Can't Boot, Mixed Signals, Help Please?

[ginakra]

Hello

Firstly, thanks for your support here.

I have been using Malwarebytes free for some time. I didn't even know there was a pro version until I was frantically trying to fix my PC, but I'm ahead of myself. I am currently experiencing an inability to boot, either in safe mode or normal. Due to what happened to my PC, I could have a software issue, a hardware issue, or Malware/virus. I'm starting with antiviral, but I'm getting mixed signals from my PC. Is there a way to run MB if I can't boot? I can get to a command line.

I am here for help because my dodgy slow computer started acting fine when I updated MB and it offered to let me try Pro. I enabled that, and (by coincidence or not) my computer ran like nothing happened to it. So, I'm suspicious I might have an infection.

Okay, some backstory:

I have a win7 64bit laptop. That morning, the pc was fine. The day before, I had to turn off my Avast free and User Account Controls to install a trusted software. I forgot to turn back on UAC, and possibly the Avast too, leaving my computer wide the hell open. (Stupid) The next day, I did a lot to my pc before the problems started. I downloaded a couple of "video downloaders" (yes, I know), installed a couple of retail programs (Hallmark Card Studio 2012 for example), and then before rebooting, my electric went out while I was in the shower. I didn't get to my pc until the power saving mode had put it into sleep mode. When I brought it out, it was a mess. When I tried to do anything it took forever, Explorer kept shutting down, and I couldn't run Task Manager or Control Panel, etc. I had to basically turn it off. I had to reboot/turn off a couple of times.

So I have have three possiblilites: a software issue, a virus/malware issue, or a hardware issue due to the electric outage.

I am here because of something that happened when I was trying to figure out the problem and starting with possible virus. I got my computer to boot even though it took 20 minutes, but it ran really really slow and dodgy until I updated Malwarebytes free in order to do a scan, and when it offered to let me try the Pro and I enabled it, suddenly my system ran fine. I backed up some data, ran SuperAntispyware, which found only tracking cookies, and decided I would boot into safe mode to run Malwarebytes due to that being recommended. Well, that was a mistake, because now I cannot even boot into safe mode, normal mode, etc. I just have a boot loop.

So how can I run Malwarebytes if I cannot boot?

This is what I have done:

1. Run Avira Rescue CD - False positives, but cleaned

2. Run AVG Rescue CD - False positives mostly, but cleaned

After they found nothing, I started trying to use the stuff I could get to, my HP recovery/diagnostics, and the Windows Recovery stuff.

3. HP Diagnostics passed on my Memory and Smart Check, but my Short DST failed, which is some kind of hard drive test. Start Up test failed. (Gee, ya think?!, lol)

4. Chkdsk was in read only mode in HP diagnostics and could not finish, it said there were errors, but I want to recheck my data copy and make sure it's good before I exercise the disk anymore, it was running pretty hot.

3 and 4 lead me to believe that the hard disk either has errors or is failing, but I don't know at this point I am so confused

5. Tried starting with Last Known Good. Failed.

6. Tried Start Up Repair. Failed.

I have some errors and stuff, but not sure how much you want/need.

I'm starting to wonder if I have a virus/malware at all, but it was weird that live protection from Malwarebytes Pro turned it around instantly.

I do have Paragon backup, and am this close to just doing a restore, but I am afraid to check my data backups in my external drives in my husband's computer, in fear of giving him whatever I had on my pc, as the external drive was attached at the time. Can you help me figure out if this is a virus/malware and help me remove it?

Hhheeeelllpppppp!

Thanks

[screen317]

Hi and welcome to Malwarebytes.

Looks like hard drive failure to me.

In the command line, run this:

chkdsk

Type out the last few lines of the report and post it here.

[ginakra]

Thank you for responding

I ran chkdsk on the computer. I have not been in the command prompt for a looong time. Want to make sure I did it correctly. I entered the command prompt by choosing Repair Your Computer after using the F8 key to get to the disk menu. I was presented with X:\windows\system32>

I entered C: at prompt, hit return.

Then I had C:\>

I entered chkdsk

The last two lines don't look relevent to me. They are 43650 allocations available on disk. Failed to transfer logged messages to the event log with status 50.

So I will type everything I got.

The type of file system is NTFS.

The volume is in use by another process. Chkdsk might report errors when no corruption is present.

Volume label is SYSTEM

WARNING! F parameter not specified

Running CHKDSK in read only mode.

CHKDSK verifying files......(edited)

File verificartion complete.

0 large file records processed

0 bad file records processed

0 EA records processed

0 reparse records processed

CHKDSK is verifiying indexes.....

330 index entries processed

Index Verification completed.

0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors

256 file SDs/SIDs processed

Security descriptor verification completed.

38 data files processedCHKDSK verifying Usn Journal

97624 USN bytes processed

Usn Journal verification completed.

Windows has checked the file system and found no problems

203775 KB total disk space

26096 KB in 43 files

28 KB in 39 indexed

0 KB in bad sectors

3051 KB in use by the system

2048 KB occupied by the log file

17400KB available on disk

4096 bytes in each allocation unit

50943 total alllocation units on disk

Failed to transfer logged messages to the event log with status 50.

If I try to run chkdsk /f /r C: I get a message that chkdsk cannot run because the volume is in use by another process. I have to unmount the disk before it can run, and that all opened handles to this volume would then be invalid. Would I like to force a dismount on this volume yes or no.

[ginakra]

My laptop just booted after a prayer to Jesus and an exorcism. Really, this Christian gal ain't kidding. I haven't seen my desktop since, like Wednesday last week I think. I am running Malwarebytes scan on it now. It took a looooooong time to boot. A good 15 minutes. Any suggestions on what else to do before I try restarting it again? If this is a hard drive failure, how can I tell?

My plans are to uninstall the crap I installed right before it went south, do a complete virus scan with Avast, a complete malware scan with Malwarebytes, and maybe another data backup, as well as a rootkit finder, and a scandisk. Reboot. Pray again.

Anything else I should do? Will let you know on the results of malware scan.

[screen317]

Hi,

The chkdsk report looks normal. Hmm.

Do uninstall those programs.

After posting the MBAM log, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[ginakra]

Hi, I had already rebooted my machine before your reply, and it took all the rest of the day, evening, and next morning for my computer to boot with the boot scans I had scheduled.

I am now typing on the machine that had problems, and not my husband's. Which is a good start I think. It booted up seemingly fine after the scandisk. I need to reboot after I type this, both into safe and normal modes, and see if it seems normal. In the meantime, I wanted to let you know what's up. Thanks for sticking with me on this. After all the repairwork yesterday, this is first boot. So far the computer seems to be running okay. It could be temporary, and I need to reboot again to see if my boot time is back to normal instead of a loop, and that I can get into safe mode (before I couldn't).

======================================

What I did yesterday, that I recall (TIRED!!!)

======================================

Ok, I did a lot yesterday.

I did uninstall all the software from the "known good" date to the "went south" date. Except for SQL/system type updates and such.

I took a lot of stuff out of my start up that I knew didn't need to run, but I have a lot more work to do.

I went looking around in my Event viewer and I had LOTS of errors for the Disk, starting after the electric went out, that said:

The driver detected a controller error on \Device\Harddisk0\DR0.

I have not received any today after the reboot (after the scandisk at boot, and Avast at boot). I tried to look up the error, but still not sure what it is.

I also ran Kapersky TDSSKiller (nothing found).

I did notice everytime I turned on my wifi the computer would slow down badly, but figured out it was Sugar Sync trying to upload 6GB of crap I moved over to a syncing folder. Turned off Sugar Sync and it immproved drastically.

I did a Quick scan in Malwarewarebytes in normal mode first. Then a full scan in normal mode. I was afraid I would not be able to boot again if I tried safemode. Here are the two logs, Quickscan found nothing. I did notice it paused for a long time on bootstat.dat, which ended up having bad clusters when I did my scandisk scheduled on boot.

==================================

Scan Results

===================================

Here is Malwarebytes FullScan Log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.16

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421


Protection: Enabled

7/31/2012 3:33:36 AM
mbam-log-2012-07-31 (10-06-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1194021
Time elapsed: 6 hour(s), 32 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\MyName\Desktop\Floor_Comp\Games\SeaWar2\CD_Gif.dll (AdWare.Cydoor) -> No action taken.
C:\Users\MyName\Desktop\Floor_Comp\Graphics Software\SWiSH v2.0\Downloaded SWI\part2\fr08_final\64k.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Users\MyName\Desktop\Floor_Comp\Graphics Software\SWiSH v2.0\Downloaded SWI\part2\part2\fr08_final\64k.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Users\MyName\Desktop\Floor_Comp\Program Files\WEBSVR\SYSTEM\KEYGEN.EXE (Riskware.Tool.CK) -> No action taken.
C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\SYSTEM\CD_Gif.dll (AdWare.Cydoor) -> No action taken.

(end)

I put the files above in quarentine. These files are actually from a copied backup of another hard drive I have in an enclosure, It was from an old computer. I took the hard drive out of the tower and put in a usb enclosure, then copied the entire drive contents my my current computer.

Okay, here's DDs.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_33
Run by MyName at 12:58:58 on 2012-08-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8095.5190 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\AESTSr64.exe
C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Pantone\huey\hueyTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Power2GoExpress]
uRun: [SysResources Manager] "C:\Program Files (x86)\SysResources Manager\SysResManager.exe"
uRun: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun: [Persistence] C:\Windows\system32\igfxpers.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyTray.lnk - C:\Program Files (x86)\Pantone\huey\hueyTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE:
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B075D54C-D331-4524-9A26-3FE5F571D419} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:	 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:	 HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:	 AcroIEHelperStub - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64:	 DigitalPersona Personal Extension - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64:	 dTPodcastBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
BHO-X64:	 Zynga - No File
BHO-X64: NXIECatcher Class: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO-X64:	 NetXfer - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:	 SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:	 HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: NetXfer: {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [(Default)]
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\MyName\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\MyName\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\ddd1fr9o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Npplg80n.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\system32\DRIVERS\vsflt67.sys --> C:\Windows\system32\DRIVERS\vsflt67.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-25 37280]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_10227f8c486f7892\AESTSr64.exe [2009-3-3 89600]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-6-4 3459024]
R2 AHDDC2;Ashampoo HDD Control 2 Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2012-7-31 1517976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-8 44808]
R2 BotkindSyncService;Botkind Service;C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe service --> C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe service [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-10-15 22072]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-5-23 8704]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-20 655944]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-4-27 5914912]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-10-26 5790064]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-4-6 7515000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-31 2666880]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-10-26 487280]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-4-6 552312]
R2 UniversalCommunicationServer;Universal Communication Server;C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [2012-1-16 90112]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2012-6-16 1473920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1656112]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-12 227896]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 busbcrw;USB Card Reader Writer driver;C:\Windows\system32\Drivers\bucrw64.sys --> C:\Windows\system32\Drivers\bucrw64.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [2012-7-31 544768]
S3 fdrawcmd;Low-level Floppy Driver;\??\C:\Windows\system32\drivers\fdrawcmd.sys --> C:\Windows\system32\drivers\fdrawcmd.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-6 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\7273.tmp --> C:\Windows\system32\7273.tmp [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Moo0\SystemMonitor 1.64\WinRing0x64.sys [2011-11-28 14544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 16:50:36 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33291609-9A23-4223-8308-BCCCE324DCCD}\mpengine.dll
2012-07-31 20:49:48 34304 ----a-w- C:\Windows\System32\DfSdkBt.exe
2012-07-31 20:46:13 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
2012-07-31 20:34:09 -------- d-----w- C:\Program Files (x86)\DiskCheckup
2012-07-31 18:37:09 -------- d-----w- C:\ProgramData\Sophos
2012-07-31 18:33:19 73728 ----a-r- C:\Users\MyName\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-31 18:33:19 73728 ----a-r- C:\Users\MyName\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-31 18:33:18 73728 ----a-r- C:\Users\MyName\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-31 01:40:37 -------- d-----w- C:\Users\MyName\AppData\Roaming\Alfa.NetSoft
2012-07-31 01:40:36 -------- d-----w- C:\Program Files (x86)\Alfa.NetSoft
2012-07-27 00:48:26 -------- d-----w- C:\ProgramData\restore
2012-07-25 11:51:59 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-24 17:37:43 -------- d-----w- C:\Users\MyName\AppData\Local\Nova Development
2012-07-24 15:35:50 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-07-24 13:10:12 -------- d-----w- C:\Program Files (x86)\WMR14
2012-07-24 12:56:34 -------- d-----w- C:\Users\MyName\AppData\Roaming\KastorAllVideoDownloader
2012-07-24 12:53:25 484352 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2012-07-24 12:53:03 -------- d-----w- C:\Users\MyName\AppData\Roaming\KastorFreeVideoCatcher
2012-07-19 19:47:40 -------- d-----w- C:\Users\MyName\AppData\Roaming\EMBIRD_STUDIO_(64-bit)
2012-07-19 19:34:55 51866 ----a-w- C:\Windows\FdUninstall.exe
2012-07-19 19:31:05 -------- d-----w- C:\Program Files\EMBIRD64
2012-07-19 19:29:28 -------- d-----w- C:\Users\MyName\AppData\Roaming\EMBIRD64
2012-07-12 19:33:17 57344 ----a-r- C:\Users\MyName\AppData\Roaming\Microsoft\Installer\{57F95617-28F4-566C-885B-9530CAE60E71}\NewShortcut1_F3FECDDB618046699EBFBFAD3F0D5BC9.exe
2012-07-12 19:32:35 -------- d-----w- C:\ImageStorage
2012-07-11 07:15:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 23:02:21 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 23:02:20 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-10 23:02:20 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-10 23:02:18 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-10 23:02:18 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-10 23:02:18 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-10 23:02:00 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-10 22:31:58 -------- d-----w- C:\Program Files (x86)\Artensoft Photo Collage Maker
2012-07-10 19:39:01 -------- d-----w- C:\Program Files\Artensoft Photo Mosaic Wizard
2012-07-06 17:08:55 -------- d-----w- C:\Program Files (x86)\FileStream
2012-07-05 02:43:09 -------- d-----w- C:\Users\MyName\SANDSCOMPUTING
.
==================== Find3M  ====================
.
2012-07-31 20:05:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 20:05:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 20:59:44 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 20:59:43 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-07-12 20:59:43 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-08 12:50:26 90960 ----a-w- C:\Windows\System32\drivers\uimx64.sys
2012-06-08 12:50:26 633296 ----a-w- C:\Windows\System32\drivers\Uim_IMx64.sys
2012-06-08 12:50:26 472144 ----a-w- C:\Windows\System32\drivers\UimFIO.sys
2012-06-08 12:50:24 389968 ----a-w- C:\Windows\System32\drivers\uim_vimx64.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-04 16:00:14 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-06-04 16:00:05 1294432 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2012-06-04 16:00:01 994912 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-06-04 15:59:54 211552 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-06-04 15:59:52 146528 ----a-w- C:\Windows\System32\drivers\vsflt67.sys
2012-06-04 15:59:49 320096 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-06-04 15:59:48 137312 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-22 01:46:29 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-09 16:21:41 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-09 16:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 13:01:06.26 ===============

This was AFTER I did all the scans and removals, etc.

ScanDisk Log

I did a scan disk with repair bad sectors on boot, as well as a full updated Avast scan at boot. I did get errors with the scandisk.

Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.						

CHKDSK is verifying files (stage 1 of 5)...
  1452288 file records processed.										  File verification completed.
  3376 large file records processed.									  0 bad file records processed.										0 EA records processed.											  76 reparse records processed.									   CHKDSK is verifying indexes (stage 2 of 5)...
The object id index entry in file 0x19 points to file 0x3d1e1
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x243ac
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x3d1ec
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x29244
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x28402
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x27a18
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x189bc
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x2a777
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x2c81a
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x3466c
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
  1643878 index entries processed.										 Index verification completed.
  0 unindexed files scanned.										   0 unindexed files recovered.									   CHKDSK is verifying security descriptors (stage 3 of 5)...
  1452288 file SDs/SIDs processed.										 CHKDSK is compacting the security descriptor stream
Cleaning up 4449 unused security descriptors.
  95796 data files processed.											CHKDSK is verifying Usn Journal...
  35875312 USN bytes processed.											 Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x6819000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x6819000 for 0x1000 bytes.
Windows replaced bad clusters in file 28495
of name \Windows\bootstat.dat.
Read failure with status 0xc0000185 at offset 0x36fcd000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x36fcf000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd0000 for 0xd000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd0000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd1000 for 0xc000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd1000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd2000 for 0xb000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd2000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd3000 for 0xa000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd3000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd4000 for 0x9000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd4000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd5000 for 0x8000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd5000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd6000 for 0x7000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd6000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd7000 for 0x6000 bytes.
Read failure with status 0xc0000185 at offset 0x36fd7000 for 0x1000 bytes.
Windows replaced bad clusters in file 849542
of name \Windows\ServiceProfiles\LOCALS~1\AppData\Roaming\PEERNE~1\F7F840~1.HOM\246E31~1\grouping\edb.log.
  1452272 files processed.												 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  36272182 free clusters processed.										 Free space verification is complete.
Adding 10 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
470078463 KB total disk space.
322998660 KB in 948498 files.
	421188 KB in 95799 indexes.
		40 KB in bad sectors.
   1569843 KB in use by the system.
	 65536 KB occupied by the log file.
145088732 KB available on disk.

	  4096 bytes in each allocation unit.
117519615 total allocation units on disk.
  36272183 allocation units available on disk.
Internal Info:
00 29 16 00 52 ef 0f 00 98 e0 1a 00 00 00 00 00  .)..R...........
63 79 00 00 4c 00 00 00 00 00 00 00 00 00 00 00  cy..L...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Avast boot scan Log:

08/31/2011 09:09
Scan of all local drives

File C:\HP\Bin\EndProcess.exe is infected by Win32:KillApp-W [PUP]

Scanning aborted
Number of searched folders: 22548
Number of tested files: 698693
Number of infected files: 1

[b]+++++++I ignored this, I think it is a process used by HP on their computers for shut down. I googled it and many people had problems after chesting it or repairing it and had to download another. However, the answer still seems unclear. I chose to leave it alone for now.+++++++++[/b] What are your thoughts?

----------------------------------------
11/14/2011 13:00
Scan of all local drives

File C:\HP\Bin\EndProcess.exe is infected by Win32:KillApp-W [PUP]
File C:\Users\MyName\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00ad96|>Designs\SimB.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\AppData\Local\Microsoft\Windows Live Mail\Gmail (MyNamekra)\MyName@atypic 7a7\44EF00ED-0000A1C9.eml|>65001wachovia summons.html#1936426293 is infected by JS:Redirector-DU [Trj], Moved to chest
File C:\Users\MyName\AppData\Local\Microsoft\Windows Live Mail\Gmail (MyNamekra)\[Gmail]\All Mail\3A271AD9-00058E8A.eml|>65001wachovia summons.html#1936426293 is infected by JS:Redirector-DU [Trj], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\Glocker.class is infected by Java:Agent-ZY [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\zalux$1.class is infected by Java:Agent-ZX [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\zalux$zordo.class is infected by Java:Agent-TB [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\zalux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\Zo666.class is infected by Java:Agent-ZZ [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\Zom.class is infected by Java:Agent-ZW [Expl], Moved to chest
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\473a5bc4-5138820d|>glass\mumux.class is infected by Java:Agent-WY [Expl], Moved to chest
File C:\Users\MyName\Documents\Gmail Backup\2010_09_20100917-202158-supertankerf55@rofgam_com-Vuong-1.eml|>65001wachovia summons.html#1936426293 is infected by JS:Redirector-DU [Trj], Moved to chest
File C:\Users\MyName\Documents\Web Site Backups\AtypFem\backup-3.11.2010_09-39-46_afblog.tar.gz|>backup-3.11.2010_09-39-46_afblog.tar|>backup-3.11.2010_09-39-46_afblog\homedir.tar|>.\public_html\wordpress\wp-content\plugins\widgets\Bryce5FreeVersionPC.zip|>Bryce5FreeVersionPC\data\billboardold.dat Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Documents\Web Site Backups\AtypFem\backup-3.11.2010_09-39-46_afblog.tar.gz|>backup-3.11.2010_09-39-46_afblog.tar|>backup-3.11.2010_09-39-46_afblog\homedir.tar|>.\mail\atypfem.com\MyName\cur\1221638478.H654914P8662.cpanel63.gzo.com:2,S|>Penguin.Panic.zip#3057990864|>Penguin.Panic.exe is infected by Win32:Trojan-gen
----------------------------------------
07/31/2012 22:01
Scan of all local drives

File C:\HP\Bin\EndProcess.exe.vir is infected by Win32:KillApp-W [PUP]
File C:\Users\MyName\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\50d70395-31a1ba4a|>rotor\Zom2.class is infected by Java:Agent-ATN [Expl], Moved to chest
File C:\Users\MyName\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\downloads\files\exposhownew.zip|>Pets.ppt|>Pictures Error 42144 {OLE archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\downloads\files\exposhownew.zip|>Pets.ppt|>PowerPoint Document Error 42144 {OLE archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\downloads\files\exposhownew.zip|>Pets.ppt Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\online site\public_html\downloads\files\exposhownew.zip|>Pets.ppt|>Pictures Error 42144 {OLE archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\online site\public_html\downloads\files\exposhownew.zip|>Pets.ppt|>PowerPoint Document Error 42144 {OLE archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\Local Sites\PAPocket\online site\public_html\downloads\files\exposhownew.zip|>Pets.ppt Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WIN386.SWP is infected by Win32:Webhancer-C [PUP], Move to chest: Error 0xC000007F {An operation failed because the disk was full.}, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 0xC000007F {An operation failed because the disk was full.}, Move to chest: Error 0xC000007F {An operation failed because the disk was full.}, Deleted
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\OPTIONS\CABS\OLS\AT&T\ATTKIT.EXE|>Wise0003.bin|>Wise0051.bin Error 42145 {Installer archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\SYSTEM\EB5ST000.DAT|>\LPT_t\Ebplpt.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\Temporary Internet Files\Content.IE5\9STUDEOP\Gag[1].zip|>GAGGERS_.TTF Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\Temporary Internet Files\Content.IE5\GTE7CPAR\win_jb35foundation[1].zip|>foundation\install.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\Temporary Internet Files\Content.IE5\JVKVLOIC\jb_art_large[1].dat|>toolbar.gif Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\Temporary Internet Files\Content.IE5\JVKVLOIC\pocoemal[1].zip|>pocosetup.exe Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Desktop\Floor_Comp\WINDOWS\Temporary Internet Files\Content.IE5\QFKLA7AV\EC4000Demo[1].EXE|>Wise0001.bin Error 42145 {Installer archive is corrupted.}
File C:\Users\MyName\Documents\Web Site Backups\Mecca\public_html\guestbook\phpinfo1.php.vir is infected by HTML:Iframe-DF [Trj], Moved to chest
File C:\Users\MyName\Documents\Web Site Backups\Mecca\public_html\public_html\guestbook\phpinfo1.php.vir is infected by HTML:Iframe-DF [Trj], Moved to chest
File C:\Users\MyName\Downloads\Install\ScreenRecorders\Encoder_en.exe|>Setup\EnComn.cab|>Vex.SDK.Samples.TemplatesModifiedSL3Standard.MediaPlayerTemplate.xap|>MediaPlayer.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Downloads\Install\ScreenRecorders\Encoder_en.exe|>Setup\EnComn.cab|>Vex.SDK.Samples.TemplatesModifiedSL3Standard.SmoothStreaming.xap|>SmoothStreaming.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Downloads\Install\ScreenRecorders\Encoder_en.exe|>Setup\EnComn.cab|>Vex.SDK.SamplesVB.TemplatesModifiedSL3Standard.MediaPlayerTemplate.xap|>MediaPlayer.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\MyName\Downloads\Install\ScreenRecorders\Encoder_en.exe|>Setup\EnComn.cab|>Vex.SDK.SamplesVB.TemplatesModifiedSL3Standard.SmoothStreaming.xap|>SmoothStreaming.dll Error 42125 {ZIP archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\2bf7e032374dbf4620037dfec6242dba\BIT5559.tmp|>WdfCoInstaller01009.dll Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\a568738027b9278d7681fca958f664fb\BITD336.tmp|>silverlight.7z Error 42127 {CAB archive is corrupted.}
Number of searched folders: 95803
Number of tested files: 4001036
Number of infected files: 5

Phew! Thanks so much for looking at these. Let me know if you see anything out of the ordinary. As I said, most things are in chests and quarentines. I'm going to chill for a bit and do something else than look at this screen, then reboot and see how it goes. :)

Regards,

Gina

[screen317]

Hi,

The only thing of concern is the scandisk log.. If the computer fails to boot again, it means that something is seriously wrong with the hard drive. It may however be a driver/software error. With all the extraneous drivers I see installed, it may be better to backup your data, format the hard drive, and reinstall Windows. It'll give you a fresh slate, and if boot up problems arise again, then for certain it is the hard drive itself at fault. Let me know if that's something you'd like to pursue. Definitely doesn't sound like malware at this point.

[ginakra]

I rebooted today and the boot up time was normal. (For now) Yay!!

Yeah, I know I have a lot of crap on the computer. I have health issues that make it difficult or impossible to spend much time on the computer. I don't have enough computer time for fun/necessary stuff, so I tend to get behind on maintenance. The last few days, I've been paying the price for being on the pc more than I should.

I am going to keep an eye on the hard drive for sure. I have a couple of diagnostics on the comp now.

I still have to decide what to do with the quarentine/chest stuff. But it can wait until I recouperate. Thanks a ton for your help I might pop back in after a few days if something arises. Will be taking a break until then. Thanks screen317! I really appreciate your time and assistance.

[ginakra]

Oh, and I will consider the reformat. I just didn't want to spend all the time and effort if the hard drive is failing anyway. I have also been looking at new laptops too, I need something bigger than this little tablet pc for normal work. I will be letting my husband use it mostly, which would need a format/reinstall anyway, so that's why I was putting it off. But you're right, it would help troubleshoot.

Thanks!!!!

[screen317]

Thanks for the update.

Let me know what you decide to do, and if there's anything else I can do for you.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!