1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Clicking on Links takes me to random websites

Discussion in 'Virus & Other Malware Removal' started by Lothys, Feb 26, 2013.

Thread Status:
Not open for further replies.
  1. Lothys

    Lothys Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    1
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, x64 Family 6 Model 15 Stepping 11
    Processor Count: 4
    RAM: 3325 Mb
    Graphics Card: NVIDIA GeForce GTX 460, 767 Mb
    Hard Drives: C: Total - 476890 MB, Free - 378808 MB;
    Motherboard: Dell Inc., 0TP406
    Antivirus: Norton Security Suite, Updated and Enabled

    ----------------------

    I started having some major issues about 2 days ago.. going to google and clicking on links would take me to random sites. Windows host processor would randomly go to 100 % usage and slow me down. Then I crashed and suspected something. Ran a full scan of my av it found a trojan removed it. Then today i got a few attacks that Nortons blocked.. and the clicking on links things got worse and then i crashed again.. downloaded malawarebytes it found one deleted it.. i rebooted.. crashed.. windows did a checkdsk.. deleted a bunch of index entrys.. came back in crashed.. went into safe mode with internet off.. ran mal and my av nothing found.. came back in.. surprised i got to you through google without going to a random site. I do not know what else to do and hope you can help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:05:14 PM, on 2/26/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Dell P713w\dlecmon.exe
    C:\Program Files\Dell P713w\ezprint.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Laura\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll
    O4 - HKLM\..\Run: [dlecmon.exe] "C:\Program Files\Dell P713w\dlecmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell P713w\ezprint.exe"
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
    O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKCU\..\Run: [Microsoft Help] rundll32 "C:\Users\Laura\AppData\Local\ElevatedDiagnostics\Microsoft Help\hxdpxfw.dll",HrCreateProtoHandlerW
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Microsoft Help] rundll32 "C:\Users\Laura\AppData\Local\ElevatedDiagnostics\Microsoft Help\hxdpxfw.dll",HrCreateProtoHandlerW (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2863376985-689012060-2074830506-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2863376985-689012060-2074830506-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Help] rundll32 "C:\Users\Laura\AppData\Local\ElevatedDiagnostics\Microsoft Help\hxdpxfw.dll",HrCreateProtoHandlerW (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Microsoft Help] rundll32 "C:\Users\Laura\AppData\Local\ElevatedDiagnostics\Microsoft Help\hxdpxfw.dll",HrCreateProtoHandlerW (User 'Default user')
    O4 - Startup: CurseClientStartup.ccip
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlecCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dlecserv.exe
    O23 - Service: dlec_device - - C:\Windows\system32\dleccoms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    --
    End of file - 7640 bytes

    --------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2
    Run by Laura at 21:07:15 on 2013-02-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.1364 [GMT -7:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\dlecserv.exe
    C:\Windows\system32\dleccoms.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Dell P713w\dlecmon.exe
    C:\Program Files\Dell P713w\ezprint.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dll
    uRun: [Microsoft Help] rundll32 "c:\users\laura\appdata\local\elevateddiagnostics\microsoft help\hxdpxfw.dll",HrCreateProtoHandlerW
    mRun: [dlecmon.exe] "c:\program files\dell p713w\dlecmon.exe"
    mRun: [EzPrint] "c:\program files\dell p713w\ezprint.exe"
    mRun: [DiscWizardMonitor.exe] "c:\program files\seagate\discwizard\DiscWizardMonitor.exe"
    mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
    dRun: [Microsoft Help] rundll32 "c:\users\laura\appdata\local\elevateddiagnostics\microsoft help\hxdpxfw.dll",HrCreateProtoHandlerW
    StartupFolder: c:\users\laura\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{0886ADDD-076C-4551-AF29-DD89669DF5AA} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\ro86sj79.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\laura\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2013-2-23 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2013-2-23 927904]
    R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-9-16 125472]
    R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-9-16 83392]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130208.001\BHDrvx86.sys [2013-2-8 997464]
    R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2013-2-23 134304]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130223.001\IDSvix86.sys [2013-2-25 386720]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2013-2-23 175264]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1402000.013\symnets.sys [2013-2-23 338592]
    R2 dlec_device;dlec_device;c:\windows\system32\dleccoms.exe -service --> c:\windows\system32\dleccoms.exe -service [?]
    R2 dlecCATSCustConnectService;dlecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dlecserv.exe [2009-7-1 98984]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.2.0.19\ccsvchst.exe [2013-2-23 143928]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2013-2-25 86216]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-2-9 383264]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2012-5-21 39048]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-19 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2013-02-27 02:12:13 -------- d-----w- c:\users\laura\appdata\roaming\Malwarebytes
    2013-02-27 02:12:01 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-25 23:13:19 -------- d-----w- c:\programdata\PCPitstop
    2013-02-25 23:13:18 -------- d-----w- c:\program files\PCPitstop
    2013-02-23 19:36:53 927904 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symefa.sys
    2013-02-23 19:36:53 586400 ----a-w- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
    2013-02-23 19:36:53 368288 ----a-w- c:\windows\system32\drivers\n360\1402000.013\symds.sys
    2013-02-23 19:36:53 338592 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symnets.sys
    2013-02-23 19:36:53 32888 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtspx.sys
    2013-02-23 19:36:53 21400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symelam.sys
    2013-02-23 19:36:53 175264 ----a-r- c:\windows\system32\drivers\n360\1402000.013\ironx86.sys
    2013-02-23 19:36:53 134304 ----a-w- c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys
    2013-02-23 19:36:47 -------- d-----w- c:\windows\system32\drivers\n360\1402000.013
    2013-02-14 10:03:53 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2013-02-13 12:08:32 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 12:08:26 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-13 12:08:25 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 12:08:23 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-13 12:08:23 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 12:08:21 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-10 01:43:52 555808 ----a-w- c:\windows\system32\nvStreaming.exe
    2013-02-07 16:06:53 -------- d-----w- C:\SUBmit Sheets FEST
    2013-02-07 15:03:22 -------- d-----w- C:\GAME Sheets FEST
    .
    ==================== Find3M ====================
    .
    2013-02-20 12:43:08 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2013-02-14 17:42:58 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-14 17:42:58 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-10 00:35:07 4115232 ----a-w- c:\windows\system32\nvcpl.dll
    2013-02-10 00:35:07 3010336 ----a-w- c:\windows\system32\nvsvc.dll
    2013-02-10 00:35:03 634144 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-02-10 00:35:02 62752 ----a-w- c:\windows\system32\nvshext.dll
    2013-02-10 00:35:02 223008 ----a-w- c:\windows\system32\nvmctray.dll
    2013-02-09 20:15:59 3035306 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-12-19 05:41:58 28600 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-12-19 05:41:53 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
    2012-12-18 08:31:23 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 21:08:12.48 ===============

    ------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/18/2012 12:10:48 AM
    System Uptime: 2/26/2013 8:41:23 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0TP406
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 370.423 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP82: 2/22/2013 3:31:22 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    Amazon MP3 Downloader 1.0.17
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASAP Utilities
    Bonjour
    Camtasia Studio 8
    Coupon Printer for Windows
    Curse Client
    Dell P713w
    Diablo III
    Digital Voice Editor 3
    Google Chrome
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    Junk Mail filter update
    Live Help Messenger Desktop
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    Norton Security Suite
    NVIDIA 3D Vision Controller Driver 314.07
    NVIDIA 3D Vision Driver 314.07
    NVIDIA Control Panel 314.07
    NVIDIA Graphics Driver 314.07
    NVIDIA HD Audio Driver 1.3.23.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.12.12
    NVIDIA Update Components
    PC Matic 1.1.0.50
    PC Pitstop Info Center 1.0.0.16
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Seagate DiscWizard
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype¬ô 6.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Ventrilo Client
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Mobile Device Updater Component
    World of Warcraft
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/26/2013 7:57:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:57:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/26/2013 7:57:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/26/2013 7:56:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/26/2013 7:56:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/26/2013 7:56:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/26/2013 7:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:56:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:56:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 7:56:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/26/2013 7:56:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/26/2013 7:56:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/26/2013 7:56:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/26/2013 7:56:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a5ae74, 0xbe933f6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-39047-01.
    2/26/2013 7:48:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a4ae74, 0xba55ff6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-41324-01.
    2/26/2013 7:40:38 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    2/26/2013 7:38:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a57e74, 0xbe99bf6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-51854-01.
    2/26/2013 7:04:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830f6fca, 0x8e787b4c, 0x8e787730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-45661-01.
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    2/25/2013 8:08:34 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
    2/25/2013 7:15:10 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/25/2013 7:14:52 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:06 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 6:57:05 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 6:46:07 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:35:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2/25/2013 5:35:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    2/25/2013 5:35:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    2/25/2013 5:34:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/25/2013 5:33:42 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/25/2013 4:42:37 PM, Error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    2/25/2013 4:42:30 PM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
    2/25/2013 4:41:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
    2/25/2013 4:41:02 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 4:41:02 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 4:40:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83264098, 0x8e79b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022513-67080-01.
    2/25/2013 11:37:53 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
    2/25/2013 11:37:53 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
    2/25/2013 11:33:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    2/25/2013 11:33:34 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 11:13:21 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 4 time(s).
    2/25/2013 11:13:21 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
    2/25/2013 11:13:21 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
    2/25/2013 11:13:21 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
    2/24/2013 8:04:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    2/24/2013 8:04:32 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/24/2013 8:03:37 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/24/2013 7:52:47 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/22/2013 3:31:22 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
    2/19/2013 12:02:36 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    .
    ==== End Of File ===========================

    ---------------------------------

    GMER 2.1.19115 - http://www.gmer.net
    Rootkit scan 2013-02-26 21:16:02
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0 ST500DM0 rev.KC45 465.76GB
    Running: eeb2gg67.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys

    ---- System - GMER 2.1 ----
    SSDT 89066848 ZwAlertResumeThread
    SSDT 89066928 ZwAlertThread
    SSDT 88017D30 ZwAllocateVirtualMemory
    SSDT 87F5D0D8 ZwAlpcConnectPort
    SSDT 8904FAF0 ZwAssignProcessToJobObject
    SSDT 89066598 ZwCreateMutant
    SSDT 8904F810 ZwCreateSymbolicLinkObject
    SSDT 88E4F618 ZwCreateThread
    SSDT 8904F900 ZwCreateThreadEx
    SSDT 8904FBD0 ZwDebugActiveProcess
    SSDT 88D9D4C0 ZwDuplicateObject
    SSDT 88017B08 ZwFreeVirtualMemory
    SSDT 89066688 ZwImpersonateAnonymousToken
    SSDT 89066768 ZwImpersonateThread
    SSDT 87F68078 ZwLoadDriver
    SSDT 88017A08 ZwMapViewOfSection
    SSDT 890664B8 ZwOpenEvent
    SSDT 88017378 ZwOpenProcess
    SSDT 88D9D3E0 ZwOpenProcessToken
    SSDT 8904FDF8 ZwOpenSection
    SSDT 88017288 ZwOpenThread
    SSDT 8904FA00 ZwProtectVirtualMemory
    SSDT 89066A08 ZwResumeThread
    SSDT 89066CA8 ZwSetContextThread
    SSDT 88017838 ZwSetInformationProcess
    SSDT 8904FCB0 ZwSetSystemInformation
    SSDT 890663D8 ZwSuspendProcess
    SSDT 89066AE8 ZwSuspendThread
    SSDT 88CDB480 ZwTerminateProcess
    SSDT 89066BC8 ZwTerminateThread
    SSDT 88017928 ZwUnmapViewOfSection
    SSDT 88017BF8 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 2.1 ----
    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830749E9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830AE1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 830B51F0 8 Bytes [48, 68, 06, 89, 28, 69, 06, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830B5208 4 Bytes [30, 7D, 01, 88]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830B5214 4 Bytes [D8, D0, F5, 87]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830B5268 4 Bytes [F0, FA, 04, 89] {CLI ; ADD AL, 0x89}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 830B52E4 4 Bytes [98, 65, 06, 89]
    .text ...
    .text peauth.sys A415CC9D 28 Bytes [4F, D8, 65, D4, E8, C5, 2F, ...]
    .text peauth.sys A415CCC1 28 Bytes [4F, D8, 65, D4, E8, C5, 2F, ...]
    ? C:\Users\Laura\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    .text sechost.dll!LsaLookupGetDomainInfo 770B4D57 7 Bytes [E9, 96, B5, 26, 89, EB, F9] {JMP 0x8926b59b; JMP 0x0}
    .text sechost.dll!SetServiceObjectSecurity + CE 770B524F 7 Bytes [E9, 66, B2, 26, 89, EB, F9] {JMP 0x8926b26b; JMP 0x0}
    .text sechost.dll!ChangeServiceConfigA + 17C 770B53D0 7 Bytes [E9, 91, B3, 26, 89, EB, F9] {JMP 0x8926b396; JMP 0x0}
    .text sechost.dll!ChangeServiceConfig2W + 95 770B5677 7 Bytes [E9, 22, AF, 26, 89, EB, F9] {JMP 0x8926af27; JMP 0x0}
    .text sechost.dll!CreateServiceA + 21E 770B589A 7 Bytes [E9, 6F, A9, 26, 89, EB, F9] {JMP 0x8926a974; JMP 0x0}
    .text sechost.dll!CreateServiceW + 17E 770B5A1D 7 Bytes [E9, 0C, AF, 26, 89, EB, F9] {JMP 0x8926af11; JMP 0x0}
    .text sechost.dll!QueryServiceConfigW + 172 770B5C9B 7 Bytes [E9, E2, A9, 26, 89, EB, F9] {JMP 0x8926a9e7; JMP 0x0}
    .text sechost.dll!ControlServiceExA + E7 770B5D87 7 Bytes [E9, BE, AA, 26, 89, EB, F9] {JMP 0x8926aac3; JMP 0x0}
    .text sechost.dll!I_ScValidatePnPService + 5A9 770B7146 7 Bytes [E9, DF, 8F, 26, 89, EB, F9] {JMP 0x89268fe4; JMP 0x0}
    .text sechost.dll!I_ScBroadcastServiceControlMessage + 7B 770B7240 7 Bytes [E9, 91, 91, 26, 89, EB, F9] {JMP 0x89269196; JMP 0x0}
    .text urlmon.dll!RegisterMediaTypes + 165E 76DC126F 7 Bytes [E9, 9E, F7, 55, 89, EB, F9] {JMP 0x8955f7a3; JMP 0x0}
    .text urlmon.dll!CreateAsyncBindCtx + 2BA7 76DC9E36 7 Bytes [E9, B9, 6C, 55, 89, EB, F9] {JMP 0x89556cbe; JMP 0x0}
    ---- User code sections - GMER 2.1 ----
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[556] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0008004C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[556] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 000A0930
    .text C:\Windows\system32\nvvsvc.exe[944] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0007004C
    .text C:\Windows\system32\nvvsvc.exe[944] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00200930
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[972] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 002E004C
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[972] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00480930
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1100] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0008004C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1100] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 000A0930
    .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!NtWriteFile 76EE6A68 5 Bytes JMP 00013AA9
    .text C:\Windows\system32\svchost.exe[1240] ntdll.dll!RtlRaiseException 76EE70A8 5 Bytes JMP 00013CC9
    .text C:\Windows\system32\svchost.exe[1240] kernel32.dll!SetUnhandledExceptionFilter 7606F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[1240] USER32.dll!GetCursorPos 7676A4B3 5 Bytes JMP 000145B6
    .text C:\Windows\system32\svchost.exe[1240] USER32.dll!GetForegroundWindow 7677335D 5 Bytes JMP 00014687
    .text C:\Windows\system32\svchost.exe[1240] USER32.dll!IsWindowVisible 76774D69 5 Bytes JMP 000146BA
    .text C:\Windows\system32\svchost.exe[1240] USER32.dll!WindowFromPoint 76796BE9 5 Bytes JMP 00014617
    .text C:\Windows\system32\svchost.exe[1240] USER32.dll!MessageBoxIndirectW 767BE963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
    .text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!GetAddrInfoW 765E4889 5 Bytes JMP 00014518
    .text C:\Windows\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 762354AD 5 Bytes JMP 000147F6
    .text C:\Windows\system32\svchost.exe[1240] ole32.dll!CoCreateInstance 76249D0B 5 Bytes JMP 00014820
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 000F004C
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00110930
    .text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 000E004C
    .text C:\Windows\system32\nvvsvc.exe[1388] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00200930
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1936] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0010004C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1936] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00120930
    .text C:\Windows\system32\dleccoms.exe[1948] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 001F004C
    .text C:\Windows\system32\dleccoms.exe[1948] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00210930
    .text C:\Program Files\PCPitstop\PCPitstopScheduleService.exe[2208] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0018004C
    .text C:\Program Files\PCPitstop\PCPitstopScheduleService.exe[2208] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00310930
    .text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[2304] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0018004C
    .text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[2304] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00310930
    .text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[2572] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 001F004C
    .text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[2572] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00210930
    .text C:\Users\Laura\Desktop\eeb2gg67.exe[2660] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 001F004C
    .text C:\Users\Laura\Desktop\eeb2gg67.exe[2660] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00320048
    .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2752] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 000F004C
    .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2752] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00110AF4
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0020004C
    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00220930
    .text C:\Program Files\Dell P713w\ezprint.exe[3548] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 007A004C
    .text C:\Program Files\Dell P713w\ezprint.exe[3548] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 007C0930
    .text C:\Program Files\Dell P713w\dlecmon.exe[3892] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 001F004C
    .text C:\Program Files\Dell P713w\dlecmon.exe[3892] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00210930
    .text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[4052] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0020004C
    .text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[4052] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 00320930
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ntdll.dll!NtSetInformationProcess 76EE6678 5 Bytes JMP 035F091C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!K32GetPerformanceInfo + 1CC 7605632B 7 Bytes JMP 035F020C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!TerminateProcess + B 76062C10 7 Bytes JMP 035F03D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!QueryPerformanceCounter + 13 7606C435 7 Bytes JMP 035F02EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!CreateThread 7606DCC2 5 Bytes JMP 6FDB75E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!FreeLibrary + 8 7606EF6F 7 Bytes JMP 035F04B2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] kernel32.dll!CheckElevation + 2DB 7608959A 7 Bytes JMP 035F012A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!EnableWindow 76768D02 5 Bytes JMP 6FDF9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CallNextHookEx 7676ABE1 5 Bytes JMP 6FE17FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!UnhookWindowsHookEx 7676ADF9 5 Bytes JMP 6FE3ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DefWindowProcA 7676BB1C 7 Bytes JMP 6FDB980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateWindowExA 7676BF40 5 Bytes JMP 6FDC3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!SetWindowsHookExW 7676E30C 5 Bytes JMP 6FDF25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateWindowExW 7676EC7C 5 Bytes JMP 6FE203DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DefWindowProcW 7677507D 7 Bytes JMP 6FE18054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxParamW 76783B9B 5 Bytes JMP 6FD51893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxIndirectParamW 76793B7F 5 Bytes JMP 6FF48F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxParamA 767ACF42 5 Bytes JMP 6FF48ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxIndirectParamA 767AD274 5 Bytes JMP 6FF48F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxIndirectA 767BE869 5 Bytes JMP 6FF48E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxIndirectW 767BE963 5 Bytes JMP 6FF48DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxExA 767BE9C9 5 Bytes JMP 6FF48D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxExW 767BE9ED 5 Bytes JMP 6FF48D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!OleLoadFromStream 76206143 5 Bytes JMP 6FF49704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!CoGetMarshalSizeMax + 62BD 762354A8 7 Bytes JMP 035F09FE
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!CoCreateInstance + 3E 76249D49 7 Bytes JMP 035F0AE0
    .text C:\Program Files\Skype\Phone\Skype.exe[4216] ntdll.dll!NtTerminateThread 76EE68D8 5 Bytes JMP 0018004C
    .text C:\Program Files\Skype\Phone\Skype.exe[4216] USER32.dll!RecordShutdownReason + 372 767B06C2 7 Bytes JMP 001A0048
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] ntdll.dll!NtSetInformationProcess 76EE6678 5 Bytes JMP 037A091C
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!K32GetPerformanceInfo + 1CC 7605632B 7 Bytes JMP 037A020C
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!TerminateProcess + B 76062C10 7 Bytes JMP 037A03D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!QueryPerformanceCounter + 13 7606C435 7 Bytes JMP 037A02EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!CreateThread 7606DCC2 5 Bytes JMP 6FDB75E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!FreeLibrary + 8 7606EF6F 7 Bytes JMP 037A04B2
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] kernel32.dll!CheckElevation + 2DB 7608959A 7 Bytes JMP 037A012A
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!EnableWindow 76768D02 5 Bytes JMP 6FDF9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!CallNextHookEx 7676ABE1 5 Bytes JMP 6FE17FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!UnhookWindowsHookEx 7676ADF9 5 Bytes JMP 6FE3ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DefWindowProcA 7676BB1C 7 Bytes JMP 6FDB980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!CreateWindowExA 7676BF40 5 Bytes JMP 6FDC3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!SetWindowsHookExW 7676E30C 5 Bytes JMP 6FDF25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!CreateWindowExW 7676EC7C 5 Bytes JMP 6FE203DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DefWindowProcW 7677507D 7 Bytes JMP 6FE18054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DialogBoxParamW 76783B9B 5 Bytes JMP 6FD51893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DialogBoxIndirectParamW 76793B7F 5 Bytes JMP 6FF48F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DialogBoxParamA 767ACF42 5 Bytes JMP 6FF48ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!DialogBoxIndirectParamA 767AD274 5 Bytes JMP 6FF48F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!MessageBoxIndirectA 767BE869 5 Bytes JMP 6FF48E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!MessageBoxIndirectW 767BE963 5 Bytes JMP 6FF48DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!MessageBoxExA 767BE9C9 5 Bytes JMP 6FF48D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] USER32.dll!MessageBoxExW 767BE9ED 5 Bytes JMP 6FF48D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] ole32.dll!OleLoadFromStream 76206143 5 Bytes JMP 6FF49704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] ole32.dll!CoGetMarshalSizeMax + 62BD 762354A8 7 Bytes JMP 037A09FE
    .text C:\Program Files\Internet Explorer\iexplore.exe[7640] ole32.dll!CoCreateInstance + 3E 76249D49 7 Bytes JMP 037A0AE0
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!EnableWindow 76768D02 5 Bytes JMP 6FDF9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!DialogBoxParamW 76783B9B 5 Bytes JMP 6FD51893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!DialogBoxIndirectParamW 76793B7F 5 Bytes JMP 6FF48F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!DialogBoxParamA 767ACF42 5 Bytes JMP 6FF48ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!DialogBoxIndirectParamA 767AD274 5 Bytes JMP 6FF48F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!MessageBoxIndirectA 767BE869 5 Bytes JMP 6FF48E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!MessageBoxIndirectW 767BE963 5 Bytes JMP 6FF48DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!MessageBoxExA 767BE9C9 5 Bytes JMP 6FF48D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[8856] USER32.dll!MessageBoxExW 767BE9ED 5 Bytes JMP 6FF48D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] ntdll.dll!NtSetInformationProcess 76EE6678 5 Bytes JMP 01E6091C
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!K32GetPerformanceInfo + 1CC 7605632B 7 Bytes JMP 01E6020C
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!TerminateProcess + B 76062C10 7 Bytes JMP 01E603D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!QueryPerformanceCounter + 13 7606C435 7 Bytes JMP 01E602EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!CreateThread 7606DCC2 5 Bytes JMP 6FDB75E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!FreeLibrary + 8 7606EF6F 7 Bytes JMP 01E604B2
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] kernel32.dll!CheckElevation + 2DB 7608959A 7 Bytes JMP 01E6012A
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!EnableWindow 76768D02 5 Bytes JMP 6FDF9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!CallNextHookEx 7676ABE1 5 Bytes JMP 6FE17FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!UnhookWindowsHookEx 7676ADF9 5 Bytes JMP 6FE3ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DefWindowProcA 7676BB1C 7 Bytes JMP 6FDB980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!CreateWindowExA 7676BF40 5 Bytes JMP 6FDC3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!SetWindowsHookExW 7676E30C 5 Bytes JMP 6FDF25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!CreateWindowExW 7676EC7C 5 Bytes JMP 6FE203DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DefWindowProcW 7677507D 7 Bytes JMP 6FE18054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DialogBoxParamW 76783B9B 5 Bytes JMP 6FD51893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DialogBoxIndirectParamW 76793B7F 5 Bytes JMP 6FF48F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DialogBoxParamA 767ACF42 5 Bytes JMP 6FF48ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!DialogBoxIndirectParamA 767AD274 5 Bytes JMP 6FF48F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!MessageBoxIndirectA 767BE869 5 Bytes JMP 6FF48E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!MessageBoxIndirectW 767BE963 5 Bytes JMP 6FF48DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!MessageBoxExA 767BE9C9 5 Bytes JMP 6FF48D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] USER32.dll!MessageBoxExW 767BE9ED 5 Bytes JMP 6FF48D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] ole32.dll!OleLoadFromStream 76206143 5 Bytes JMP 6FF49704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] ole32.dll!CoGetMarshalSizeMax + 62BD 762354A8 7 Bytes JMP 01E609FE
    .text C:\Program Files\Internet Explorer\iexplore.exe[10436] ole32.dll!CoCreateInstance + 3E 76249D49 7 Bytes JMP 01E60AE0
    ---- Devices - GMER 2.1 ----
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Trace I/O - GMER 2.1 ----
    Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys halmacpi.dll >>UNKNOWN [0x87ea74b1]<< 87ea74b1
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87945030] 87945030
    Trace 3 CLASSPNP.SYS[8cbc959e] -> nt!IofCallDriver -> [0x87944960] 87944960
    Trace 5 vsflt53.sys[83958c2b] -> nt!IofCallDriver -> \IAAStorageDevice-1[0x86a8e028] 86a8e028
    Trace \Driver\iaStorV[0x87e31f38] -> IRP_MJ_CREATE -> 0x87ea74b1 87ea74b1
    ---- Disk sectors - GMER 2.1 ----
    Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
    ---- EOF - GMER 2.1 ----
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
      services.exe
    • now press the search button
    • when the search is complete, search.txt will also be written to your USB
    • type exit and reboot the computer normally
    • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1091114

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice