Jump to content

BSOD Shortly After Boot - Hardware or Malware?


Recommended Posts

My brother in law was getting frequent blue screen of death, and dropped his PC off for me to look investigate. Every time I boot it up, I get a BSOD within a couple minutes of logging in, however booting into Safe Mode seems to be stable (posting from there).

Its a Dell XPS 8300, Win 7 Home Premium, and I saw a couple posts about BSOD and upgrading the BIOS. I was eventually able to do that in safe mode, but it didn't seem to fix anything.

I tried using msconfig to limit what was started, but still ran into issues. The only thing I saw that was running was McAfee, and I remembered him mentioning running another virus scan (AVG?). I thought possibly the two might be conflicting, so I uninstalled McAfee, but it didn't make a difference (note the dds.txt below lists McAfee as the AV, but as far as I can tell it is currently un-installed)

I also tried doing a system restore from a Dell Recovery tool (pre-win 7 starting)... that tool said it failed and rolled back. However, when I reboot into windows, I got a pop-up that said successfully restored, but nothing changed.

With McAfee uninstalled, and in Safe Mode, I ran trend micro which found no issues. Similarly MalwareBytes found no issues.

Two other odd things I noted.... First ,when I first searched in control panel to backup his files, the "backup files" option couldn't be found in the control panel ... later (I think in Safe Mode) it was listed. Second, before getting into safe mode, explorer showed 3-4 removable device drives.. thought nothing is plugged in.

Below is the dds.text and attach.text (from within Safe Mode).

If it turns out to look like Malware ... I would be VERY interested in which lines below make that clear. When I try to dig into what I think are "strange" lines, it usually turns out to be some normal process I had never heard of. So I'd really be interested in which lines should NOT be there.

Thanks in advance for any help and advice.

--- DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by Ben at 0:41:57 on 2013-06-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5669 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Coupons.com Toolbar: {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\tbCoup.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [WinampAgent] C:\Users\Ben\Winamp\winampa.exe

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{7DF718D9-EC70-4D87-963D-7D5DF52EDD96} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C49B43F3-9EA3-432B-899E-A693F5803D9F} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-16 55856]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-6-16 406056]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-16 203776]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-16 13336]

S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-16 1692480]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-16 115216]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-16 158976]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-16 317440]

S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]

S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2013-6-1 31152]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-24 1255736]

S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-06-02 04:29:33 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes

2013-06-02 04:29:23 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-02 04:29:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-02 04:29:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-01 16:38:33 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys

2013-06-01 16:24:33 -------- d-----w- C:\Windows\pss

2013-05-12 00:21:56 -------- d-----w- C:\Users\Ben\AppData\Roaming\Avira

2013-05-12 00:16:33 -------- d-----w- C:\ProgramData\Avira

2013-05-12 00:16:33 -------- d-----w- C:\Program Files (x86)\Avira

.

==================== Find3M ====================

.

2013-03-16 15:46:03 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 15:46:01 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-16 15:46:01 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-13 03:02:33 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 03:02:33 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2011-06-22 22:30:42 1512448 ----a-w- C:\Program Files (x86)\iview430_setup.exe

2011-06-22 21:18:33 11978504 ----a-w- C:\Program Files\winamp561_full_bundle_emusic-7plus_en-us.exe

.

============= FINISH: 0:42:29.91 ===============

--- attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/22/2011 4:40:00 PM

System Uptime: 6/1/2013 2:58:56 PM (10 hours ago)

.

Motherboard: Dell Inc. | | 0Y2MRG

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 2793/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 836.828 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 70 GiB total, 30.615 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP108: 4/5/2013 1:04:45 PM - Scheduled Checkpoint

RP109: 4/10/2013 12:31:32 PM - Windows Update

RP110: 4/19/2013 1:42:38 PM - Scheduled Checkpoint

RP111: 4/24/2013 9:13:01 AM - Windows Update

RP112: 4/30/2013 11:31:56 AM - Windows Update

RP113: 5/9/2013 4:58:49 PM - Scheduled Checkpoint

RP114: 5/12/2013 6:55:34 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6) MUI

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

Ask Toolbar

Ask Toolbar Updater

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

Bing Bar

Bing Rewards Client Installer

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCScore

Consumer In-Home Service Agreement

Coupon Printer for Windows

Coupons.com Toolbar

Cozi

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Support Center

Dell VideoStage

DirectX 9 Runtime

DW WLAN Card

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

fflink

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

H&R Block Michigan 2012

H&R Block Premium + Efile + State 2012

Intel® Rapid Storage Technology

IrfanView (remove only)

Java 7 Update 17

Java Auto Updater

Java™ 6 Update 24 (64-bit)

Junk Mail filter update

kgcbaby

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

netbrdg

OfotoXMI

PhotoShowExpress

QuickTime

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SFR

Shared C Run-time for x64

SHASTA

skin0001

SKINXSDK

Skype Toolbars

Skype™ 5.10

Sonic CinePlayer Decoder Pack

staticcr

THX TruStudio PC

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VPRINTOL

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WIRELESS

.

==== Event Viewer Messages From Past Week ========

.

6/2/2013 12:41:29 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/2/2013 12:41:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

6/2/2013 12:41:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

6/2/2013 12:26:32 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 3:30:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).

6/1/2013 3:30:16 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).

6/1/2013 3:30:16 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).

6/1/2013 3:30:16 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).

6/1/2013 3:22:40 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/1/2013 3:22:40 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/1/2013 3:22:40 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

6/1/2013 3:22:40 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/1/2013 3:03:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

6/1/2013 3:02:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 3:01:32 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/1/2013 3:01:32 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/1/2013 3:01:32 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/1/2013 3:01:32 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/1/2013 3:00:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/1/2013 3:00:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/1/2013 3:00:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/1/2013 3:00:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/1/2013 3:00:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

6/1/2013 3:00:27 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

6/1/2013 2:59:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000100000018, 0x0000000000000002, 0x0000000000000000, 0xfffff800034c6425). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060113-44553-01.

6/1/2013 2:30:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/1/2013 2:18:31 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/1/2013 2:08:50 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/1/2013 12:24:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 11:55:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/1/2013 10:55:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

6/1/2013 10:52:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/1/2013 10:52:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/1/2013 10:51:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:35 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 10:51:35 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2013 10:51:35 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2013 10:51:35 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/1/2013 10:51:35 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/31/2013 9:59:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8009d12610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-40763-01.

5/31/2013 10:39:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8009df9610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-39374-01.

5/31/2013 10:39:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

5/31/2013 10:39:10 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

5/31/2013 10:09:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8009e1f610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053113-46878-01.

5/31/2013 10:03:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

5/31/2013 10:03:30 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/31/2013 10:02:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello shmeigel and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Thanks for the help. Below is the Farbar output.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 03

Ran by SYSTEM on 02-06-2013 16:03:06

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [WinampAgent] C:\Users\Ben\Winamp\winampa.exe [74752 2011-03-22] (Nullsoft, Inc.)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [282624 2006-09-01] (Apple Computer, Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()

HKU\Ben\...\Policies\system: [DisableLockWorkstation] 0

Startup: C:\ProgramData\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (No File)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) ====================

S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-06-01] ()

S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-02 16:03 - 2013-06-02 16:03 - 00000000 ____D C:\FRST

2013-06-02 14:55 - 2013-06-02 14:55 - 01916716 ____A (Farbar) C:\Users\Ben\Downloads\FRST64.exe

2013-06-01 23:53 - 2013-06-01 23:53 - 00275208 ____A C:\Windows\Minidump\060213-52104-01.dmp

2013-06-01 23:45 - 2013-06-01 23:45 - 00001198 ____A C:\Users\Ben\Desktop\Tony - Shortcut.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Users\Ben\Application Data\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-01 23:29 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-06-01 23:28 - 2013-06-01 23:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Ben\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-01 23:27 - 2013-06-01 23:27 - 00688992 ____R (Swearware) C:\Users\Ben\Desktop\dds.com

2013-06-01 23:27 - 2013-06-01 23:27 - 00688992 ____A (Swearware) C:\Users\Ben\Downloads\dds.com

2013-06-01 15:15 - 2013-06-01 19:50 - 06492959 ____A C:\Users\Ben\Local Settings\census.cache

2013-06-01 15:15 - 2013-06-01 19:50 - 06492959 ____A C:\Users\Ben\Local Settings\Application Data\census.cache

2013-06-01 15:15 - 2013-06-01 19:50 - 06492959 ____A C:\Users\Ben\AppData\Local\census.cache

2013-06-01 15:15 - 2013-06-01 19:45 - 00087366 ____A C:\Users\Ben\Local Settings\ars.cache

2013-06-01 15:15 - 2013-06-01 19:45 - 00087366 ____A C:\Users\Ben\Local Settings\Application Data\ars.cache

2013-06-01 15:15 - 2013-06-01 19:45 - 00087366 ____A C:\Users\Ben\AppData\Local\ars.cache

2013-06-01 15:08 - 2013-06-01 15:08 - 02406064 ____A (Trend Micro Inc.) C:\Users\Ben\Downloads\HousecallLauncher64.exe

2013-06-01 15:07 - 2013-06-01 15:07 - 02002944 ____A (Trend Micro Inc.) C:\Users\Ben\Downloads\HousecallLauncher.exe

2013-06-01 13:59 - 2013-06-01 13:59 - 00275152 ____A C:\Windows\Minidump\060113-44553-01.dmp

2013-06-01 13:08 - 2013-06-01 13:08 - 00275208 ____A C:\Windows\Minidump\060113-41948-01.dmp

2013-06-01 12:58 - 2013-06-01 23:53 - 587967985 ____A C:\Windows\MEMORY.DMP

2013-06-01 12:58 - 2013-06-01 23:53 - 00000000 ____D C:\Windows\Minidump

2013-06-01 12:58 - 2013-06-01 12:58 - 00275208 ____A C:\Windows\Minidump\060113-36878-01.dmp

2013-06-01 11:38 - 2013-06-01 11:38 - 00031152 ____A C:\Windows\System32\Drivers\pmxdrv.sys

2013-06-01 11:24 - 2013-06-01 13:30 - 00000000 ____D C:\Windows\pss

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\Local Settings\Resmon.ResmonCfg

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\Local Settings\Application Data\Resmon.ResmonCfg

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\AppData\Local\Resmon.ResmonCfg

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\Local Settings\housecall.guid.cache

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\Local Settings\Application Data\housecall.guid.cache

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\AppData\Local\housecall.guid.cache

2013-05-11 19:21 - 2013-05-11 19:21 - 00000000 ____D C:\Users\Ben\Application Data\Avira

2013-05-11 19:21 - 2013-05-11 19:21 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\ProgramData\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\ProgramData\Application Data\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

2013-06-02 16:03 - 2013-06-02 16:03 - 00000000 ____D C:\FRST

2013-06-02 14:57 - 2009-07-14 00:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-02 14:55 - 2013-06-02 14:55 - 01916716 ____A (Farbar) C:\Users\Ben\Downloads\FRST64.exe

2013-06-02 04:38 - 2011-06-16 13:25 - 01511342 ____A C:\Windows\WindowsUpdate.log

2013-06-01 23:53 - 2013-06-01 23:53 - 00275208 ____A C:\Windows\Minidump\060213-52104-01.dmp

2013-06-01 23:53 - 2013-06-01 12:58 - 587967985 ____A C:\Windows\MEMORY.DMP

2013-06-01 23:53 - 2013-06-01 12:58 - 00000000 ____D C:\Windows\Minidump

2013-06-01 23:50 - 2011-06-16 13:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-06-01 23:49 - 2011-06-22 17:36 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2013-06-01 23:49 - 2011-06-16 13:54 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-06-01 23:48 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-01 23:48 - 2009-07-13 23:51 - 00128162 ____A C:\Windows\setupact.log

2013-06-01 23:45 - 2013-06-01 23:45 - 00001198 ____A C:\Users\Ben\Desktop\Tony - Shortcut.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Users\Ben\Application Data\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-06-01 23:29 - 2013-06-01 23:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-01 23:28 - 2013-06-01 23:28 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Ben\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-01 23:27 - 2013-06-01 23:27 - 00688992 ____R (Swearware) C:\Users\Ben\Desktop\dds.com

2013-06-01 23:27 - 2013-06-01 23:27 - 00688992 ____A (Swearware) C:\Users\Ben\Downloads\dds.com

2013-06-01 19:50 - 2013-06-01 15:15 - 06492959 ____A C:\Users\Ben\Local Settings\census.cache

2013-06-01 19:50 - 2013-06-01 15:15 - 06492959 ____A C:\Users\Ben\Local Settings\Application Data\census.cache

2013-06-01 19:50 - 2013-06-01 15:15 - 06492959 ____A C:\Users\Ben\AppData\Local\census.cache

2013-06-01 19:45 - 2013-06-01 15:15 - 00087366 ____A C:\Users\Ben\Local Settings\ars.cache

2013-06-01 19:45 - 2013-06-01 15:15 - 00087366 ____A C:\Users\Ben\Local Settings\Application Data\ars.cache

2013-06-01 19:45 - 2013-06-01 15:15 - 00087366 ____A C:\Users\Ben\AppData\Local\ars.cache

2013-06-01 15:08 - 2013-06-01 15:08 - 02406064 ____A (Trend Micro Inc.) C:\Users\Ben\Downloads\HousecallLauncher64.exe

2013-06-01 15:07 - 2013-06-01 15:07 - 02002944 ____A (Trend Micro Inc.) C:\Users\Ben\Downloads\HousecallLauncher.exe

2013-06-01 13:59 - 2013-06-01 13:59 - 00275152 ____A C:\Windows\Minidump\060113-44553-01.dmp

2013-06-01 13:30 - 2013-06-01 11:24 - 00000000 ____D C:\Windows\pss

2013-06-01 13:26 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-01 13:26 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-01 13:20 - 2011-06-16 13:37 - 00000000 ____D C:\ProgramData\McAfee

2013-06-01 13:20 - 2011-06-16 13:37 - 00000000 ____D C:\ProgramData\Application Data\McAfee

2013-06-01 13:18 - 2010-11-20 22:47 - 00093314 ____A C:\Windows\PFRO.log

2013-06-01 13:08 - 2013-06-01 13:08 - 00275208 ____A C:\Windows\Minidump\060113-41948-01.dmp

2013-06-01 13:02 - 2011-06-22 15:44 - 00000000 ____D C:\Users\Ben\Local Settings\VirtualStore

2013-06-01 13:02 - 2011-06-22 15:44 - 00000000 ____D C:\Users\Ben\Local Settings\Application Data\VirtualStore

2013-06-01 13:02 - 2011-06-22 15:44 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore

2013-06-01 12:58 - 2013-06-01 12:58 - 00275208 ____A C:\Windows\Minidump\060113-36878-01.dmp

2013-06-01 11:38 - 2013-06-01 11:38 - 00031152 ____A C:\Windows\System32\Drivers\pmxdrv.sys

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\Local Settings\Resmon.ResmonCfg

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\Local Settings\Application Data\Resmon.ResmonCfg

2013-06-01 10:17 - 2013-06-01 10:17 - 00007597 ____A C:\Users\Ben\AppData\Local\Resmon.ResmonCfg

2013-06-01 09:51 - 2011-06-22 15:40 - 00000000 ____D C:\users\Ben

2013-06-01 00:30 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal

2013-06-01 00:30 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2013-06-01 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sppui

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Setup

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ras

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\oobe

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\com

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sppui

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Setup

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ras

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\oobe

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Msdtc

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\manifeststore

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\icsxml

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ias

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\Dism

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\com

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System

2013-06-01 00:30 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services

2013-06-01 00:29 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew

2013-06-01 00:29 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns

2013-06-01 00:29 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-06-01 00:29 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\uk-UA

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\th-TH

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sr-Latn-CS

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sl-SI

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sk-SK

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ro-RO

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lv-LV

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\lt-LT

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\hr-HR

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\he-IL

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\et-EE

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\bg-BG

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\ar-SA

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas

2013-06-01 00:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME

2013-06-01 00:26 - 2011-11-17 09:16 - 00000000 ____D C:\Windows\System32\Macromed

2013-06-01 00:26 - 2011-06-16 15:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2013-06-01 00:26 - 2011-06-16 13:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2013-06-01 00:26 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore

2013-06-01 00:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF

2013-06-01 00:24 - 2012-01-03 18:24 - 00000000 ___SD C:\Users\Ben\My Documents\My Data Sources

2013-06-01 00:24 - 2012-01-03 18:24 - 00000000 ___SD C:\Users\Ben\Documents\My Data Sources

2013-06-01 00:24 - 2011-06-24 17:34 - 00000000 ____D C:\Users\Ben\Application Data\Catalina Marketing Corp

2013-06-01 00:24 - 2011-06-24 17:34 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Catalina Marketing Corp

2013-06-01 00:24 - 2011-06-22 17:33 - 00000000 ____D C:\Users\Ben\Application Data\IrfanView

2013-06-01 00:24 - 2011-06-22 17:33 - 00000000 ____D C:\Users\Ben\AppData\Roaming\IrfanView

2013-06-01 00:24 - 2011-06-22 16:20 - 00000000 ____D C:\Users\Ben\Winamp Detect

2013-06-01 00:24 - 2011-06-22 16:20 - 00000000 ____D C:\Users\Ben\Winamp

2013-06-01 00:24 - 2011-06-22 16:20 - 00000000 ____D C:\Users\Ben\Application Data\Winamp

2013-06-01 00:24 - 2011-06-22 16:20 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Winamp

2013-06-01 00:24 - 2011-06-16 13:36 - 00000000 ____D C:\Windows\en

2013-06-01 00:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat

2013-06-01 00:23 - 2013-03-07 11:51 - 00000000 ____D C:\Program Files (x86)\PDF995

2013-06-01 00:23 - 2012-05-14 13:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-06-01 00:23 - 2012-05-14 13:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-06-01 00:23 - 2011-09-27 11:34 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-06-01 00:23 - 2011-09-27 11:34 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help

2013-06-01 00:23 - 2011-06-24 20:53 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-06-01 00:23 - 2011-06-24 20:52 - 00000000 ____D C:\ProgramData\ArcSoft

2013-06-01 00:23 - 2011-06-24 20:52 - 00000000 ____D C:\ProgramData\Application Data\ArcSoft

2013-06-01 00:23 - 2011-06-22 17:33 - 00000000 ____D C:\Program Files (x86)\IrfanView

2013-06-01 00:23 - 2011-06-16 13:37 - 00000000 ____D C:\Program Files\Dell Support Center

2013-06-01 00:23 - 2011-06-16 13:31 - 00000000 ____D C:\ProgramData\FLEXnet

2013-06-01 00:23 - 2011-06-16 13:31 - 00000000 ____D C:\ProgramData\Application Data\FLEXnet

2013-06-01 00:23 - 2011-06-16 13:30 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-06-01 00:23 - 2011-06-16 13:27 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)

2013-06-01 00:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-06-01 00:22 - 2012-04-09 13:02 - 00000000 ____D C:\Program Files (x86)\Ask.com

2013-06-01 00:22 - 2011-06-26 20:41 - 00000000 ____D C:\Program Files (x86)\Coupons.com

2013-06-01 00:22 - 2011-06-24 13:40 - 00000000 ____D C:\Program Files (x86)\Coupons

2013-06-01 00:22 - 2011-06-22 16:06 - 00000000 ____D C:\FIND_EULA_PATH

2013-06-01 00:22 - 2011-06-16 13:30 - 00000000 ____D C:\Program Files (x86)\Cozi Express

2013-06-01 00:22 - 2011-02-10 09:01 - 00000000 ____D C:\dell

2013-06-01 00:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration

2013-05-31 23:13 - 2011-06-16 13:39 - 00000000 ____D C:\ProgramData\Application Data\Adobe

2013-05-31 23:13 - 2011-06-16 13:39 - 00000000 ____D C:\ProgramData\Adobe

2013-05-31 21:04 - 2011-06-16 13:42 - 00000000 ____D C:\ProgramData\Sonic

2013-05-31 21:04 - 2011-06-16 13:42 - 00000000 ____D C:\ProgramData\Application Data\Sonic

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\Local Settings\housecall.guid.cache

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\Local Settings\Application Data\housecall.guid.cache

2013-05-13 20:00 - 2013-05-13 20:00 - 00000036 ____A C:\Users\Ben\AppData\Local\housecall.guid.cache

2013-05-11 19:21 - 2013-05-11 19:21 - 00000000 ____D C:\Users\Ben\Application Data\Avira

2013-05-11 19:21 - 2013-05-11 19:21 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\ProgramData\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\ProgramData\Application Data\Avira

2013-05-11 19:16 - 2013-05-11 19:16 - 00000000 ____D C:\Program Files (x86)\Avira

2013-05-09 19:44 - 2012-01-20 13:17 - 00015381 ____A C:\Users\Public\Documents\Finances.xlsx

2013-05-09 19:44 - 2012-01-20 13:17 - 00015381 ____A C:\ProgramData\Documents\Finances.xlsx

2013-05-09 15:27 - 2011-06-24 20:54 - 27144192 ___RA C:\Users\Public\Documents\ESBK.mbb

2013-05-09 15:27 - 2011-06-24 20:54 - 27144192 ___RA C:\ProgramData\Documents\ESBK.mbb

2013-05-09 15:27 - 2011-06-24 20:54 - 11554816 ___RA C:\Users\Public\Documents\ESBK.mb

2013-05-09 15:27 - 2011-06-24 20:54 - 11554816 ___RA C:\ProgramData\Documents\ESBK.mb

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-05 12:04:53

Restore point made on: 2013-04-10 11:31:39

Restore point made on: 2013-04-19 12:42:48

Restore point made on: 2013-04-24 08:13:09

Restore point made on: 2013-04-30 10:32:06

Restore point made on: 2013-05-09 15:59:00

Restore point made on: 2013-05-12 17:55:44

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8174.46 MB

Available physical RAM: 7300.17 MB

Total Pagefile: 8172.66 MB

Available Pagefile: 7315.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:834.21 GB) NTFS (Disk=0 Partition=3)

Drive d: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.28 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive g: (MULTIBOOT) (Removable) (Total:30.42 GB) (Free:3.81 GB) FAT32 (Disk=2 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:69.82 GB) (Free:30.61 GB) NTFS (Disk=1 Partition=2)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: F1C16963)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=919 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: E686F016)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)

========================================================

Disk: 2 (Size: 30 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=30 GB) - (Type=0C)

Last Boot: 2013-05-04 06:35

==================== End Of Log ============================

Link to post
Share on other sites

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: a

BCP1: 0000000000000028

BCP2: 0000000000000002

BCP3: 0000000000000001

BCP4: FFFFF800034DDF61

OS Version: 6_1_7601

Service Pack: 1_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\060313-54569-01.dmp

C:\Users\Ben\AppData\Local\Temp\WER-97953-0.sysdata.xml

Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

Link to post
Share on other sites

This was in the event log as well (I believe from the prior BSOD when i turned it on this morning but didnt have time to write it down)

Log Name: System

Source: Microsoft-Windows-WER-SystemErrorReporting

Date: 6/3/2013 8:45:18 PM

Event ID: 1001

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: BEN-PC

Description:

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8009b013ef, 0x0000000000000000, 0x00000000fffa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060313-42853-01.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />

<EventID Qualifiers="16384">1001</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2013-06-04T00:45:18.000000000Z" />

<EventRecordID>785514</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>BEN-PC</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">0x0000001e (0xffffffffc0000005, 0xfffffa8009b013ef, 0x0000000000000000, 0x00000000fffa003c)</Data>

<Data Name="param2">C:\Windows\MEMORY.DMP</Data>

<Data Name="param3">060313-42853-01</Data>

</EventData>

</Event>

This is the only other "Error" message

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 6/3/2013 8:47:34 PM

Event ID: 10016

Task Category: None

Level: Error

Keywords: Classic

User: SYSTEM

Computer: Ben-PC

Description:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

and APPID

{344ED43D-D086-4961-86A6-1106F4ACAD9B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />

<EventID Qualifiers="49152">10016</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2013-06-04T00:47:34.000000000Z" />

<EventRecordID>785578</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>Ben-PC</Computer>

<Security UserID="S-1-5-18" />

</System>

<EventData>

<Data Name="param1">application-specific</Data>

<Data Name="param2">Local</Data>

<Data Name="param3">Launch</Data>

<Data Name="param4">{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}</Data>

<Data Name="param5">{344ED43D-D086-4961-86A6-1106F4ACAD9B}</Data>

<Data Name="param6">NT AUTHORITY</Data>

<Data Name="param7">SYSTEM</Data>

<Data Name="param8">S-1-5-18</Data>

<Data Name="param9">LocalHost (Using LRPC)</Data>

</EventData>

</Event>

Link to post
Share on other sites

on different PC so will have to post logs when I can get back on, but wanted to update you...

I ran the SFC, and it did find and repair some corrupted files.

Rebooted two times after that, and both times still ran into BSOD

I then re-ran SFC (as I saw you might have to run it multiple times) ... this second run found no errors to correct.

I reboot and walked away...

Came back several hours later to see that it had boot normally with no BSOD!

However, I couldn't start a browser, or task manager, or command prompt, or anything... currently logging out and rebooting again,but it is very slow.

Do you want the CBT.log dump (pretty big if i recall) from the SFC runs?

Link to post
Share on other sites

Sorry it took so long to respond. I was having no luck figuring out which components were causing the failure, and have gone ahead with the format and re-install windows.

I would be interested in you opinion... given the logs you have seen, do you think it had a virus or was it just some other corruption/hardware software incompatibility problem.

Thanks for your help.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.