7/2011 7:05:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 7:05:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/7/2011 7:05:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/7/2011 7:04:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/7/2011 7:04:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/7/2011 7:04:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/7/2011 6:47:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:47:52 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2011 6:46:39 PM, Error: EventLog [6008] - The previous system shutdown at 6:44:18 PM on 10/7/2011 was unexpected.

10/7/2011 6:33:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

10/7/2011 6:30:36 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/7/2011 6:01:28 PM, Error: EventLog [6008] - The previous system shutdown at 5:59:04 PM on 10/7/2011 was unexpected.

10/7/2011 3:19:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/7/2011 3:19:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

10/7/2011 3:17:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:56:02 AM on 10/7/2011 was unexpected.

10/14/2011 7:28:27 PM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: Access is denied.

10/14/2011 7:21:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/14/2011 7:16:10 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/14/2011 5:48:56 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/14/2011 5:28:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} to the user Karan-PC\Justin SID (S-1-5-21-1754434431-1100600640-2589103612-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

10/14/2011 3:49:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

10/14/2011 3:28:16 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

10/14/2011 3:01:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A}

10/11/2011 7:57:41 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Sirefef.B&threatid=144459 Scan ID: {83D60067-DBB4-41E8-B887-5BD2063EF562} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: TrojanDropper:Win32/Sirefef.B ID: 144459 Severity ID: 5 Category ID: 37 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.

10/11/2011 7:48:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{96BA9D17-95F0-47BD-913A-D03F0E98782F} because another computer on the network has the same name. The server could not start.

10/11/2011 7:48:37 PM, Error: netbt [4321] - The name "KARAN-PC :20" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.

10/11/2011 7:48:36 PM, Error: netbt [4321] - The name "KARAN-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.

10/11/2011 7:47:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.

10/11/2011 7:19:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

10/11/2011 7:18:07 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.

10/11/2011 7:18:03 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

10/11/2011 7:04:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

10/11/2011 6:54:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

10/11/2011 6:54:05 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

10/11/2011 6:52:26 AM, Error: EventLog [6008] - The previous system shutdown at 6:50:39 AM on 10/11/2011 was unexpected.

10/11/2011 11:46:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:52 AM on 10/11/2011 was unexpected.

.

==== End Of File ===========================

Thankyou again for helping!

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.