Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Full scan hangs/freezes computer


Recommended Posts

Had some strange tabs start opening in FF, the next day my yahoo mail was hacked/spoofed and sent out spam to everyone in my contact list. Malwarebytes quick scan came up clean. Full scan caused a BSOD, ran diagnostics on hardware. Tried doing a system restore which failed. Tried doing a boot scan but my computer is refusing to recognize the flash drive (the drive is good, tested in my laptop). Tried MS Safety Scanner and it hung for hours. Tried Malwarebytes deep scan again and it just hangs after a few hours, it scans about 20% of my harddrive and then everything on my computer locks up.

 

Thank you for any help, I'm at a loss.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.7.2
Run by Lori at 7:55:13 on 2014-03-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16343.13749 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Starfield\offSyncService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Lori\AppData\Local\Starfield\wben.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Lori\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Users\Lori\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lori\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lori\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRun: [Google Update] "C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [starfield Updater] "C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe"
uRun: [wben] "C:\Users\Lori\AppData\Local\Starfield\wben.exe"
uRun: [LightShot] C:\Users\Lori\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Akamai NetSession Interface] "C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Lori\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EASYSE~1.LNK - C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{8BD851CC-1777-4D1A-9B6E-FB5401E8BF20} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\vo7dkq1c.New\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lori\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npo1d.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-23 55280]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2011-2-2 1215216]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-23 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\WINDOWS\SysWOW64\nlssrv32.exe [2014-1-25 70768]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-23 1692480]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-11-2 270704]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-23 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-23 233984]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-23 321064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2010-7-26 15360]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-6 1153368]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 atillk64;atillk64;C:\dell\drivers\R267410\atillk64.sys [2013-6-10 14608]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-16 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-10 91352]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-10 119000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-03-10 23:24:33 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-10 20:58:06 -------- d-----w- C:\AdwCleaner
2014-03-10 20:53:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-10 20:53:20 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-10 20:52:11 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-10 20:38:11 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23D6F33A-54AE-4F7C-B927-1C825C0A9B1B}\offreg.dll
2014-03-10 16:59:13 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23D6F33A-54AE-4F7C-B927-1C825C0A9B1B}\mpengine.dll
2014-03-09 15:11:26 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-08 15:06:14 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BEEEAB36-36A2-4D16-82B3-F8E2978E186B}\gapaengine.dll
2014-03-08 04:09:38 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-03-08 03:34:03 -------- d-----w- C:\Program Files\AMD
2014-03-08 03:25:19 -------- d-----w- C:\Users\Lori\AppData\Roaming\library_dir
2014-03-08 03:11:57 -------- d-----w- C:\Program Files (x86)\Raptr
2014-03-08 00:03:00 33616 ----a-w- C:\Windows\System32\drivers\iqvw64e.sys
2014-03-08 00:02:30 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2014-03-08 00:02:30 -------- d-----w- C:\Program Files\Dell Support Center
2014-03-08 00:01:58 -------- d-----w- C:\Program Files\My Dell
2014-03-02 22:19:53 -------- d-----w- C:\Program Files\iPod
2014-03-02 22:19:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 22:19:52 -------- d-----w- C:\Program Files\iTunes
2014-03-02 22:19:52 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-02 22:14:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-02 22:14:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-02 22:14:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-02 22:14:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-02 22:14:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-02 22:07:25 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-02 22:07:25 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-26 03:50:16 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-02-22 20:54:19 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-21 19:20:05 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-17 05:21:15 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-17 05:21:15 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-17 05:17:24 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-16 15:08:07 -------- d-----w- C:\Users\Lori\AppData\Roaming\abelhadigital.com
2014-02-16 15:08:07 -------- d-----w- C:\ProgramData\abelhadigital.com
2014-02-16 15:08:02 -------- d-----w- C:\Program Files (x86)\HostsMan
.
==================== Find3M  ====================
.
2014-02-21 19:20:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 19:20:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-23 21:53:42 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
2014-01-23 21:53:42 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-18 00:24:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-18 00:24:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH:  7:55:26.16 ===============
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/19/2011 9:03:47 PM
System Uptime: 3/11/2014 4:33:45 AM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0G3HR7
Processor: Intel® Core i7 CPU         870  @ 2.93GHz | CPU 1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1386 GiB total, 113.234 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 466 GiB total, 196.259 GiB free.
J: is FIXED (NTFS) - 1863 GiB total, 734.086 GiB free.
K: is FIXED (NTFS) - 931 GiB total, 754.745 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop CS6
Adobe Photoshop Lightroom 5.3 64-bit
Adobe Pixel Bender Toolkit 2
Adobe Reader X (10.1.9)
Akamai NetSession Interface
Amazon Kindle
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bay Photo
Bay Photo Economy
Best Buy pc app
Bonjour
California 24k Topo Map
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Consumer In-Home Service Agreement
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Diamond Mine Deluxe 1.83
DirectXInstallService
Dropbox
DxO FilmPack 3
EasySetPackage
EMC 10 Content
EMCGadgets64
EOSCount ActiveX control
EOSInfo
EPSON Scan
ESET Online Scanner v3
Evernote v. 4.6.6
FileZilla Client 3.7.1
Fusion 2.2.2
Garmin City Navigator North America v8
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin MapSource
Garmin USB Drivers
GeoSetter 3.4.16
Google Chrome
Google Chrome Backup 1.8.0.141
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
GoToMeeting 5.3.0.1009
GPSBabel 1.4.3
GSAK 8.1.0.10 (Final)
HostsMan 4.1.96
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
I.R.I.S. OCR
ImageJ 1.47v
Inkscape 0.48.2
Instant Eyedropper 1.75
Intel® Control Center
Intel® Rapid Storage Technology
iTunes
Java 7 Update 7
Java Auto Updater
Java 6 Update 20 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
lightshot-5.1.0.15
Mahjong Towers II
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Multimedia Card Reader
My Dell
Nik Collection
nik Color Efex Pro 2.0 Promo III
Notepad++
PC Inspector smart recovery
PDF Settings CS5
PDF Settings CS6
Perfect Effects 3 Free
Perfect Effects 8
Perfect Photo Suite 7.5
Perfect Resize 7.0.2 Professional Edition
Photomatix Pro version 4.2.4
PhotoME Beta-Release
Picasa 3
PLUS Embedder and Reader - Beta v0.8.5
Poladroid
QuickTime 7
Realtek High Definition Audio Driver
Recuva
RescuePRO 3.5
RescuePRO 4.2.2.4
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
Sonic CinePlayer Decoder Pack
Spotify
Spybot - Search & Destroy
Spyder3Pro
Stellarium 0.12.0
TextTwist Deluxe
The Photographer's Ephemeris
Time-Lapse Tool
Topaz Adjust 4
Topaz Adjust 4 (64-bit)
Topaz Adjust 5
Topaz Adjust 5 (64-bit)
Topaz Clarity
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Detail 3
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Topaz ReStyle
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Topaz Simplify 4
Topaz Simplify 4 (64-bit)
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TwitterLocal
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VD64Inst
VirtualRig Studio 2.3 Trial
WD Quick View
WD SmartWare
WD SmartWare Installer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workspace Desktop
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 9:59:40 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/9/2014 9:58:40 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/9/2014 9:00:05 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
3/9/2014 7:55:08 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the File Backup service.
3/9/2014 5:02:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/9/2014 5:01:39 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/9/2014 5:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/9/2014 5:01:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/9/2014 5:01:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/9/2014 5:01:10 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 5:01:09 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/9/2014 4:55:50 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  A system shutdown is in progress.
3/9/2014 10:17:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/9/2014 10:17:37 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/9/2014 10:17:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/9/2014 10:17:07 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/9/2014 10:15:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
3/9/2014 10:15:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/9/2014 10:00:40 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
3/9/2014 10:00:40 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:  An instance of the service is already running.
3/8/2014 11:30:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
3/8/2014 11:30:59 PM, Error: Service Control Manager [7000]  - The Microsoft Software Shadow Copy Provider service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/8/2014 11:30:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
3/8/2014 11:30:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
3/8/2014 11:30:17 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/8/2014 11:29:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/7/2014 6:36:50 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
3/7/2014 6:36:50 PM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/7/2014 6:36:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/7/2014 6:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
3/7/2014 4:07:44 PM, Error: Service Control Manager [7000]  - The Intuit Update Service service failed to start due to the following error:  The pipe has been ended.
3/7/2014 3:44:41 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.
3/7/2014 3:44:41 PM, Error: Service Control Manager [7000]  - The WD Backup service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/7/2014 3:42:27 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
3/7/2014 10:15:10 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
3/10/2014 9:42:21 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
3/10/2014 9:42:21 AM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/10/2014 9:22:11 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
3/10/2014 9:21:32 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
3/10/2014 9:21:32 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/10/2014 9:20:51 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
3/10/2014 9:20:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
3/10/2014 7:48:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
3/10/2014 7:48:06 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/10/2014 7:48:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
3/10/2014 7:38:16 PM, Error: Service Control Manager [7034]  - The Superfetch service terminated unexpectedly.  It has done this 3 time(s).
3/10/2014 7:38:16 PM, Error: Service Control Manager [7034]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 3 time(s).
3/10/2014 7:38:16 PM, Error: Service Control Manager [7034]  - The Network Connections service terminated unexpectedly.  It has done this 3 time(s).
3/10/2014 7:38:16 PM, Error: Service Control Manager [7034]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 3 time(s).
3/10/2014 7:06:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/10/2014 4:06:53 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
3/10/2014 3:59:23 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/10/2014 12:04:37 PM, Error: Service Control Manager [7034]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 3 time(s).
3/10/2014 12:04:37 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 12:04:37 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 12:04:37 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 12:04:37 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 11:11:28 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:  An instance of the service is already running.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/10/2014 11:10:28 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Portable Device Enumerator Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/10/2014 10:18:50 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Thank you Marius, here is the scan

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-11 09:16:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315003 rev.CC4G 1397.27GB
Running: gsyvuz7l.exe; Driver: C:\Users\Lori\AppData\Local\Temp\pxldapod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\system32\svchost.exe [548:3848]                                                                                                                                                                                       000007feeb78506c
Thread   C:\Windows\system32\svchost.exe [548:3852]                                                                                                                                                                                       000007fef2b21c20
Thread   C:\Windows\system32\svchost.exe [548:3856]                                                                                                                                                                                       000007fef2b21c20
Thread   C:\Windows\system32\svchost.exe [548:6128]                                                                                                                                                                                       000007fef7905124
Thread   C:\Windows\system32\svchost.exe [548:7776]                                                                                                                                                                                       000007fefa331ab0
Thread   C:\Windows\system32\svchost.exe [548:5900]                                                                                                                                                                                       000007fefa454164
Thread   C:\Windows\system32\svchost.exe [1092:1332]                                                                                                                                                                                      000007fef9b18274
Thread   C:\Windows\system32\svchost.exe [1092:1044]                                                                                                                                                                                      000007fef9b18274
Thread   C:\Windows\System32\spoolsv.exe [1472:2400]                                                                                                                                                                                      000007fefb7210c8
Thread   C:\Windows\System32\spoolsv.exe [1472:2404]                                                                                                                                                                                      000007fefaf06144
Thread   C:\Windows\System32\spoolsv.exe [1472:2408]                                                                                                                                                                                      000007fef8e95fd0
Thread   C:\Windows\System32\spoolsv.exe [1472:2412]                                                                                                                                                                                      000007fefaee3438
Thread   C:\Windows\System32\spoolsv.exe [1472:2416]                                                                                                                                                                                      000007fef8e963ec
Thread   C:\Windows\System32\spoolsv.exe [1472:2424]                                                                                                                                                                                      000007fefba25e5c
Thread   C:\Windows\System32\spoolsv.exe [1472:2428]                                                                                                                                                                                      000007fefbae5074
Thread   C:\Program Files\Microsoft Security Client\msseces.exe [2892:2956]                                                                                                                                                               000007fefb3c2a7c
Thread   C:\Windows\System32\svchost.exe [11160:724]                                                                                                                                                                                      000007fef830a2b0
Thread   C:\Windows\System32\svchost.exe [11160:6528]                                                                                                                                                                                     000007fefa7ff2f4
Thread   C:\Windows\System32\svchost.exe [11160:8012]                                                                                                                                                                                     000007fefb166204
Thread   C:\Windows\System32\svchost.exe [11160:6920]                                                                                                                                                                                     000007fef48814a0
Thread   C:\Windows\system32\Dwm.exe [2044:11156]                                                                                                                                                                                         000007fef76ff0d8
Thread   C:\Windows\system32\Dwm.exe [2044:3728]                                                                                                                                                                                          000007fef73aabf0
Thread   C:\Windows\System32\WUDFHost.exe [2964:10740]                                                                                                                                                                                    000007fef71524a0
---- Processes - GMER 2.1 ----
 
Library  C:\Users\Lori\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [3608](2014-01-03 00:45:04)                                                              0000000003fa0000
Library  C:\Users\Lori\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [3608](2013-10-18 23:55:02)                                                                    0000000064340000
Library  C:\Users\Lori\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe [3608] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                                      00000000638d0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (Python Core/Python Software Foundation)(2014-03-11 04:21:14)                      000000001e000000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                               000000001e8c0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:14)                                                           000000001e7a0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                            0000000000340000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                                0000000000280000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:14)                                                                   0000000010000000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                   000000001e800000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                               0000000001f90000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                              0000000002e70000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:14)         0000000002fa0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:15)     00000000003c0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:14)     0000000003190000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:15)      0000000003630000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:14)                                                               0000000004010000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                           00000000040e0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:18)     00000000041b0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                          00000000043e0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                              00000000044f0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                           000000001d100000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                                0000000001dd0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                      0000000003770000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                                000000001d1a0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                              000000001ea10000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                          000000001ec80000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                             000000001e9b0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:12)                                                              000000001eaa0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                             0000000005680000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                              0000000001e60000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184] (wxWidgets for MSW/wxWidgets development team)(2014-03-11 04:21:18)  00000000056c0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:14)                                                       00000000056e0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                                 00000000056f0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                              000000001eb90000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                            00000000058c0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                               000000001eb60000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                             000000001e980000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:13)                                                           000000001ebf0000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:11)                                                           000000001ec20000
Library  C:\Users\Lori\AppData\Local\Temp\_MEI31722\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [3184](2014-03-11 04:21:10)                                                                000000001ed40000
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Skip combofix, let´s try something else instead:

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

When FRST finished and computer rebooted it went right into chkdsk. I had run chkdsk three days ago with no errors, this time there was a significant number of problems.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by SYSTEM on MININT-GV7M32L on 12-03-2014 08:22:31
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\Lori\...\Run: [Google Update] - C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-20] (Google Inc.)
HKU\Lori\...\Run: [starfield Updater] - C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe [33984 2011-07-20] ()
HKU\Lori\...\Run: [wben] - C:\Users\Lori\AppData\Local\Starfield\wben.exe [1074384 2010-11-08] (Starfield Technologies, Inc.)
HKU\Lori\...\Run: [LightShot] - C:\Users\Lori\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\Lori\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\Lori\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKU\Lori\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Lori\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\Lori\...\Run: [Akamai NetSession Interface] - C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Services (Whitelisted) =================
 
S2 File Backup; C:\Program Files (x86)\Starfield\offSyncService.exe [1215216 2011-02-02] (Starfield Technologies, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India)
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-10] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-31] ()
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-12 10:11 - 2014-03-12 10:11 - 02157056 _____ (Farbar) C:\Users\Lori\Downloads\FRST64.exe
2014-03-12 08:22 - 2014-03-12 08:22 - 00000000 ____D () C:\FRST
2014-03-11 12:50 - 2014-03-11 14:02 - 00000000 ___SD () C:\ComboFix
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Qoobox
2014-03-11 11:26 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-11 11:26 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-11 11:26 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-11 11:26 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-11 11:26 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-11 11:26 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-11 11:26 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-11 11:26 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-11 11:23 - 2014-03-11 11:23 - 05188693 ____R (Swearware) C:\Users\Lori\Desktop\ComboFix.exe
2014-03-11 11:16 - 2014-03-11 11:16 - 00016497 _____ () C:\Users\Lori\Desktop\ark.txt
2014-03-11 11:05 - 2014-03-11 11:05 - 00380416 _____ () C:\Users\Lori\Downloads\gsyvuz7l.exe
2014-03-11 09:55 - 2014-03-11 09:55 - 00034671 _____ () C:\Users\Lori\Desktop\attach.txt
2014-03-11 09:55 - 2014-03-11 09:55 - 00026431 _____ () C:\Users\Lori\Desktop\dds.txt
2014-03-11 09:54 - 2014-03-11 09:55 - 00688992 ____R (Swearware) C:\Users\Lori\Downloads\dds (1).scr
2014-03-11 01:20 - 2014-03-11 01:20 - 00688992 ____R (Swearware) C:\Users\Lori\Downloads\dds.scr
2014-03-11 00:36 - 2014-03-11 00:45 - 00000000 ____D () C:\Program Files\Recuva
2014-03-11 00:36 - 2014-03-11 00:36 - 04092088 _____ (Piriform Ltd) C:\Users\Lori\Downloads\rcsetup150.exe
2014-03-11 00:36 - 2014-03-11 00:36 - 00001660 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-11 00:36 - 2014-03-11 00:36 - 00001660 _____ () C:\ProgramData\Desktop\Recuva.lnk
2014-03-10 18:24 - 2014-03-10 18:24 - 02347384 _____ (ESET) C:\Users\Lori\Downloads\esetsmartinstaller_enu.exe
2014-03-10 18:24 - 2014-03-10 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-10 15:58 - 2014-03-10 15:58 - 00000000 ____D () C:\AdwCleaner
2014-03-10 15:57 - 2014-03-10 15:57 - 01949184 _____ () C:\Users\Lori\Downloads\adwcleaner.exe
2014-03-10 15:53 - 2014-03-10 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-10 15:53 - 2014-03-10 15:53 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-03-10 15:52 - 2014-03-10 15:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Lori\Desktop\mbar
2014-03-10 15:51 - 2014-03-10 15:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lori\Downloads\mbar-1.07.0.1009.exe
2014-03-09 22:55 - 2014-03-09 22:55 - 00202968 _____ () C:\Users\Lori\Documents\cc_20140309_205458.reg
2014-03-09 22:44 - 2014-03-09 22:45 - 04765152 _____ (Piriform Ltd) C:\Users\Lori\Downloads\ccsetup411.exe
2014-03-09 19:36 - 2014-03-09 19:37 - 103696656 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\msert.exe
2014-03-07 23:09 - 2014-03-07 23:09 - 00061227 _____ () C:\Windows\SysWOW64\CCCInstall_201403072009046567.log
2014-03-07 23:09 - 2014-03-07 23:09 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-07 22:34 - 2014-03-07 22:34 - 00000000 ____D () C:\Program Files\AMD
2014-03-07 22:25 - 2014-03-07 22:25 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\library_dir
2014-03-07 22:11 - 2014-03-09 21:57 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-03-07 22:11 - 2014-03-07 22:11 - 01007930 _____ () C:\Users\Lori\Downloads\amddriverdownload_installer.exe
2014-03-07 22:09 - 2014-03-07 22:10 - 01021432 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\NDP451-KB2859818-Web.exe
2014-03-07 19:03 - 2014-01-10 03:36 - 00033616 _____ (Intel Corporation ) C:\Windows\System32\Drivers\iqvw64e.sys
2014-03-07 19:02 - 2014-03-11 16:25 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-07 19:02 - 2014-03-09 18:34 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-03-07 19:02 - 2014-03-09 18:34 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-03-07 19:02 - 2014-03-07 19:02 - 00003980 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-07 19:02 - 2014-03-07 19:02 - 00003192 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-07 19:01 - 2014-03-09 18:34 - 00000000 ____D () C:\Program Files\My Dell
2014-03-02 17:21 - 2014-03-02 17:21 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00001785 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-03-02 17:19 - 2014-03-02 17:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 17:19 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 17:19 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 17:19 - 2014-03-02 17:19 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 17:14 - 2014-03-02 17:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 17:07 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-02 17:07 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-02-25 22:50 - 2009-08-26 18:04 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-02-24 12:13 - 2014-02-24 12:24 - 143371832 _____ () C:\Users\Lori\Downloads\R274044.exe
2014-02-24 12:12 - 2014-02-24 12:12 - 02579528 _____ () C:\Users\Lori\Downloads\R245415.exe
2014-02-24 12:02 - 2014-02-24 12:01 - 00404048 _____ () C:\Users\Lori\Downloads\DellSystemDetect.exe
2014-02-22 15:54 - 2014-02-22 15:54 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-22 15:54 - 2014-02-22 15:54 - 00002697 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-02-22 15:54 - 2014-02-22 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-21 18:41 - 2014-02-21 18:43 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\Lori\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-02-21 14:20 - 2014-02-21 14:20 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-18 17:20 - 2014-02-18 17:20 - 00005301 _____ () C:\Users\Lori\Downloads\171298.user.js
2014-02-18 12:58 - 2014-02-18 12:58 - 00006502 _____ () C:\Users\Lori\Downloads\154993.user.js
2014-02-17 00:21 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-17 00:21 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 00:20 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-17 00:20 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-17 00:20 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-17 00:20 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-17 00:20 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-17 00:20 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-17 00:20 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-17 00:20 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-17 00:20 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-17 00:20 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-17 00:20 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-17 00:20 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-17 00:20 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-17 00:20 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-17 00:20 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 00:20 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-17 00:20 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-17 00:20 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-17 00:20 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-17 00:20 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-17 00:20 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-17 00:20 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-17 00:20 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-17 00:20 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-17 00:20 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-17 00:20 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-17 00:20 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-17 00:20 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-17 00:20 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-17 00:20 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-17 00:20 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-17 00:20 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-17 00:20 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-17 00:20 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-17 00:20 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-17 00:20 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-17 00:20 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-17 00:20 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-17 00:20 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-17 00:17 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-17 00:17 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-17 00:17 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-17 00:17 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-17 00:17 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-17 00:17 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-17 00:17 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-17 00:17 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-17 00:17 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-17 00:17 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-17 00:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-17 00:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-17 00:17 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-17 00:17 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-17 00:17 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-17 00:17 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-17 00:17 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-17 00:17 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-17 00:17 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-17 00:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-17 00:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-17 00:17 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-17 00:17 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-17 00:17 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-17 00:17 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-17 00:17 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-17 00:17 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 00:17 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\abelhadigital.com
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\ProgramData\Documents\HostsMan Backups
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Program Files (x86)\HostsMan
2014-02-16 00:12 - 2014-02-16 00:12 - 00000010 _____ () C:\Users\Lori\Desktop\MWListAuthorizationCode.txt
2014-02-15 23:57 - 2014-02-15 23:57 - 00000824 _____ () C:\Users\Lori\Desktop\hosts_backup.txt
2014-02-15 12:44 - 2014-02-15 12:44 - 01231392 _____ () C:\Users\Lori\Desktop\demonbackup20140215.txt
2014-02-15 01:44 - 2014-02-15 01:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2014-03-12 10:17 - 2014-01-29 12:09 - 00000000 ____D () C:\FacebookPro
2014-03-12 10:17 - 2011-09-20 18:49 - 00238298 _____ () C:\Windows\offSyncService.log
2014-03-12 10:17 - 2009-07-14 00:10 - 01597877 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 10:13 - 2014-01-24 19:22 - 00029572 _____ () C:\Users\Lori\Documents\PerfectEffectsConduit.log
2014-03-12 10:13 - 2014-01-24 19:22 - 00008688 _____ () C:\Users\Lori\Documents\GenuineFractalsConduit.log
2014-03-12 10:13 - 2010-09-23 10:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-12 10:12 - 2011-07-20 15:35 - 00000000 ____D () C:\Users\Lori\AppData\Local\Adobe
2014-03-12 10:11 - 2014-03-12 10:11 - 02157056 _____ (Farbar) C:\Users\Lori\Downloads\FRST64.exe
2014-03-12 10:10 - 2012-04-08 15:29 - 00000000 ___RD () C:\Users\Lori\Dropbox
2014-03-12 10:10 - 2012-04-08 15:27 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Dropbox
2014-03-12 10:09 - 2012-10-17 12:07 - 00000000 ____D () C:\Users\Lori\AppData\Local\Htc
2014-03-12 10:09 - 2012-04-24 12:04 - 00000000 ___RD () C:\Users\Lori\Google Drive
2014-03-12 10:09 - 2011-09-15 08:53 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 10:09 - 2011-07-20 14:44 - 00380195 _____ () C:\Users\Lori\Documents\WorkspaceUpdate.log
2014-03-12 10:09 - 2010-09-23 10:45 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-12 10:09 - 2010-09-23 10:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-12 10:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 10:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 10:02 - 2013-08-28 21:42 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-03-12 10:01 - 2013-10-11 21:50 - 00007790 _____ () C:\Windows\setupact.log
2014-03-12 10:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 08:22 - 2014-03-12 08:22 - 00000000 ____D () C:\FRST
2014-03-12 02:02 - 2011-07-20 21:08 - 00000000 ____D () C:\CrazyLori
2014-03-12 01:57 - 2011-09-15 08:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 01:57 - 2011-08-01 21:58 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-38544632-2117033096-1779847156-1001.job
2014-03-12 01:41 - 2011-07-20 12:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA.job
2014-03-12 01:21 - 2012-04-06 19:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 23:54 - 2011-07-21 22:09 - 00000000 ____D () C:\PX
2014-03-11 23:15 - 2011-08-01 21:58 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-03-11 16:25 - 2014-03-07 19:02 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-11 14:07 - 2011-09-20 18:50 - 00245376 _____ () C:\Windows\PFRO.log
2014-03-11 14:07 - 2009-07-14 00:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-11 14:02 - 2014-03-11 12:50 - 00000000 ___SD () C:\ComboFix
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-11 11:26 - 2014-03-11 11:26 - 00000000 ____D () C:\Qoobox
2014-03-11 11:23 - 2014-03-11 11:23 - 05188693 ____R (Swearware) C:\Users\Lori\Desktop\ComboFix.exe
2014-03-11 11:16 - 2014-03-11 11:16 - 00016497 _____ () C:\Users\Lori\Desktop\ark.txt
2014-03-11 11:05 - 2014-03-11 11:05 - 00380416 _____ () C:\Users\Lori\Downloads\gsyvuz7l.exe
2014-03-11 10:40 - 2011-07-20 12:28 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core.job
2014-03-11 09:55 - 2014-03-11 09:55 - 00034671 _____ () C:\Users\Lori\Desktop\attach.txt
2014-03-11 09:55 - 2014-03-11 09:55 - 00026431 _____ () C:\Users\Lori\Desktop\dds.txt
2014-03-11 09:55 - 2014-03-11 09:54 - 00688992 ____R (Swearware) C:\Users\Lori\Downloads\dds (1).scr
2014-03-11 01:20 - 2014-03-11 01:20 - 00688992 ____R (Swearware) C:\Users\Lori\Downloads\dds.scr
2014-03-11 00:45 - 2014-03-11 00:36 - 00000000 ____D () C:\Program Files\Recuva
2014-03-11 00:36 - 2014-03-11 00:36 - 04092088 _____ (Piriform Ltd) C:\Users\Lori\Downloads\rcsetup150.exe
2014-03-11 00:36 - 2014-03-11 00:36 - 00001660 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-03-11 00:36 - 2014-03-11 00:36 - 00001660 _____ () C:\ProgramData\Desktop\Recuva.lnk
2014-03-11 00:32 - 2013-10-05 22:32 - 00151338 _____ () C:\Users\Lori\rpro.log
2014-03-10 18:24 - 2014-03-10 18:24 - 02347384 _____ (ESET) C:\Users\Lori\Downloads\esetsmartinstaller_enu.exe
2014-03-10 18:24 - 2014-03-10 18:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-10 16:17 - 2014-03-10 15:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-10 15:58 - 2014-03-10 15:58 - 00000000 ____D () C:\AdwCleaner
2014-03-10 15:57 - 2014-03-10 15:57 - 01949184 _____ () C:\Users\Lori\Downloads\adwcleaner.exe
2014-03-10 15:53 - 2014-03-10 15:53 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-03-10 15:52 - 2014-03-10 15:52 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-03-10 15:52 - 2014-03-10 15:52 - 00000000 ____D () C:\Users\Lori\Desktop\mbar
2014-03-10 15:51 - 2014-03-10 15:51 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Lori\Downloads\mbar-1.07.0.1009.exe
2014-03-09 23:20 - 2009-07-14 00:13 - 00006450 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-09 22:55 - 2014-03-09 22:55 - 00202968 _____ () C:\Users\Lori\Documents\cc_20140309_205458.reg
2014-03-09 22:46 - 2011-09-20 15:33 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-09 22:46 - 2011-09-20 15:33 - 00000824 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-03-09 22:46 - 2011-09-20 15:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-09 22:45 - 2014-03-09 22:44 - 04765152 _____ (Piriform Ltd) C:\Users\Lori\Downloads\ccsetup411.exe
2014-03-09 22:07 - 2011-07-20 20:43 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-03-09 22:07 - 2011-07-20 20:41 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-03-09 21:57 - 2014-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-03-09 19:37 - 2014-03-09 19:36 - 103696656 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\msert.exe
2014-03-09 18:34 - 2014-03-07 19:02 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-03-09 18:34 - 2014-03-07 19:02 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-03-09 18:34 - 2014-03-07 19:01 - 00000000 ____D () C:\Program Files\My Dell
2014-03-09 18:34 - 2012-08-02 19:26 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-03-09 18:33 - 2011-07-19 23:03 - 00000000 ____D () C:\users\Lori
2014-03-09 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-09 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-09 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-09 17:02 - 2010-09-23 10:25 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-09 16:13 - 2013-10-10 17:21 - 00000000 ____D () C:\M-Photo
2014-03-09 16:08 - 2011-07-19 23:08 - 00000000 ____D () C:\Users\Lori\AppData\Local\Deployment
2014-03-07 23:09 - 2014-03-07 23:09 - 00061227 _____ () C:\Windows\SysWOW64\CCCInstall_201403072009046567.log
2014-03-07 23:09 - 2014-03-07 23:09 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-03-07 23:09 - 2012-08-02 19:26 - 00000000 ____D () C:\ProgramData\AMD
2014-03-07 23:08 - 2012-08-02 19:24 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-03-07 22:34 - 2014-03-07 22:34 - 00000000 ____D () C:\Program Files\AMD
2014-03-07 22:32 - 2013-08-28 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-07 22:25 - 2014-03-07 22:25 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\library_dir
2014-03-07 22:11 - 2014-03-07 22:11 - 01007930 _____ () C:\Users\Lori\Downloads\amddriverdownload_installer.exe
2014-03-07 22:10 - 2014-03-07 22:09 - 01021432 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\NDP451-KB2859818-Web.exe
2014-03-07 22:06 - 2010-09-23 10:20 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-07 19:02 - 2014-03-07 19:02 - 00003980 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-07 19:02 - 2014-03-07 19:02 - 00003192 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-07 19:02 - 2011-07-19 23:08 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Dell
2014-03-07 19:00 - 2011-07-19 23:08 - 00000000 ____D () C:\Users\Lori\AppData\Local\SupportSoft
2014-03-07 19:00 - 2010-09-23 10:36 - 00000000 ____D () C:\ProgramData\Dell
2014-03-07 19:00 - 2010-09-23 10:23 - 00000000 ____D () C:\ProgramData\SupportSoft
2014-03-07 10:56 - 2011-08-01 21:58 - 00003258 _____ () C:\Windows\System32\Tasks\update-S-1-5-21-38544632-2117033096-1779847156-1001
2014-03-07 10:56 - 2011-08-01 21:58 - 00002070 _____ () C:\Users\Lori\AppData\Local\UserProducts.xml
2014-03-04 11:10 - 2013-04-09 15:15 - 00002362 _____ () C:\Users\Lori\Desktop\Google Chrome.lnk
2014-03-03 20:06 - 2011-07-20 14:37 - 00000000 ____D () C:\Users\Lori\Documents\Outlook Files
2014-03-03 16:48 - 2011-07-20 21:18 - 00000000 ____D () C:\SitRep
2014-03-02 17:21 - 2014-03-02 17:21 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00001785 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-03-02 17:21 - 2014-03-02 17:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 17:21 - 2014-03-02 17:19 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 17:21 - 2014-03-02 17:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 17:19 - 2014-03-02 17:19 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 17:14 - 2014-03-02 17:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-25 22:50 - 2010-09-23 10:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-24 13:04 - 2011-09-08 14:39 - 00000000 ____D () C:\Photos
2014-02-24 12:24 - 2014-02-24 12:13 - 143371832 _____ () C:\Users\Lori\Downloads\R274044.exe
2014-02-24 12:12 - 2014-02-24 12:12 - 02579528 _____ () C:\Users\Lori\Downloads\R245415.exe
2014-02-24 12:01 - 2014-02-24 12:02 - 00404048 _____ () C:\Users\Lori\Downloads\DellSystemDetect.exe
2014-02-22 15:54 - 2014-02-22 15:54 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-22 15:54 - 2014-02-22 15:54 - 00002697 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-02-22 15:54 - 2014-02-22 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-22 15:54 - 2011-07-20 14:06 - 00000000 ____D () C:\ProgramData\Skype
2014-02-22 15:53 - 2011-07-20 14:06 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Skype
2014-02-22 15:11 - 2011-07-21 22:08 - 00000000 ____D () C:\SoFia
2014-02-22 15:11 - 2011-07-21 22:07 - 00000000 ____D () C:\Will
2014-02-22 15:10 - 2011-07-21 22:08 - 00000000 ____D () C:\Lorie
2014-02-22 15:10 - 2011-07-21 22:08 - 00000000 ____D () C:\Lil
2014-02-21 18:43 - 2014-02-21 18:41 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\Lori\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-02-21 14:20 - 2014-02-21 14:20 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-21 14:20 - 2012-04-06 19:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 14:20 - 2012-04-06 19:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 14:20 - 2011-07-20 20:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 17:20 - 2014-02-18 17:20 - 00005301 _____ () C:\Users\Lori\Downloads\171298.user.js
2014-02-18 12:58 - 2014-02-18 12:58 - 00006502 _____ () C:\Users\Lori\Downloads\154993.user.js
2014-02-17 00:30 - 2011-07-20 12:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 00:29 - 2013-08-18 10:39 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-17 00:27 - 2011-07-20 17:39 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-17 00:22 - 2009-07-13 21:34 - 00000510 _____ () C:\Windows\win.ini
2014-02-17 00:02 - 2012-09-02 23:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\abelhadigital.com
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\ProgramData\Documents\HostsMan Backups
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-02-16 10:08 - 2014-02-16 10:08 - 00000000 ____D () C:\Program Files (x86)\HostsMan
2014-02-16 00:12 - 2014-02-16 00:12 - 00000010 _____ () C:\Users\Lori\Desktop\MWListAuthorizationCode.txt
2014-02-15 23:57 - 2014-02-15 23:57 - 00000824 _____ () C:\Users\Lori\Desktop\hosts_backup.txt
2014-02-15 12:44 - 2014-02-15 12:44 - 01231392 _____ () C:\Users\Lori\Desktop\demonbackup20140215.txt
2014-02-15 01:44 - 2014-02-15 01:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 11:35 - 2011-07-20 12:28 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA
2014-02-14 11:35 - 2011-07-20 12:28 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core
2014-02-10 16:51 - 2011-09-15 08:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 16:51 - 2011-09-15 08:53 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\Quarantine.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-09 09:57:45
Restore point made on: 2014-03-09 09:57:51
Restore point made on: 2014-03-09 09:57:52
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16343.08 MB
Available physical RAM: 15128.65 MB
Total Pagefile: 16341.23 MB
Available Pagefile: 15144.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1386.34 GB) (Free:112.84 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:196.26 GB) NTFS
Drive j: (My Book) (Fixed) (Total:1862.98 GB) (Free:734.09 GB) NTFS
Drive k: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:754.74 GB) NTFS
Drive l: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-710447988736) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 466 GB) (Disk ID: A4B57300)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)
 
========================================================
Disk: 7 (Size: 932 GB) (Disk ID: 3947961A)
Partition 1: (Active) - (Size=931 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-02-28 03:36
 
==================== End Of Log ============================
Link to post
Share on other sites

System File Check (offline mode)

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt
  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your system drive letter and system path (for example, D:\windows\) and close the notepad.
  • enter the following command:



sfc /scannow /offbootdir=d:\ /offwindir=d:\windows


Replace the red and pink parts with the informations you obtained from the last step of this tutorial.

Note: Depending on how your computer is setup, the Command Prompt, when used from outside of Windows, doesn't always assign drive letters in the same way that you see them from inside Windows. In other words, Windows might be at C:\Windows when you're using it, but D:\Windows from the Command Prompt in System Recovery Options.

Link to post
Share on other sites

Boot into windows

 

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites

I have tried running chkdsk twice this morning and both times it stalled in the same place, stage 4 verifying file integrity record 17187 or 591856 for almost an hour. It has never taken that long before. Does this mean my hard drive is now shot too?

 

Here is the log from when I ran chkdsk last night, maybe it will provide some insight:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/12/2014 6:26:14 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Lori-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x7e000000001c55, file size 0x1c55, and
allocated length 0x2000.
Deleting corrupt attribute record (128, "")
from file record segment 416009.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x54000000006981, file size 0x6981, and
allocated length 0x7000.
Deleting corrupt attribute record (128, "")
from file record segment 416010.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x2000000003302, file size 0x3302, and
allocated length 0x4000.
Deleting corrupt attribute record (128, "")
from file record segment 416011.
The attribute of type 0x80 and instance tag 0x5 should not be indexed.
Deleting corrupt attribute record (128, Zone.Identifier)
from file record segment 426073.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x23cbf2 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x68059 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 426073.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x355000000002beb, file size 0x2beb, and
allocated length 0x3000.
Deleting corrupt attribute record (128, "")
from file record segment 426075.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x6d000000004f44, file size 0x4f44, and
allocated length 0x5000.
Deleting corrupt attribute record (128, "")
from file record segment 443583.
  591872 file records processed.                                         
 
File verification completed.
  3308 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  50 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
Unable to locate the file name attribute of index entry 3CE4.tmp
of index $I30 with parent 0x5ef in file 0xbbd.
Deleting index entry 3CE4.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CE6.tmp
of index $I30 with parent 0x5ef in file 0xbc0.
Deleting index entry 3CE6.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CE8.tmp
of index $I30 with parent 0x5ef in file 0xbc4.
Deleting index entry 3CE8.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CFA.tmp
of index $I30 with parent 0x5ef in file 0xbc8.
Deleting index entry 3CFA.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CFC.tmp
of index $I30 with parent 0x5ef in file 0xbcc.
Deleting index entry 3CFC.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D0D.tmp
of index $I30 with parent 0x5ef in file 0x1125.
Deleting index entry 3D0D.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D20.tmp
of index $I30 with parent 0x5ef in file 0x215f.
Deleting index entry 3D20.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D22.tmp
of index $I30 with parent 0x5ef in file 0x226e.
Deleting index entry 3D22.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D33.tmp
of index $I30 with parent 0x5ef in file 0x22b9.
Deleting index entry 3D33.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D35.tmp
of index $I30 with parent 0x5ef in file 0x22ed.
Deleting index entry 3D35.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D47.tmp
of index $I30 with parent 0x5ef in file 0x20d0.
Deleting index entry 3D47.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 8CDCEm01
of index $I30 with parent 0x50fbd in file 0x293af.
Deleting index entry 8CDCEm01 in index $I30 of file 331709.
Unable to locate the file name attribute of index entry A7BC3d01
of index $I30 with parent 0x5ccb9 in file 0x293ad.
Deleting index entry A7BC3d01 in index $I30 of file 380089.
Unable to locate the file name attribute of index entry A7BC3m01
of index $I30 with parent 0x5ccb9 in file 0x293ae.
Deleting index entry A7BC3m01 in index $I30 of file 380089.
Unable to locate the file name attribute of index entry C8CF9m"1
of index $I30 with parent 0x6982a in file 0x29e1d.
Deleting index entry C8CF9m"1 in index $I30 of file 432170.
  747378 index entries processed.                                        
 
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
  0 unindexed files scanned.                                        
 
CHKDSK is recovering remaining unindexed files.
  11 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  591872 file SDs/SIDs processed.                                        
 
Cleaning up 9 unused index entries from index $SII of file 0x9.
Cleaning up 9 unused index entries from index $SDH of file 0x9.
Cleaning up 9 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 416009.
Inserting data attribute into file 416010.
Inserting data attribute into file 416011.
Inserting data attribute into file 426073.
Inserting data attribute into file 426075.
Inserting data attribute into file 443583.
  77760 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34134248 USN bytes processed.                                            
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
1453686783 KB total disk space.
1337713920 KB in 469448 files.
    240172 KB in 77756 indexes.
        24 KB in bad sectors.
    737959 KB in use by the system.
     65536 KB occupied by the log file.
 114994708 KB available on disk.
 
      4096 bytes in each allocation unit.
 363421695 total allocation units on disk.
  28748677 allocation units available on disk.
 
Internal Info:
00 08 09 00 92 59 08 00 d2 f9 0e 00 00 00 00 00  .....Y..........
21 0b 00 00 32 00 00 00 00 00 00 00 00 00 00 00  !...2...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-03-13T01:26:14.000000000Z" />
    <EventRecordID>71555</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Lori-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
 
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 3)...
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x7e000000001c55, file size 0x1c55, and
allocated length 0x2000.
Deleting corrupt attribute record (128, "")
from file record segment 416009.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x54000000006981, file size 0x6981, and
allocated length 0x7000.
Deleting corrupt attribute record (128, "")
from file record segment 416010.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x2000000003302, file size 0x3302, and
allocated length 0x4000.
Deleting corrupt attribute record (128, "")
from file record segment 416011.
The attribute of type 0x80 and instance tag 0x5 should not be indexed.
Deleting corrupt attribute record (128, Zone.Identifier)
from file record segment 426073.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x23cbf2 for possibly 0x2 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x68059 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 426073.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x355000000002beb, file size 0x2beb, and
allocated length 0x3000.
Deleting corrupt attribute record (128, "")
from file record segment 426075.
The non resident attribute of type 0x80 and instance tag 0x4 is
inconsistent.  The valid data length is 0x6d000000004f44, file size 0x4f44, and
allocated length 0x5000.
Deleting corrupt attribute record (128, "")
from file record segment 443583.
  591872 file records processed.                                         
 
File verification completed.
  3308 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  50 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 3)...
Unable to locate the file name attribute of index entry 3CE4.tmp
of index $I30 with parent 0x5ef in file 0xbbd.
Deleting index entry 3CE4.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CE6.tmp
of index $I30 with parent 0x5ef in file 0xbc0.
Deleting index entry 3CE6.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CE8.tmp
of index $I30 with parent 0x5ef in file 0xbc4.
Deleting index entry 3CE8.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CFA.tmp
of index $I30 with parent 0x5ef in file 0xbc8.
Deleting index entry 3CFA.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3CFC.tmp
of index $I30 with parent 0x5ef in file 0xbcc.
Deleting index entry 3CFC.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D0D.tmp
of index $I30 with parent 0x5ef in file 0x1125.
Deleting index entry 3D0D.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D20.tmp
of index $I30 with parent 0x5ef in file 0x215f.
Deleting index entry 3D20.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D22.tmp
of index $I30 with parent 0x5ef in file 0x226e.
Deleting index entry 3D22.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D33.tmp
of index $I30 with parent 0x5ef in file 0x22b9.
Deleting index entry 3D33.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D35.tmp
of index $I30 with parent 0x5ef in file 0x22ed.
Deleting index entry 3D35.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 3D47.tmp
of index $I30 with parent 0x5ef in file 0x20d0.
Deleting index entry 3D47.tmp in index $I30 of file 1519.
Unable to locate the file name attribute of index entry 8CDCEm01
of index $I30 with parent 0x50fbd in file 0x293af.
Deleting index entry 8CDCEm01 in index $I30 of file 331709.
Unable to locate the file name attribute of index entry A7BC3d01
of index $I30 with parent 0x5ccb9 in file 0x293ad.
Deleting index entry A7BC3d01 in index $I30 of file 380089.
Unable to locate the file name attribute of index entry A7BC3m01
of index $I30 with parent 0x5ccb9 in file 0x293ae.
Deleting index entry A7BC3m01 in index $I30 of file 380089.
Unable to locate the file name attribute of index entry C8CF9m"1
of index $I30 with parent 0x6982a in file 0x29e1d.
Deleting index entry C8CF9m"1 in index $I30 of file 432170.
  747378 index entries processed.                                        
 
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
  0 unindexed files scanned.                                        
 
CHKDSK is recovering remaining unindexed files.
  11 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 3)...
  591872 file SDs/SIDs processed.                                        
 
Cleaning up 9 unused index entries from index $SII of file 0x9.
Cleaning up 9 unused index entries from index $SDH of file 0x9.
Cleaning up 9 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 416009.
Inserting data attribute into file 416010.
Inserting data attribute into file 416011.
Inserting data attribute into file 426073.
Inserting data attribute into file 426075.
Inserting data attribute into file 443583.
  77760 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  34134248 USN bytes processed.                                            
 
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
1453686783 KB total disk space.
1337713920 KB in 469448 files.
    240172 KB in 77756 indexes.
        24 KB in bad sectors.
    737959 KB in use by the system.
     65536 KB occupied by the log file.
 114994708 KB available on disk.
 
      4096 bytes in each allocation unit.
 363421695 total allocation units on disk.
  28748677 allocation units available on disk.
 
Internal Info:
00 08 09 00 92 59 08 00 d2 f9 0e 00 00 00 00 00  .....Y..........
21 0b 00 00 32 00 00 00 00 00 00 00 00 00 00 00  !...2...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
 
 
 
... and now whatever virus I have has started turning off my AV software at random times. 
Link to post
Share on other sites

 

1453686783 KB total disk space.
1337713920 KB in 469448 files.
    240172 KB in 77756 indexes.
        24 KB in bad sectors.

Your hard disk drive shows physical surface damage - this may result in data loss and syste mmalfunction and could be the cause for your scanning/performance issues.

I strongly recommend to replace this hard disk immediately.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.