Freezing or extremely slow at start up - possible infection or ?

bluelit · May 28, 2013

Hi,

I opened a help request in the PC section and AdvancedSetup recommended posting here (see post http://forums.malwarebytes.org/index.php?showtopic=126900).

Initially my computer was freezing or hanging after start up. I couldn't click on any programs or bring up the task manager. It started out happening infrequently when I would first start the computer. It would boot up normally but when I tried to start a program it would freeze and the only thing I could do was power off and restart. Now it will boot in normal mode but it takes a very long time before I can click on anything. When I boot in safe mode, everything appears to be okay. Recently, I can't print certain messages from Outlook it will freeze. I can't upgrade to the newest version of Dell DataSafe Local Back up since KIS continues to block it. I ran both Malwarebytes and KIS but nothing was found. I'm not tech savvy but could KIS be the problem? I installed it when I first got the computer but didn't know how to set any of the parameters.

I have the following:

Windows 7 Professional

OS - 64-bit

Processor - Intel Core i7-2600CPU @ 3.40GHz

Installed memory - 8GB

Programs installed:

Malwarebytes Pro

KIS 2012

Spywareblaster

Any help would be greatly appreciated. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by Joan at 17:04:03 on 2013-05-27

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.6348 [GMT -10:00]

.

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\ProgramData\Clickfree\cfagent.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [ClickfreeMonitor] c:\programdata\Clickfree\cfagent.exe

uRun: [Google Update] "C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: NameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{BC9B2C09-33F7-4C59-84D0-F2DADAB64F16} : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: klogon - C:\Windows\System32\klogon.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5uuc71d5.default-1344114154362\

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Joan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-29 55856]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

R2 FibUacService;FibUacService;C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [2012-12-20 37192]

R2 FullImagingService;FullImagingService;C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe [2012-12-20 201544]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-29 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-29 1692480]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-29 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-29 406056]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-8-31 17976]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-29 158976]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-31 25928]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-20 168448]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-20 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-4 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-05-24 21:45:42 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43D1A9EC-4FB8-4CA6-9E7B-BB6C78F7BA17}\mpengine.dll

2013-05-22 21:45:52 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-22 20:34:06 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2013-05-22 20:32:32 -------- d-----w- C:\Program Files\My Dell

2013-05-22 20:20:04 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-22 20:20:04 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-22 20:20:04 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-22 20:20:03 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-22 20:20:03 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-22 20:20:03 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-22 20:19:53 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-22 20:19:47 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-22 20:19:47 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-22 20:19:47 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-11 10:37:28 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-05-09 05:51:15 -------- d-----w- C:\Users\Joan\AppData\Local\Dell Edoc Viewer

.

==================== Find3M ====================

.

2013-05-22 21:41:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-22 21:41:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 12:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-05 00:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-17 08:48:17 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-17 08:48:17 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 17:04:26.30 ===============

attach.txt

Maurice Naggar · May 28, 2013

Hello bluelit.

I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.

Going forward, please just only Copy & Paste all log contents directly into main-body of reply box.

Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

Please do the following.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

bluelit · May 28, 2013

Hi, I'm getting the following message when I entered in the command window: j:\frst64.exe

FRST64.exe

There is no disk n the drive. Please insert a disk into drive\Device\Harddisk3\DR3

I'm not sure what I did wrong. I have a 64bit-OS so I downloaded Farbar Recovery Scan Tool x64.

Maurice Naggar · May 28, 2013

Did you save FRST64.exe to a clean/new USB flash drive?

Did you plug in that flash-drive -after- you got to the Command prompt?

Normally the flash drive would be drive e

Is that what you tried? e:\frst64.exe

if drive E is not the flash-USB drive, try f:\frst64.exe

C drive is the HDD

D drive is typically the optical drive (CD/DVD)

so one starts with drive E or up for the USB-flash drive

bluelit · May 28, 2013

Yes, I saved the FRST64 to a clean/new USB flash drive. After I selected Command Prompt, I plug in the flash drive. I tried e:\frst64.exe and f, j but I'm still getting the error message.

Maurice Naggar · May 28, 2013

Given that you are really truly at the Command prompt......give this a try

in the command window, type in

explorer.exe

and press Enter

Hopefully you will see Windows Explorer. and if so, drill down thru My Computer

You should be able to see the drive letter for the USB-drive

IF so, use that drive letter as the prefix

as in x:\frst64.exe

bluelit · May 28, 2013

Wish I knew how to take a snapshot of the command prompt but I don't know how. So I'll describe what I saw.

Administrator: X:\windows\system32\cmd.exe

Black screen: Microsoft Windows [Version 6.1.7601]

x:\windows\system32>explorer.exe

'explorer.exe' is not recognized as an internal or external command, operable program or batch file.

Maurice Naggar · May 28, 2013

It's weird that X is showing as your drive letter for Windows. Where do you have Windows installed??

Normally (in most cases) it should be on drive C

Try this in the Command prompt. Type in

x:\windows\explorer.exe

and press Enter

Hoping now that Windows Explorer will show.

Whether it does or not, also type in the command prompt

path

and press Enter

Write down and report back the result of the PATH command displayed.

bluelit · May 28, 2013

I checked and Windows is installed on drive C. I got the same message as above when I typed in x:\windows\explorer.exe. When I typed in the command prompt path into X:\windows\system32\path, I got this message:

PATH=X:\windows\system32;X:\windows;X:\windows\system32\Wbem

Maurice Naggar · May 29, 2013

I'd like for you to restart the system into normal Windows.

Insert the USB-flash with FRST64

Then start Windows Explorer .....press Windows-key+R key for the RUN option

type in

explorer.exe

when Windows Explorer is loaded, view and tell me what drive letter is the Windows folder on

& what is the drive letter for the USB drive

Did you recently re-install or repair Windows?

any idea why the Path is so messed-up, showing drive X .... when it should show C

by-the-way, is that the complete & entire Path (the one you reported above) ??

bluelit · May 29, 2013

Restarted into normal Windows. Inserted USB-flash with FRST64. Then started Windows Explorer, typed in explorer.exe.

Windows folder: Drive C

USB drive: Drive E

I DID NOT re-install or repair Windows. Also, PATH=X:\windows\system32;X:\windows;X:\windows\System32\Wbem is the complete path.

Can you please look at this link and see if it makes sense to you:

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/windows-7-32-bit-command-prompt/748e2c81-fe54-4e79-900f-cf19493a7d62?msgId=da6dec7c-92c0-41c1-b278-20012fea0d8c

Maurice Naggar · May 29, 2013

The link to MS Answers is not one of yours. But did you recently seek help on Answers?

For this next, you need to be in normal Windows.

Do & run this batch run:

We Need to Run a Batch Script

Press the Windows-key on keyboard.
In the box, type notepad and press Enter.
Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
```
C:
pushd\windows\system32
path C:\windows\system32;C:\windows;C:\windows\System32\Wbem;
exit
```
Select File -> Save AS.
Press the Desktop button on the left side of the save dialog.
In the box, type in Fix.bat.
Press .
Close Notepad.
Right click on your desktop, and choose .
Press Yes if prompted by User Account Control.

NOTE: that fix.bat will run very quickly in the Command prompt and then it will Close itself.

Now, we need to retry the run of FRST64

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited May 29, 2013 by Maurice Naggar

bluelit · May 29, 2013

Sorry, I was just curious so I googled the path and that was the link I gave you. I couldn't boot into normal windows so I'm in safe mode with networking.

Here's the log!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013

Ran by SYSTEM on 28-05-2013 15:55:06

Running from J:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()

Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [206448 2012-10-30] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576

2013-04-04] (Adobe Systems Incorporated)

HKU\Joan\...\Run: [ClickfreeMonitor] c:\programdata\Clickfree\cfagent.exe [354632 2013-01-31] (Storage Appliance Corp.)

HKU\Joan\...\Run: [Google Update] "C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-09-06] (Google Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-30] (Kaspersky Lab ZAO)

S2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [37192 2013-01-31] (Storage Appliance Corp.)

S2 FullImagingService; C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [201544 2013-01-31] ()

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04]

(Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)

==================== Drivers (Whitelisted) ====================

S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)

S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-30] (Kaspersky Lab)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-03] (Kaspersky Lab)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-28 20:43 - 2013-05-28 20:43 - 00000095 ____A C:\Users\Joan\Desktop\Fix.bat

2013-05-28 11:34 - 2013-05-28 18:53 - 00001466 ____A C:\Windows\setupact.log

2013-05-28 11:34 - 2013-05-28 11:34 - 00000000 ____A C:\Windows\setuperr.log

2013-05-28 09:24 - 2013-05-28 09:24 - 00000000 ____D C:\FRST

2013-05-27 22:04 - 2013-05-27 22:04 - 00020871 ____A C:\Users\Joan\Desktop\attach.txt

2013-05-27 22:04 - 2013-05-27 22:04 - 00020311 ____A C:\Users\Joan\Desktop\dds.txt

2013-05-27 21:56 - 2013-05-27 21:56 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.com

2013-05-27 14:10 - 2013-05-27 14:10 - 00791393 ____A (Lars Hederer ) C:\Users\Joan\Downloads\erunt-setup.exe

2013-05-27 13:08 - 2013-05-28 20:48 - 00076594 ____A C:\Windows\WindowsUpdate.log

2013-05-26 20:22 - 2013-05-26 20:22 - 00019075 ____A C:\Users\Joan\Downloads\Resultminitoolbox.txt

2013-05-26 20:21 - 2013-05-26 20:21 - 00019075 ____A C:\Users\Joan\Downloads\Result.txt

2013-05-26 20:19 - 2013-05-26 20:19 - 00760723 ____A (Farbar) C:\Users\Joan\Downloads\MiniToolBox.exe

2013-05-25 13:40 - 2013-05-25 13:40 - 00000000 ____D C:\Users\Joan\My Documents\TurboTax

2013-05-25 13:40 - 2013-05-25 13:40 - 00000000 ____D C:\Users\Joan\Documents\TurboTax

2013-05-22 16:46 - 2013-05-28 19:51 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-22 16:46 - 2013-05-28 18:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-22 16:46 - 2013-05-24 16:51 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-05-22 16:46 - 2013-05-24 16:51 - 00002185 ____A C:\ProgramData\Desktop\Google Chrome.lnk

2013-05-22 16:46 - 2013-05-22 16:46 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-22 15:32 - 2013-05-22 15:34 - 00000000 ____D C:\Program Files\My Dell

2013-05-22 15:27 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-22 15:27 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-22 15:27 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-22 15:27 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-22 15:27 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-22 15:27 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-22 15:27 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-22 15:27 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-22 15:27 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-22 15:27 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-22 15:27 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-22 15:27 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-22 15:20 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-22 15:20 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-22 15:20 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-22 15:20 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-22 15:20 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-22 15:20 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-22 15:19 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-22 15:19 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-22 15:19 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-22 15:19 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-22 15:19 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-22 15:19 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-22 15:19 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-22 15:19 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\Local Settings\Dell Edoc Viewer

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\Local Settings\Application Data\Dell Edoc Viewer

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\AppData\Local\Dell Edoc Viewer

2013-05-06 12:56 - 2013-05-06 12:58 - 145649814 ____A C:\Users\Joan\Downloads\1080??? Aaron Yan - ????? The Moment MV(???_????????_??).mp4

2013-05-02 01:35 - 2013-05-02 01:35 - 02347384 ____A (ESET) C:\Users\Joan\Downloads\esetsmartinstaller_enu.exe

2013-04-29 17:26 - 2013-04-29 17:26 - 00085629 ____A C:\Users\Joan\Desktop\Ep16mail-attachment.googleusercontent.com

One Month Modified Files and Folders =======

2013-05-28 20:48 - 2013-05-27 13:08 - 00076594 ____A C:\Windows\WindowsUpdate.log

2013-05-28 20:43 - 2013-05-28 20:43 - 00000095 ____A C:\Users\Joan\Desktop\Fix.bat

2013-05-28 20:41 - 2011-12-29 17:28 - 00271360 ____A C:\Users\Joan\My Documents\Outlook archive folders backup.pst

2013-05-28 20:41 - 2011-12-29 17:28 - 00271360 ____A C:\Users\Joan\Documents\Outlook archive folders backup.pst

2013-05-28 20:41 - 2011-09-07 14:46 - 00000000 ____D C:\Users\Joan\My Documents\Outlook Files

2013-05-28 20:41 - 2011-09-07 14:46 - 00000000 ____D C:\Users\Joan\Documents\Outlook Files

2013-05-28 20:19 - 2012-09-06 15:54 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2212834863-2338292145-3760869027-1000UA.job

2013-05-28 20:19 - 2012-09-06 15:54 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2212834863-2338292145-3760869027-1000Core.job

2013-05-28 20:06 - 2011-09-02 15:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-05-28 20:06 - 2011-09-02 15:59 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab

2013-05-28 19:55 - 2012-09-27 18:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-28 19:51 - 2013-05-22 16:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-28 19:50 - 2009-07-14 00:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-28 19:00 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-28 19:00 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-

9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-28 18:53 - 2013-05-28 11:34 - 00001466 ____A C:\Windows\setupact.log

2013-05-28 18:53 - 2013-05-22 16:46 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-28 18:53 - 2011-09-02 14:02 - 00000000 ____D C:\Users\Joan\Local Settings\SoftThinks

2013-05-28 18:53 - 2011-09-02 14:02 - 00000000 ____D C:\Users\Joan\Local Settings\Application Data\SoftThinks

2013-05-28 18:53 - 2011-09-02 14:02 - 00000000 ____D C:\Users\Joan\AppData\Local\SoftThinks

2013-05-28 18:53 - 2011-08-29 21:46 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-05-28 18:53 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-28 11:34 - 2013-05-28 11:34 - 00000000 ____A C:\Windows\setuperr.log

2013-05-28 09:24 - 2013-05-28 09:24 - 00000000 ____D C:\FRST

2013-05-27 22:04 - 2013-05-27 22:04 - 00020871 ____A C:\Users\Joan\Desktop\attach.txt

2013-05-27 22:04 - 2013-05-27 22:04 - 00020311 ____A C:\Users\Joan\Desktop\dds.txt

2013-05-27 21:56 - 2013-05-27 21:56 - 00688992 ____R (Swearware) C:\Users\Joan\Desktop\dds.com

2013-05-27 16:34 - 2011-11-30 12:38 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2013-05-27 14:10 - 2013-05-27 14:10 - 00791393 ____A (Lars Hederer ) C:\Users\Joan\Downloads\erunt-setup.exe

2013-05-26 20:22 - 2013-05-26 20:22 - 00019075 ____A C:\Users\Joan\Downloads\Resultminitoolbox.txt

2013-05-26 20:21 - 2013-05-26 20:21 - 00019075 ____A C:\Users\Joan\Downloads\Result.txt

2013-05-26 20:19 - 2013-05-26 20:19 - 00760723 ____A (Farbar) C:\Users\Joan\Downloads\MiniToolBox.exe

2013-05-25 13:40 - 2013-05-25 13:40 - 00000000 ____D C:\Users\Joan\My Documents\TurboTax

2013-05-25 13:40 - 2013-05-25 13:40 - 00000000 ____D C:\Users\Joan\Documents\TurboTax

2013-05-24 16:51 - 2013-05-22 16:46 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-05-24 16:51 - 2013-05-22 16:46 - 00002185 ____A C:\ProgramData\Desktop\Google Chrome.lnk

2013-05-23 13:34 - 2012-08-05 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-23 01:55 - 2011-02-10 09:25 - 00000000 ____D C:\Windows\panther

2013-05-22 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-05-22 16:46 - 2013-05-22 16:46 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-22 16:45 - 2013-04-12 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-22 16:45 - 2012-12-04 02:16 - 00001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-05-22 16:45 - 2012-12-04 02:16 - 00001153 ____A C:\ProgramData\Desktop\Mozilla Firefox.lnk

2013-05-22 16:41 - 2012-09-27 18:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-22 16:41 - 2012-09-27 18:29 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-22 15:49 - 2011-09-02 14:05 - 00000000 ___RD C:\Users\Joan\Virtual Machines

2013-05-22 15:48 - 2009-07-13 23:45 - 00470888 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-22 15:38 - 2011-09-06 23:49 - 00000000 ____D C:\Program Files\Microsoft Lync

2013-05-22 15:38 - 2011-09-06 23:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync

2013-05-22 15:36 - 2011-09-06 23:54 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-22 15:36 - 2011-09-06 23:54 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help

2013-05-22 15:34 - 2013-05-22 15:32 - 00000000 ____D C:\Program Files\My Dell

2013-05-22 15:34 - 2011-09-04 21:04 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-22 15:34 - 2011-08-29 21:57 - 00000000 ____D C:\Program Files\Dell Support Center

2013-05-22 15:32 - 2011-09-05 19:00 - 00000000 ____D C:\ProgramData\PCDr

2013-05-22 15:32 - 2011-09-05 19:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\Local Settings\Dell Edoc Viewer

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\Local Settings\Application Data\Dell Edoc Viewer

2013-05-09 00:51 - 2013-05-09 00:51 - 00000000 ____D C:\Users\Joan\AppData\Local\Dell Edoc Viewer

2013-05-06 12:58 - 2013-05-06 12:56 - 145649814 ____A C:\Users\Joan\Downloads\1080??? Aaron Yan - ????? The Moment MV(???_????????_??).mp4

2013-05-04 03:01 - 2011-09-04 22:22 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-04 03:01 - 2011-09-04 22:22 - 00000784 ____A C:\ProgramData\Desktop\CCleaner.lnk

2013-05-04 03:01 - 2011-09-04 22:22 - 00000000 ____D C:\Program Files\CCleaner

2013-05-02 12:01 - 2012-06-17 21:43 - 00000000 ____D C:\Program Files (x86)\Boilsoft

2013-05-02 07:06 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-02 03:01 - 2012-05-10 02:24 - 00000000 ____D C:\Windows\pss

2013-05-02 01:35 - 2013-05-02 01:35 - 02347384 ____A (ESET) C:\Users\Joan\Downloads\esetsmartinstaller_enu.exe

2013-04-29 17:26 - 2013-04-29 17:26 - 00085629 ____A C:\Users\Joan\Desktop\Ep16mail-attachment.googleusercontent.com

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-10 14:18:01

Restore point made on: 2013-05-22 15:18:29

Restore point made on: 2013-05-22 15:25:45

Restore point made on: 2013-05-28 11:44:01

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8174.45 MB

Available physical RAM: 7356.7 MB

Total Pagefile: 8172.64 MB

Available Pagefile: 7353.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1380.98 GB) (Free:1319.05 GB) NTFS (Disk=0 Partition=3)

Drive e: (RECOVERY) (Fixed) (Total:16.25 GB) (Free:7.51 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive j: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT32 (Disk=5 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 1397 GB) (Disk ID: 32E6C325)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=-716210962432) - (Type=07 NTFS)

bluelit · May 29, 2013

I was finally able to boot in normal Windows. I wasn't sure if I copied/pasted the entire log in safe mode so I'm copying/pasting it again.