Jump to content

Max Memory usage, windows 7 keeps freezing up, malware? or process


Recommended Posts

Guys, and Gals,

 

Been dealing with this for a while now. Stated when Firefox 25 froze the whole computer and I had to do a hard restart (couldn’t push any buttons, when I did gave me the beep sound from BIOS).  Happened the next day when using a word document.   Wife’s computer, it’s a Dell, went from Windows 7 to Windows 8.  Then back to Win7 because Windows 8 was garbage, and a student test copy, but I digress.  Looking at the logs from DDS I now see some of the issues, but I will leave it with the pros, being that I got work to do.  I've tried the following:

AVG 2014 free addition antivirus and rootkit scan (I’ve added Malewarebytes, and Malewarebytes Root Kit to AVG excluded list as per the info from y’all), Ran full scans with Malewarebytes, Mbar RootKit, (even did both with Chameleon just to be sure, first time this happened 5 days ago I couldn’t get Rootkit to run without Chameleon).  Tried to fixdamage.exe, ran CCleaner, also did all of these in Safe Mode w/Networking.  Ran BIOS tests, (full test took a day to do), Memory, HD, cards etc.  Windows updater, maintenance, almost everything I know of.  (Short of burning the system down…. Again)

Turned off as many processes and services as I could; WIA, search, IPv6, Windows Search, on an on, just trying to get indexing to stop, and memory to come down.  Cleaned and turned off as many items during startup as I could to stop my memory hog.  In safe mode it runs a lot better, but didn't do a side by side to see the rate of change.  I know a lot of Event and Admin Logs in Windows are turned on, but they should over write. 

Any ways, here a screen shot of my memory usage when I started to type this letter.    And the logs.  Is this a virus? Old Win8 process?  Some help please. 

Thanks in advanced.   (Side note, I have the .old.Windows file still on the Computer, I plan on moving it over to external storage, but I will wait to see if you want me to or not.  That is why the HD has limited space and could be some of the issue.

Screen Shot is attached.  Shows

total memory at 4056,   

cached  2056

Available 2033

Free    0

 

 

LOGS

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/16/2013 11:34:31 PM
System Uptime: 11/4/2013 4:47:45 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0F642T
Processor: Pentium® Dual-Core CPU       T4400  @ 2.20GHz | Microprocessor | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 8.067 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 9 GiB total, 8.058 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&19F9555E&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&19F9555E&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP48: 10/18/2013 6:13:53 PM - Installed Microsoft OneNote 2013
RP49: 10/18/2013 6:14:53 PM - ONENOTER
RP50: 10/18/2013 6:48:25 PM - Installed Microsoft Visio Professional 2013
RP51: 10/18/2013 6:48:47 PM - VISPROR
RP52: 10/18/2013 9:49:16 PM - Installed Microsoft Access 2013
RP53: 10/18/2013 9:49:57 PM - ACCESSR
RP54: 10/19/2013 11:46:32 PM - Windows Update
RP55: 10/27/2013 9:10:54 PM - Scheduled Checkpoint
RP56: 10/28/2013 3:11:51 AM - Removed Balsamiq Mockups For Desktop
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
Adobe AIR
Adobe Flash Player 11 Plugin
AVG 2014
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Business Contact Manager for Outlook 2007 SP2
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Defraggler
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
Dotfuscator and Analytics Community Edition
Entity Framework Designer for Visual Studio 2012 - enu
FileASSASSIN
HP Officejet 6600 Basic Device Software
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Rapid Storage Technology
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access 2013
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 64-bit Components 2013
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OSM MUI (English) 2013
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft OneNote 2013
Microsoft OneNote MUI (English) 2013
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visio MUI (English) 2013
Microsoft Visio Professional 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.6
Microsoft WebMatrix 3
Mozilla Firefox 25.0 (x86 en-US)
MySQL Connector Net 6.5.4
Outils de vérification linguistique 2013 de Microsoft Office - Français
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Realtek USB 2.0 Card Reader
Recuva
SafeHouse Explorer 3.01
Secure Download Manager
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Speccy
Update for  (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2013 (KB2810016) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2825633) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.8
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
.
==== Event Viewer Messages From Past Week ========
.
11/4/2013 4:47:05 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency

service or group failed to start.
11/4/2013 4:24:40 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following

error:  The dependency service or group failed to start.
11/4/2013 4:24:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-

43CE-924B-0704BD730D5F}
11/4/2013 4:24:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-

4927-A040-7C35AD3180EF}
11/4/2013 4:23:21 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0

-8F20-00805F2CD064}
11/4/2013 4:23:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-

11D8-B9A5-505054503030}
11/4/2013 4:23:20 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-

4F1F-BEB7-5C22C517CE39}
11/4/2013 4:23:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-

5536-11D1-B726-00C04FB926AF}
11/4/2013 4:23:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
11/4/2013 4:22:50 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
11/4/2013 4:22:34 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgdiska AVGIDSDriver Avgldx64 discache SafDskNT spldr Wanarpv6
11/4/2013 4:22:31 AM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached

to the system is not functioning.
11/4/2013 4:16:31 AM, Error: mbamchameleon [61440]  -
11/3/2013 8:27:41 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in

30000 milliseconds: Restart the service.
11/3/2013 8:27:41 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Matthew at 5:35:51 on 2013-11-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.2121 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\tcpsvcs.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Explorer.EXE
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Matthew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{208C2BE8-74B5-477D-977E-BEEB3844B471} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{AD79CE5D-73CC-4CE1-BDC7-C63DF6068424} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ud6fykvd.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-05 12:25; {3975c680-be94-11dd-ad8b-0800200c9a66}; C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ud6fykvd.default\extensions\{3975c680-be94-11dd-ad8b-

0800200c9a66}.xpi
FF - ExtSQL: 2013-10-05 12:25; tineye@ideeinc.com; C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ud6fykvd.default\extensions\tineye@ideeinc.com.xpi
FF - ExtSQL: 2013-10-12 22:25; {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}; C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ud6fykvd.default\extensions\{9c51bd27-6ed8-4000-a2bf-

36cb95c0c947}.xpi
FF - ExtSQL: 2013-10-12 22:25; client@anonymox.net; C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\ud6fykvd.default\extensions\client@anonymox.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 SafDskNT;SafeHouse;C:\Windows\System32\drivers\SAFDSKNT.SYS [2013-10-4 76112]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-8-20 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-3 91352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-17 19456]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-17 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-17 1255736]
.
=============== Created Last 30 ================
.
2013-11-04 09:39:12    --------    d-----w-    C:\Program Files (x86)\FileASSASSIN
2013-11-03 08:06:33    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-02 06:26:28    --------    d-----w-    C:\Users\Matthew\AppData\Local\ElevatedDiagnostics
2013-10-19 17:25:50    --------    d-----w-    C:\mbar
2013-10-18 23:50:15    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-10-09 07:00:58    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 03:25:54    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\Systenance
2013-10-08 04:25:34    --------    d-----w-    C:\SymCache
2013-10-07 02:27:36    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-10-07 02:27:34    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\BalsamiqMockupsForDesktop
2013-10-07 00:03:57    --------    d-----w-    C:\Users\Matthew\AppData\Roaming\NuGet
2013-10-06 22:21:53    2489504    ----a-w-    C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-10-06 22:15:16    --------    d-----w-    C:\Program Files\Application Verifier
2013-10-06 22:15:16    --------    d-----w-    C:\Program Files (x86)\Application Verifier
2013-10-06 22:15:12    --------    d-----w-    C:\ProgramData\Windows App Certification Kit
2013-10-06 22:14:19    --------    d-----w-    C:\Program Files (x86)\Common Files\Microsoft
2013-10-06 22:13:58    --------    d-----w-    C:\ProgramData\PreEmptive Solutions
2013-10-06 22:11:32    --------    d-----w-    C:\Program Files (x86)\Microsoft Web Tools
2013-10-06 22:10:39    --------    d-----w-    C:\Program Files (x86)\NuGet
2013-10-06 22:10:31    --------    d-----w-    C:\Program Files (x86)\Microsoft WCF Data Services
2013-10-06 22:09:06    1998168    ----a-w-    C:\Windows\SysWow64\D3DX9_43.dll
2013-10-06 22:08:11    --------    d-----w-    C:\Program Files (x86)\Windows Kits
2013-10-06 22:03:55    --------    d-----w-    C:\Program Files (x86)\HTML Help Workshop
2013-10-06 22:03:09    --------    d-----w-    C:\Program Files (x86)\Microsoft Help Viewer
2013-10-06 21:57:45    --------    d-----w-    C:\Program Files (x86)\Common Files\Merge Modules
2013-10-06 21:56:40    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-10-06 21:56:21    --------    d-----w-    C:\Program Files\Microsoft Visual Studio 11.0
2013-10-06 21:30:22    --------    d-----w-    C:\ProgramData\regid.1991-06.com.microsoft
.
==================== Find3M  ====================
.
2013-10-09 15:59:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 15:59:18    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-26 02:07:30    148792    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-16 22:43:44    252399    ----a-w-    C:\ProgramData\1379371371.bdinstall.bin
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-09 03:11:42    31544    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-09-02 15:59:14    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-09-02 15:29:18    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-09-02 15:26:50    192824    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-09-02 15:26:42    241464    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-25 04:19:26    889416    ----a-w-    C:\Users\Matthew\AppData\Roaming\dotNetFx40_Full_setup.exe
2013-08-21 03:53:58    123704    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-08-17 08:23:26    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2013-08-17 08:23:25    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-08-17 05:07:28    604211    ----a-w-    C:\ProgramData\1376715695.bdinstall.bin
2013-08-17 03:12:53    268435456    --sha-w-    C:\swapfile.sys
.
============= FINISH:  5:37:36.27 ===============
 

post-147780-0-06539200-1383577141_thumb.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

So just so this topic does not get removed again, how long am I to wait for a response.  I know that there is 10000 requests for each one of you to help, but should I repost this again, or what?

Thank you

Link to post
Share on other sites

OK,

Here is the ark.txt file.  I had to run it two times.  After the first run, when I was saving the file, the computer locked up and went to blue screen of death.  I rebooted in safemode with networking, and after the ark.txt, I will place the info from the crash.  It  the even log for Kernal Power and those that were relvent and windows error code for the crash.  I have the minidump file if you would like that as well.  But, I dont want to attach anything until I know if you want it

 

thanks

 

 

 

Ark.txt

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-18 03:45:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298.09GB
Running: m8x4yqlt.exe; Driver: C:\Users\Matthew\AppData\Local\Temp\pwdiipog.sys


---- Threads - GMER 2.1 ----

Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2684]  00000000779c3e85
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2736]  00000000779c2e65
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2896]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2900]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2904]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2908]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2912]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2916]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2920]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2924]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2928]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2940]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2944]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2948]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2952]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2956]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2960]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2964]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2968]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2972]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2976]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2980]  00000000779c3e85
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2984]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2988]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2992]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3004]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3008]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3120]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3124]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3568]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3704]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2648]  00000000730429e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:3724]  00000000779c3e85
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2600:2752]  00000000779c7151

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources                      MSDMine?wltrys
Reg     HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources                          MSDMine?wltrys

---- EOF - GMER 2.1 ----
 

 

Blue Screen of Death files

 

Windows Error info on BSOD

Log Name:      System
Source:        EventLog
Date:          11/18/2013 3:12:33 AM
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      BigOne-PC
Description:
The previous system shutdown at 3:11:02 AM on ‎11/‎18/‎2013 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EventLog" />
    <EventID Qualifiers="32768">6008</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-11-18T09:12:33.000000000Z" />
    <EventRecordID>30064</EventRecordID>
    <Channel>System</Channel>
    <Computer>BigOne-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3:11:02 AM</Data>
    <Data>‎11/‎18/‎2013</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>160656</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Binary>DD070B000100120003000B000200A202DD070B000100120009000B000200A202600900003C000000010000006009000000000000B004000001000000D7280100</Binary>
  </EventData>
</Event>

 

 

 

Kernal Power Error Log

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
  <EventID>41</EventID>
  <Version>2</Version>
  <Level>1</Level>
  <Task>63</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000002</Keywords>
  <TimeCreated SystemTime="2013-11-18T09:12:16.986414900Z" />
  <EventRecordID>30068</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="8" />
  <Channel>System</Channel>
  <Computer>BigOne-PC</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData>
  <Data Name="BugcheckCode">265</Data>
  <Data Name="BugcheckParameter1">0xa3a039d89b50e7ec</Data>
  <Data Name="BugcheckParameter2">0xb3b7465eedcf2266</Data>
  <Data Name="BugcheckParameter3">0xfffff80000b95080</Data>
  <Data Name="BugcheckParameter4">0x2</Data>
  <Data Name="SleepInProgress">false</Data>
  <Data Name="PowerButtonTimestamp">0</Data>
  </EventData>
  </Event>

Link to post
Share on other sites

I almost forgot.  I rebooted in from the BSOD in safe mode to get the minidump, and error codes and event logs.  I then rebooted in normal mode and re ran the GMER program, that is what is in the ark.txt file I posted. 

Link to post
Share on other sites

That looks like a hardware error, but let´s see from outside:

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Done, here is the FRST.txt

Some things to point out.  Had another BSOD today before I ran the FRST.txt file.  Saved the logs again and will post them at the end. I also have the minidump and sysdat.xml and can attach them if you need them.

 

Could not run system tools from OS, had to get the recovery disc.  And run it that way. 

Also the steps in the post are not the same.  When you go into recovery mode now, you only get 3 options, Restore, recovery and tools. 

I knew what I was looking for so no biggie but an update is needed for the less tech advanced.

You go into tool, repair, and command prompt.  If I remember that correctly. 

So here are the files

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-N2Q7GEM on 18-11-2013 15:11:24
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [4968960 2009-07-17] (Dell Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKU\DefaultAppPool\...\Run: [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Maggie(magoo)\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
S2 Spooler; C:\Windows\SysWow64\spoolsv.exe [0 2013-11-10] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-11-14] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S1 SafDskNT; C:\Windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 15:11 - 2013-11-18 15:11 - 00000000 ____D C:\FRST
2013-11-18 11:03 - 2013-11-18 11:03 - 00277600 _____ C:\Windows\Minidump\111813-22276-01.dmp
2013-11-18 10:47 - 2013-11-18 10:47 - 04779896 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\spsetup124.exe
2013-11-18 10:47 - 2013-11-18 10:47 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-11-18 10:47 - 2013-11-18 10:47 - 00000000 ____D C:\Program Files\Speccy
2013-11-18 01:12 - 2013-11-18 11:03 - 501116095 _____ C:\Windows\MEMORY.DMP
2013-11-18 01:12 - 2013-11-18 01:12 - 00277600 _____ C:\Windows\Minidump\111813-23166-01.dmp
2013-11-17 21:19 - 2013-11-18 00:44 - 00005920 _____ C:\Users\Matthew\Documents\NOTES, CLEANING JAVARA and HP contract options.txt
2013-11-17 15:45 - 2013-11-17 17:48 - 00028540 _____ C:\Users\Matthew\Documents\Dad Xmas 2013 springfield rounds n info.txt
2013-11-16 21:13 - 2013-11-16 21:16 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\FreeFileViewer
2013-11-16 15:28 - 2013-11-16 15:28 - 00002777 _____ C:\Users\Matthew\Documents\TR Doc for position with Opperation Seabird 16mov2013.txt
2013-11-16 14:57 - 2013-11-16 14:57 - 00674787 _____ C:\Users\Matthew\Documents\at&T nokia 920 lumia screen cover by Moshi.xps
2013-11-16 03:17 - 2013-11-16 03:18 - 00000000 ____D C:\Users\Matthew\AppData\Local\FreeFileViewer
2013-11-16 03:16 - 2013-11-18 12:56 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-11-16 03:16 - 2013-11-16 03:16 - 00003106 _____ C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker
2013-11-16 03:16 - 2013-11-16 03:16 - 00001085 _____ C:\Users\Matthew\Desktop\FreeFileViewer.lnk
2013-11-16 03:16 - 2013-11-16 03:16 - 00000000 ____D C:\Program Files (x86)\FreeFileViewer
2013-11-16 03:16 - 2013-11-16 03:15 - 16617352 _____ (Bitberry Software                                           ) C:\Users\Matthew\Downloads\FreeFileViewerSetup [1].exe
2013-11-16 03:14 - 2013-11-16 03:14 - 00633744 _____ C:\Users\Matthew\Downloads\FreeFileViewerSetup.exe
2013-11-15 10:04 - 2013-11-15 10:04 - 05401342 _____ C:\Users\Matthew\Downloads\mbam_packed_1.00.0.0400.apk
2013-11-15 10:00 - 2013-11-15 10:00 - 01793648 _____ (Malwarebytes                                                ) C:\Users\Matthew\Downloads\mbae-setup-0.09.4.2000.exe
2013-11-15 08:24 - 2013-11-15 10:54 - 00009680 _____ C:\Users\Matthew\Documents\kirklands lamp message 15nov2013.txt
2013-11-15 08:10 - 2013-11-15 08:10 - 00000365 _____ C:\Users\Matthew\Documents\oil and filters for ford truck 2010platinum.txt
2013-11-15 07:40 - 2013-11-15 07:40 - 00198600 _____ C:\Users\Matthew\Documents\2010f150Platinum Oil and Fluid chart.xps
2013-11-15 03:21 - 2013-11-15 03:21 - 00014473 _____ C:\Users\Matthew\Documents\BF4 data loss FIX Guide.txt
2013-11-15 02:57 - 2013-11-15 02:57 - 00313338 _____ C:\Users\Matthew\Documents\BF4 ISSUES n CRASHES From EA site.xps
2013-11-14 19:39 - 2013-11-14 20:09 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-11-14 18:24 - 2013-11-14 18:24 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-11-14 02:04 - 2013-11-14 02:04 - 00000000 ____D C:\Windows\pss
2013-11-14 02:03 - 2013-11-14 02:03 - 00009804 _____ C:\Users\Matthew\Documents\cc_20131114_040302.reg
2013-11-13 23:31 - 2013-11-13 23:31 - 00001127 _____ C:\Users\Matthew\Documents\xbox BF4 issues.txt
2013-11-13 17:38 - 2013-11-14 02:05 - 00003316 _____ C:\Windows\System32\Tasks\{53576FC7-EC5B-454B-A253-9D5ADCD29362}
2013-11-12 16:19 - 2013-11-12 19:50 - 00007450 _____ C:\Windows\IE11_main.log
2013-11-12 16:19 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-11-12 16:19 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-12 16:19 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-12 16:19 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-11-12 16:19 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-11-12 16:19 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-11-12 16:19 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-12 16:19 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2013-11-12 16:19 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-12 16:19 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-12 16:19 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-11-12 16:19 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-11-12 16:19 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-12 16:19 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-11-12 16:19 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-12 16:19 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-12 16:19 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-11-12 16:19 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 16:17 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2013-11-12 16:17 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-12 16:06 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-12 16:06 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-12 16:06 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-12 16:06 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-12 16:06 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-12 16:06 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 16:06 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 16:06 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 16:06 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-12 16:06 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 16:06 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-12 16:06 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 16:05 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-12 16:05 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-12 16:05 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 16:05 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 16:01 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-12 16:01 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 16:01 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-12 16:01 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-12 16:01 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-12 16:01 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-12 16:01 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-12 16:01 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-12 16:01 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-12 16:01 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-12 16:01 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 16:01 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 16:01 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 16:01 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 16:01 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-12 16:01 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-12 16:00 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-12 16:00 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-12 16:00 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-12 16:00 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 16:00 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 16:00 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-12 16:00 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-12 16:00 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-12 16:00 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 16:00 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 16:00 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 16:00 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-12 16:00 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 16:00 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\users\Default
2013-11-12 13:05 - 2013-11-12 13:05 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 13:05 - 2013-11-12 13:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 13:05 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-12 13:04 - 2013-11-12 13:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Matthew\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 00:00 - 2013-11-12 00:00 - 00000196 _____ C:\Users\Matthew\.packettracer
2013-11-11 23:59 - 2013-11-14 16:02 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3
2013-11-11 23:59 - 2013-11-11 23:59 - 00001235 _____ C:\Users\Matthew\Desktop\Cisco Packet Tracer.lnk
2013-11-10 22:30 - 2013-11-14 02:05 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-10 22:30 - 2013-11-10 22:30 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-10 22:30 - 2013-11-10 22:30 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 22:20 - 2013-11-10 22:20 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-11-10 22:20 - 2013-11-10 22:20 - 00000000 ____D C:\Program Files\Defraggler
2013-11-10 22:16 - 2013-11-12 15:52 - 00006174 _____ C:\Windows\PFRO.log
2013-11-10 22:11 - 2013-11-10 22:11 - 00001520 _____ C:\Users\Matthew\Desktop\FileASSASSIN.exe - Shortcut.lnk
2013-11-10 22:08 - 2013-11-10 22:08 - 00001350 _____ C:\Users\Matthew\Desktop\recuva64.exe - Shortcut.lnk
2013-11-10 21:47 - 2013-11-10 21:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\Secunia PSI
2013-11-10 21:47 - 2013-11-10 21:47 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-11-10 21:46 - 2013-11-10 21:46 - 03864904 _____ (Secunia) C:\Users\Matthew\Downloads\PSISetup.exe
2013-11-10 21:42 - 2013-11-10 21:42 - 00653327 _____ C:\Users\Matthew\AppData\Local\census.cache
2013-11-10 21:42 - 2013-11-10 21:42 - 00070564 _____ C:\Users\Matthew\AppData\Local\ars.cache
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2013-11-10 21:20 - 2013-11-10 21:20 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-11-10 21:10 - 2013-11-10 21:10 - 00000036 _____ C:\Users\Matthew\AppData\Local\housecall.guid.cache
2013-11-10 21:08 - 2013-11-10 21:08 - 02049128 _____ (Trend Micro Inc.) C:\Users\Matthew\Downloads\HousecallLauncher.exe
2013-11-10 15:53 - 2013-11-10 15:53 - 02347384 _____ (ESET) C:\Users\Matthew\Downloads\esetsmartinstaller_enu.exe
2013-11-10 08:38 - 2013-11-10 08:38 - 00000000 ____D C:\Users\Maggie(magoo)\AppData\Roaming\AVG2014
2013-11-10 08:38 - 2013-11-10 08:38 - 00000000 ____D C:\Users\Maggie(magoo)\AppData\Local\Avg2014
2013-11-10 01:39 - 2013-11-10 01:39 - 00352212 _____ C:\Users\Matthew\Documents\deminsions.xps
2013-11-08 23:36 - 2013-11-18 12:55 - 00001916 _____ C:\Windows\setupact.log
2013-11-08 23:36 - 2013-11-08 23:36 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 13:26 - 2013-11-10 15:45 - 04208656 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\dfsetup216.exe
2013-11-06 17:02 - 2013-11-06 17:02 - 00000000 ____D C:\Users\Matthew\AppData\Local\ESN
2013-11-06 17:01 - 2013-11-06 17:01 - 03820328 _____ C:\Users\Matthew\Downloads\battlelog-web-plugins_2.3.0_119.exe
2013-11-06 17:01 - 2013-11-06 17:01 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-06 11:37 - 2013-11-06 11:37 - 00000000 ____D C:\Users\Matthew\Desktop\add and send
2013-11-06 10:41 - 2013-11-06 10:41 - 01343192 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\VS2012.3.exe
2013-11-04 22:48 - 2013-11-04 20:06 - 00000000 _____ C:\Users\Matthew\Downloads\PASSWD.LOG
2013-11-04 22:48 - 2013-11-04 16:25 - 00009574 _____ C:\Users\Matthew\Downloads\wiatrace.log
2013-11-04 22:40 - 2013-11-04 22:44 - 00000000 ____D C:\Users\Matthew\Documents\WPA Files
2013-11-04 01:39 - 2013-11-04 01:39 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-11-03 20:13 - 2013-11-03 20:13 - 00112744 _____ C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-03 18:25 - 2013-11-03 18:26 - 05109136 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-03 10:42 - 2013-11-03 16:33 - 00020360 _____ C:\Users\Matthew\Desktop\avgrep.txt
2013-11-01 23:06 - 2013-11-18 00:47 - 00000000 ____D C:\Users\Matthew\Documents\ERRORS VIRUS and ISSUES
2013-11-01 21:02 - 2013-11-01 21:02 - 00000056 _____ C:\Users\Matthew\Documents\FIFA14 UT site.txt
2013-11-01 18:37 - 2013-11-01 18:37 - 00000000 ____D C:\Users\Matthew\Documents\Microsoft AGREEMENTS
2013-11-01 09:05 - 2013-11-01 09:05 - 00000374 _____ C:\Users\Matthew\Documents\214 INF Bco Iraq 2003-2007.txt
2013-10-31 18:59 - 2013-11-17 21:19 - 00000000 ____D C:\Users\Matthew\Documents\HP Computer Stuff
2013-10-29 17:08 - 2013-11-16 02:04 - 00000000 ____D C:\Users\Matthew\Documents\WRP JOBS INFO
2013-10-28 00:20 - 2013-10-28 00:20 - 00000815 _____ C:\Users\Matthew\Desktop\mbar.exe - Shortcut.lnk
2013-10-27 23:59 - 2013-10-27 23:59 - 04379048 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\ccsetup407.exe
2013-10-26 13:35 - 2013-10-26 13:35 - 00518740 _____ C:\Users\Matthew\Documents\HP update for HD oct1,2013.xps
2013-10-26 13:24 - 2013-10-26 13:24 - 07008468 _____ C:\Users\Matthew\Documents\Accsessability Options Win7 by HP.xps
2013-10-19 09:25 - 2013-11-14 20:41 - 00000000 ____D C:\mbar
2013-10-19 09:24 - 2013-11-04 02:14 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Matthew\Downloads\mbar-1.07.0.1007.exe
2013-10-19 08:38 - 2013-11-18 11:03 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-11-18 15:11 - 2013-11-18 15:11 - 00000000 ____D C:\FRST
2013-11-18 13:03 - 2013-08-16 22:03 - 01638910 _____ C:\Windows\WindowsUpdate.log
2013-11-18 13:03 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 13:03 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 12:56 - 2013-11-16 03:16 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-11-18 12:55 - 2013-11-08 23:36 - 00001916 _____ C:\Windows\setupact.log
2013-11-18 12:55 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 11:54 - 2009-07-13 21:13 - 00885674 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-18 11:03 - 2013-11-18 11:03 - 00277600 _____ C:\Windows\Minidump\111813-22276-01.dmp
2013-11-18 11:03 - 2013-11-18 01:12 - 501116095 _____ C:\Windows\MEMORY.DMP
2013-11-18 11:03 - 2013-10-19 08:38 - 00000000 ____D C:\Windows\Minidump
2013-11-18 10:47 - 2013-11-18 10:47 - 04779896 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\spsetup124.exe
2013-11-18 10:47 - 2013-11-18 10:47 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-11-18 10:47 - 2013-11-18 10:47 - 00000000 ____D C:\Program Files\Speccy
2013-11-18 01:54 - 2013-10-06 14:19 - 00000000 ____D C:\Users\Matthew\Documents\Visual Studio 2012
2013-11-18 01:12 - 2013-11-18 01:12 - 00277600 _____ C:\Windows\Minidump\111813-23166-01.dmp
2013-11-18 00:47 - 2013-11-01 23:06 - 00000000 ____D C:\Users\Matthew\Documents\ERRORS VIRUS and ISSUES
2013-11-18 00:44 - 2013-11-17 21:19 - 00005920 _____ C:\Users\Matthew\Documents\NOTES, CLEANING JAVARA and HP contract options.txt
2013-11-17 21:19 - 2013-10-31 18:59 - 00000000 ____D C:\Users\Matthew\Documents\HP Computer Stuff
2013-11-17 17:48 - 2013-11-17 15:45 - 00028540 _____ C:\Users\Matthew\Documents\Dad Xmas 2013 springfield rounds n info.txt
2013-11-16 21:16 - 2013-11-16 21:13 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\FreeFileViewer
2013-11-16 15:28 - 2013-11-16 15:28 - 00002777 _____ C:\Users\Matthew\Documents\TR Doc for position with Opperation Seabird 16mov2013.txt
2013-11-16 14:57 - 2013-11-16 14:57 - 00674787 _____ C:\Users\Matthew\Documents\at&T nokia 920 lumia screen cover by Moshi.xps
2013-11-16 03:18 - 2013-11-16 03:17 - 00000000 ____D C:\Users\Matthew\AppData\Local\FreeFileViewer
2013-11-16 03:16 - 2013-11-16 03:16 - 00003106 _____ C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker
2013-11-16 03:16 - 2013-11-16 03:16 - 00001085 _____ C:\Users\Matthew\Desktop\FreeFileViewer.lnk
2013-11-16 03:16 - 2013-11-16 03:16 - 00000000 ____D C:\Program Files (x86)\FreeFileViewer
2013-11-16 03:15 - 2013-11-16 03:16 - 16617352 _____ (Bitberry Software                                           ) C:\Users\Matthew\Downloads\FreeFileViewerSetup [1].exe
2013-11-16 03:14 - 2013-11-16 03:14 - 00633744 _____ C:\Users\Matthew\Downloads\FreeFileViewerSetup.exe
2013-11-16 02:04 - 2013-10-29 17:08 - 00000000 ____D C:\Users\Matthew\Documents\WRP JOBS INFO
2013-11-15 18:47 - 2013-09-22 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:54 - 2013-11-15 08:24 - 00009680 _____ C:\Users\Matthew\Documents\kirklands lamp message 15nov2013.txt
2013-11-15 10:04 - 2013-11-15 10:04 - 05401342 _____ C:\Users\Matthew\Downloads\mbam_packed_1.00.0.0400.apk
2013-11-15 10:00 - 2013-11-15 10:00 - 01793648 _____ (Malwarebytes                                                ) C:\Users\Matthew\Downloads\mbae-setup-0.09.4.2000.exe
2013-11-15 08:10 - 2013-11-15 08:10 - 00000365 _____ C:\Users\Matthew\Documents\oil and filters for ford truck 2010platinum.txt
2013-11-15 07:40 - 2013-11-15 07:40 - 00198600 _____ C:\Users\Matthew\Documents\2010f150Platinum Oil and Fluid chart.xps
2013-11-15 03:21 - 2013-11-15 03:21 - 00014473 _____ C:\Users\Matthew\Documents\BF4 data loss FIX Guide.txt
2013-11-15 02:57 - 2013-11-15 02:57 - 00313338 _____ C:\Users\Matthew\Documents\BF4 ISSUES n CRASHES From EA site.xps
2013-11-14 20:41 - 2013-10-19 09:25 - 00000000 ____D C:\mbar
2013-11-14 20:09 - 2013-11-14 19:39 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-11-14 20:04 - 2013-10-08 17:56 - 00007613 _____ C:\Users\Matthew\AppData\Local\Resmon.ResmonCfg
2013-11-14 18:24 - 2013-11-14 18:24 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-11-14 16:02 - 2013-11-11 23:59 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 5.3
2013-11-14 13:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 02:05 - 2013-11-13 17:38 - 00003316 _____ C:\Windows\System32\Tasks\{53576FC7-EC5B-454B-A253-9D5ADCD29362}
2013-11-14 02:05 - 2013-11-10 22:30 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-14 02:05 - 2013-08-21 10:01 - 00003168 _____ C:\Windows\System32\Tasks\{FAE60746-536A-46A6-AA4A-D0DB645D7713}
2013-11-14 02:04 - 2013-11-14 02:04 - 00000000 ____D C:\Windows\pss
2013-11-14 02:03 - 2013-11-14 02:03 - 00009804 _____ C:\Users\Matthew\Documents\cc_20131114_040302.reg
2013-11-13 23:31 - 2013-11-13 23:31 - 00001127 _____ C:\Users\Matthew\Documents\xbox BF4 issues.txt
2013-11-12 19:50 - 2013-11-12 16:19 - 00007450 _____ C:\Windows\IE11_main.log
2013-11-12 16:09 - 2013-08-16 22:59 - 00000000 ____D C:\Windows\Panther
2013-11-12 16:05 - 2013-08-17 09:16 - 00000000 ____D C:\Windows\System32\MRT
2013-11-12 16:02 - 2013-08-17 09:16 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 15:52 - 2013-11-10 22:16 - 00006174 _____ C:\Windows\PFRO.log
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\users\Default
2013-11-12 13:05 - 2013-11-12 13:05 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 13:05 - 2013-11-12 13:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 13:04 - 2013-11-12 13:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Matthew\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 00:00 - 2013-11-12 00:00 - 00000196 _____ C:\Users\Matthew\.packettracer
2013-11-12 00:00 - 2013-08-16 20:34 - 00000000 ____D C:\users\Matthew
2013-11-11 23:59 - 2013-11-11 23:59 - 00001235 _____ C:\Users\Matthew\Desktop\Cisco Packet Tracer.lnk
2013-11-11 23:56 - 2013-10-07 18:50 - 77533021 _____ (Cisco Systems, Inc.                                         ) C:\Users\Matthew\Downloads\PacketTracer53_setup.exe
2013-11-11 15:27 - 2013-10-04 21:36 - 00000000 ____D C:\Users\Matthew\Documents\Apt,Bills,Orders,Important
2013-11-10 22:30 - 2013-11-10 22:30 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-10 22:30 - 2013-11-10 22:30 - 00000000 ____D C:\Program Files\CCleaner
2013-11-10 22:20 - 2013-11-10 22:20 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-11-10 22:20 - 2013-11-10 22:20 - 00000000 ____D C:\Program Files\Defraggler
2013-11-10 22:11 - 2013-11-10 22:11 - 00001520 _____ C:\Users\Matthew\Desktop\FileASSASSIN.exe - Shortcut.lnk
2013-11-10 22:08 - 2013-11-10 22:08 - 00001350 _____ C:\Users\Matthew\Desktop\recuva64.exe - Shortcut.lnk
2013-11-10 21:47 - 2013-11-10 21:47 - 00000000 ____D C:\Users\Matthew\AppData\Local\Secunia PSI
2013-11-10 21:47 - 2013-11-10 21:47 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-11-10 21:46 - 2013-11-10 21:46 - 03864904 _____ (Secunia) C:\Users\Matthew\Downloads\PSISetup.exe
2013-11-10 21:42 - 2013-11-10 21:42 - 00653327 _____ C:\Users\Matthew\AppData\Local\census.cache
2013-11-10 21:42 - 2013-11-10 21:42 - 00070564 _____ C:\Users\Matthew\AppData\Local\ars.cache
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\services.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe
2013-11-10 21:21 - 2013-11-10 21:21 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe
2013-11-10 21:20 - 2013-11-10 21:20 - 00000000 _____ C:\Windows\SysWOW64\smss.exe
2013-11-10 21:10 - 2013-11-10 21:10 - 00000036 _____ C:\Users\Matthew\AppData\Local\housecall.guid.cache
2013-11-10 21:08 - 2013-11-10 21:08 - 02049128 _____ (Trend Micro Inc.) C:\Users\Matthew\Downloads\HousecallLauncher.exe
2013-11-10 21:06 - 2013-08-16 21:01 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\QuickScan
2013-11-10 20:43 - 2013-08-23 16:41 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\vlc
2013-11-10 15:53 - 2013-11-10 15:53 - 02347384 _____ (ESET) C:\Users\Matthew\Downloads\esetsmartinstaller_enu.exe
2013-11-10 15:45 - 2013-11-08 13:26 - 04208656 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\dfsetup216.exe
2013-11-10 08:38 - 2013-11-10 08:38 - 00000000 ____D C:\Users\Maggie(magoo)\AppData\Roaming\AVG2014
2013-11-10 08:38 - 2013-11-10 08:38 - 00000000 ____D C:\Users\Maggie(magoo)\AppData\Local\Avg2014
2013-11-10 06:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-10 01:39 - 2013-11-10 01:39 - 00352212 _____ C:\Users\Matthew\Documents\deminsions.xps
2013-11-08 23:36 - 2013-11-08 23:36 - 00000000 _____ C:\Windows\setuperr.log
2013-11-08 00:23 - 2013-08-19 23:57 - 00000000 ____D C:\Users\Matthew\AppData\Local\Adobe
2013-11-08 00:23 - 2013-08-17 10:24 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Adobe
2013-11-08 00:20 - 2013-08-19 23:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-08 00:08 - 2013-09-08 17:24 - 00000000 ____D C:\Users\Matthew\Documents\TAMUCT
2013-11-06 17:02 - 2013-11-06 17:02 - 00000000 ____D C:\Users\Matthew\AppData\Local\ESN
2013-11-06 17:01 - 2013-11-06 17:01 - 03820328 _____ C:\Users\Matthew\Downloads\battlelog-web-plugins_2.3.0_119.exe
2013-11-06 17:01 - 2013-11-06 17:01 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-06 11:37 - 2013-11-06 11:37 - 00000000 ____D C:\Users\Matthew\Desktop\add and send
2013-11-06 10:41 - 2013-11-06 10:41 - 01343192 _____ (Microsoft Corporation) C:\Users\Matthew\Downloads\VS2012.3.exe
2013-11-04 22:44 - 2013-11-04 22:40 - 00000000 ____D C:\Users\Matthew\Documents\WPA Files
2013-11-04 20:06 - 2013-11-04 22:48 - 00000000 _____ C:\Users\Matthew\Downloads\PASSWD.LOG
2013-11-04 16:25 - 2013-11-04 22:48 - 00009574 _____ C:\Users\Matthew\Downloads\wiatrace.log
2013-11-04 11:09 - 2013-08-23 16:59 - 00000000 ____D C:\Users\Matthew\AppData\Local\HP
2013-11-04 02:14 - 2013-10-19 09:24 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Matthew\Downloads\mbar-1.07.0.1007.exe
2013-11-04 01:39 - 2013-11-04 01:39 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2013-11-03 20:13 - 2013-11-03 20:13 - 00112744 _____ C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-03 18:26 - 2013-11-03 18:25 - 05109136 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-03 16:33 - 2013-11-03 10:42 - 00020360 _____ C:\Users\Matthew\Desktop\avgrep.txt
2013-11-02 00:34 - 2009-07-13 20:45 - 00027648 _____ C:\Windows\System32\umstartup.etl
2013-11-01 21:02 - 2013-11-01 21:02 - 00000056 _____ C:\Users\Matthew\Documents\FIFA14 UT site.txt
2013-11-01 18:37 - 2013-11-01 18:37 - 00000000 ____D C:\Users\Matthew\Documents\Microsoft AGREEMENTS
2013-11-01 09:05 - 2013-11-01 09:05 - 00000374 _____ C:\Users\Matthew\Documents\214 INF Bco Iraq 2003-2007.txt
2013-10-28 23:36 - 2013-09-08 19:23 - 00000000 ____D C:\Users\Matthew\Documents\My Web Sites
2013-10-28 00:20 - 2013-10-28 00:20 - 00000815 _____ C:\Users\Matthew\Desktop\mbar.exe - Shortcut.lnk
2013-10-27 23:59 - 2013-10-27 23:59 - 04379048 _____ (Piriform Ltd) C:\Users\Matthew\Downloads\ccsetup407.exe
2013-10-26 13:35 - 2013-10-26 13:35 - 00518740 _____ C:\Users\Matthew\Documents\HP update for HD oct1,2013.xps
2013-10-26 13:24 - 2013-10-26 13:24 - 07008468 _____ C:\Users\Matthew\Documents\Accsessability Options Win7 by HP.xps
2013-10-20 19:29 - 2013-08-21 10:17 - 00000000 ____D C:\Program Files\Recuva

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

5
Restore point made on: 2013-11-11 14:36:29
Restore point made on: 2013-11-12 15:44:49
Restore point made on: 2013-11-12 16:01:56
Restore point made on: 2013-11-12 16:18:48
Restore point made on: 2013-11-12 19:49:04

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4056.36 MB
Available physical RAM: 3268.75 MB
Total Pagefile: 4056.36 MB
Available Pagefile: 3277.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:289.4 GB) (Free:76.26 GB) NTFS
Drive d: (CRUCIAL) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
Drive g: (Repair disc Windows 8 64-bit) (CDROM) (Total:0.22 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:8.61 GB) (Free:8.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-11-10 22:49

==================== End Of Log ============================

 

 

 

Windows Error Report of BSOD

 

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    109
  BCP1:    A3A039D89B1E5920
  BCP2:    B3B7465EED9C93AA
  BCP3:    FFFFF80000B95080
  BCP4:    0000000000000002
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\111813-22276-01.dmp
  C:\Users\Matthew\AppData\Local\Temp\WER-57096-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

 

Thank you again

 

Link to post
Share on other sites

Your issue seems to bee not malware related.

Let´s do a checkup - if it will not show anything suspicious I´ll handle you over to our operating system experts.

 

 

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.

Link to post
Share on other sites

cool, I was looking today and in bios used the dell hardware tests all came back working and passed by Dell bios tests.  I didnt do the extended harddrive check, I plan to do that when I am done for the night, but after that I will get on the rescue CD and get you the files.  Thank you again for your help, plus its a learning expirence for me too, always like learning new stuff.

Link to post
Share on other sites

A pop up screen came up, and it only had two check boxes checked.  I started the scanner with all check boxes check, (the extra ones were C:/, D:/ and V:/  D and V and partitions for tools and backup on HD.)  The HD is 250GB, but after 4 hrs the program stated 13 hrs left to finish scan. 

My question is should I do the scan with the default check boxes only?  Or should I do the HD scan as well.

thanks

Link to post
Share on other sites

ok Just finished with the rescue disc 10 scan, even did a definition update to the program before I ran it, here are the results from the log

Objects Scan: completed 2 days ago   (events: 2, objects: 816, time: 00:02:35)    
11/19/13 4:34 AM    Task started            
11/19/13 4:37 AM    Task completed            
Objects Scan: stopped 1 day ago   (events: 2, objects: 1073051, time: 04:49:57)    
11/19/13 11:34 AM    Task started            
11/19/13 4:24 PM    Task stopped            
Objects Scan: completed 54 minutes ago   (events: 2, objects: 5615585, time: 1 day 03:36:19)    
11/20/13 3:41 AM    Task started            
11/21/13 7:17 AM    Task completed            
 

Objects Scan: completed 2 days ago   (events: 2, objects: 816, time: 00:02:35)    
11/19/13 4:37 AM    Task completed            
11/19/13 4:34 AM    Task started            
Objects Scan: stopped 1 day ago   (events: 2, objects: 1073051, time: 04:49:57)    
11/19/13 4:24 PM    Task stopped            
11/19/13 11:34 AM    Task started            
Objects Scan: completed 1 hour ago   (events: 2, objects: 5615585, time: 1 day 03:36:19)    
11/21/13 7:17 AM    Task completed            
11/20/13 3:41 AM    Task started            
Objects Scan: completed 3 minutes ago   (events: 2, objects: 4232, time: 00:01:29)    
11/21/13 8:14 AM    Task completed            
11/21/13 8:12 AM    Task started            
 

 

That is all it displayed.  Took over 1 day to do this scan, so what do I need to do next.

thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.