Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant get past Glowing Windows 7 Logo


  • Please log in to reply
21 replies to this topic

#1 sbeard24

sbeard24

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 August 2013 - 05:43 PM

I have been using windows 7 on this pc for the last 4 years without any hiccup other than a virus here and there with successful removal from combofix and malware bytes. Anyways yesterday I was browsing craigslist classifieds and I got this attentive Antivirus pop up, Anoying, disabled its services, fully removed it using the steps on bleepingcomputer. Then on restart my piece is just hanging up on the windows 7 logo, just glows and pulses but doesnt go to windows. Sat like that for 5 hours. Tried startup repair from partition and from windows 7 disc probably 10 times, found no issues. booted in cmd and tried bootrec /fixmbr and

bootrec /fixboot numerous times, but still hangs up. I have no issues getting into safe mode with networking. Just cant get into normal windows. Nothing in recent error logs. The only thing I can think of is I dont restart my computer but maybe once a month and if there is a new driver that was installed and after the virus removal on restart it could be hanging up on the driver. But this is a hunch. Im about backup everything and reinstall, really dont want to, so this post is my last hope.....

 

Mod Edit: Moved topic from Windows 7 to the Logs forum. ~bloopie


Edited by bloopie, 08 August 2013 - 04:41 PM.


BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:04 PM

Posted 07 August 2013 - 06:21 PM

Since you say you can get into Safe mode and you have Malwarebytes, first off, try a Malarebytes scan in Safe mode. It is just possible, as you say , that you have something hanging around from a previous infection and MBAM has an even better chance of rooting out nasties when run in Safe mode.

 

Secondly, you may have already tried this, but if you did, you didn't mention it. From Safe mode, try 'Last known good configuration'. This often, but not always, works. If it doesn't, then click on 'Windows repair'. When this comes up with the screen 'Failed to repair', click on 'Advanced options' and choose 'Restore to an earlier version'. This will bring you to a screen which normally offers only one option - the most recent restore point - but there is a button to choose a different one. Click on this and choose one from a date before this trouble started, then let 'Restore' do its thing. When it is finished it will either re-boot or ask you to restart. Once re-booted, you should be working again. Post back if you are not.

 

Chris Cosgrove



#3 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 August 2013 - 06:25 PM

I ran the scan in safemode just as you assumed, I already tried the advanced options to do a restore to earlier version, there were no restore points created which I found odd. Tried that numerous times as well. Literally have been on this computer for 14 hours trying to fix it. I did fail to mention the virus was removed by combofix, and once combofix rebooted the computer thats when it failed to start.



#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:04 PM

Posted 07 August 2013 - 11:07 PM

Given that the problems with booting up commenced after running Combofix because of the presence of malware, I'm reporting this topic to those that specialize in non-booting computers due to malware issues.

 

Orange Blossom :cherry:


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:04 PM

Posted 08 August 2013 - 04:21 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 August 2013 - 01:03 AM

Thank you so much for your response!!!

 

Here the Log!!!

----------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by SYSTEM on 08-08-2013 22:55:32
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Runonce: [] -  [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] -  [x]
HKU\Steve\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe [686280 2012-06-13] (Adobe Systems Incorporated)

==================== Services (Whitelisted) =================

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-23] ()
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
S2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-08-07] ()
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [89128 2012-06-27] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [116776 2012-06-27] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [113192 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-06-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93224 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [68648 2012-06-27] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [116776 2012-06-27] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [304680 2012-06-27] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [109096 2012-06-27] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [112680 2012-06-27] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [219688 2012-07-12] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-06-27] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [167464 2012-07-13] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119336 2012-07-13] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205352 2012-07-13] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-07-13] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [130088 2012-07-13] (Panda Security, S.L.)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [28160 2011-10-04] ()
S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [21760 2011-10-04] (Via Telecom, Inc.)
S3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-08 21:49 - 2013-08-08 21:49 - 00000075 _____ C:\Users\Steve\Desktop\bill2.txt
2013-08-08 21:45 - 2013-08-08 21:45 - 01790169 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2013-08-08 08:26 - 2013-08-08 08:27 - 00000575 _____ C:\Users\Steve\Desktop\kayspaidfromdad.CSV
2013-08-08 08:19 - 2013-08-08 08:19 - 00055512 _____ C:\Users\Steve\Desktop\Chase Online - Search Results_aspx.htm
2013-08-07 14:43 - 2013-08-07 14:44 - 00010320 _____ C:\Users\Steve\Desktop\Result.txt
2013-08-07 13:20 - 2013-08-07 13:20 - 00000779 _____ C:\Windows\setupact.log
2013-08-07 13:20 - 2013-08-07 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 13:14 - 2013-08-07 13:14 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-07 12:37 - 2013-08-07 12:37 - 00002248 _____ C:\Windows\System32\.crusader
2013-08-07 12:31 - 2013-08-07 12:37 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 12:13 - 2013-08-07 12:13 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Steve\Desktop\mbam-setup.exe
2013-08-07 12:11 - 2013-08-07 12:13 - 00002892 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-07 12:11 - 2013-08-07 12:11 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\iExplore.exe
2013-08-07 11:59 - 2013-08-07 14:16 - 00001740 _____ C:\Windows\WindowsUpdate.log
2013-08-07 09:06 - 2013-08-07 14:12 - 00004892 _____ C:\Windows\PFRO.log
2013-08-07 00:02 - 2013-08-07 00:02 - 00000000 __SHD C:\$$PendingFiles
2013-08-06 22:28 - 2013-08-06 22:28 - 00002975 _____ C:\Users\Steve\Desktop\HiJackThis.lnk
2013-08-06 22:28 - 2013-08-06 22:28 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-06 22:23 - 2013-08-06 22:23 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-08-06 13:15 - 2013-08-06 13:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{586B4989-3565-49CE-AFAE-10F5E2DBD0E9}
2013-08-06 01:14 - 2013-08-06 01:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{8C604964-BD86-42D1-89B1-D8F67C13EF01}
2013-08-05 13:14 - 2013-08-05 13:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{7B9BF5AE-9081-4F3A-ACBE-743E0AA9511F}
2013-08-04 08:08 - 2013-08-04 08:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{DF88B297-AC4F-4102-B99E-0CE2B0F48580}
2013-08-03 20:07 - 2013-08-03 20:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{877A4DD0-069F-4D4F-811B-D7148AE943CB}
2013-08-03 08:07 - 2013-08-03 08:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{78E1A6A7-D8AD-4226-B6EA-685724F87C83}
2013-08-02 20:06 - 2013-08-02 20:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{75663571-D114-41CE-B07C-168BBADD6700}
2013-08-02 08:06 - 2013-08-02 08:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{6FC2CA7D-080E-4794-AF26-E53FA52E436C}
2013-08-02 06:23 - 2013-08-02 06:23 - 00000000 ____D C:\Users\Steve\AppData\Local\{74A1C4E3-7DFD-46F4-A888-8B7DAE764705}
2013-08-01 11:00 - 2013-08-01 11:01 - 00000000 ____D C:\Users\Steve\AppData\Local\{98314A99-D32E-4094-95B7-0FAD64A200DB}
2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{A686F9C3-386F-47E1-9E48-9AF5C6C0E04C}
2013-07-31 13:09 - 2013-07-31 13:09 - 00333112 _____ C:\Users\Steve\Downloads\wallpapers-mobile.zip
2013-07-31 11:00 - 2013-07-31 11:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{27561130-27E6-4796-80B0-41FD2DEB6B02}
2013-07-30 22:59 - 2013-07-30 22:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{209ABDD6-5B3F-4696-91FD-16B4282373DB}
2013-07-30 10:59 - 2013-07-30 10:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{39159F1B-EAC0-4E3D-990F-0A0357E19A89}
2013-07-29 22:58 - 2013-07-29 22:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{60395F9B-7002-45AF-ACFA-2485FBAF1607}
2013-07-29 10:58 - 2013-07-29 10:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{817F2AEA-211F-4C39-99E0-E5FA0EF0A84E}
2013-07-28 22:57 - 2013-07-28 22:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{CE9F13D7-8EB1-4E68-BBDF-00F224867D73}
2013-07-28 09:50 - 2013-07-28 09:50 - 00000000 ____D C:\Users\Steve\AppData\Local\{5F8DB5EA-F7E4-4196-BFA9-E0A6B3435E12}
2013-07-27 19:29 - 2013-07-27 19:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{F4D8B3C6-9746-4369-9DA8-0CDB78E37487}
2013-07-27 07:29 - 2013-07-27 07:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{E59DC75F-68D1-4255-98D8-EA9B60C00472}
2013-07-26 19:28 - 2013-07-26 19:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{78648B04-A6EC-4936-B4AA-A7A4CA6E14CF}
2013-07-26 07:28 - 2013-07-26 07:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{69E466FF-4430-428E-AB65-9DA0DB972082}
2013-07-25 11:06 - 2013-07-25 11:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{4BE5D56A-4159-4E43-91B4-A6F1526AD7A1}
2013-07-24 21:19 - 2013-07-24 21:20 - 00000000 ____D C:\Users\Steve\AppData\Local\{71B2E4DC-AEF0-4198-A403-53CA14A3C250}
2013-07-24 09:19 - 2013-07-24 09:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{E6E927A1-78E1-4DED-AAF9-9117211118BA}
2013-07-23 21:18 - 2013-07-23 21:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE4B304F-FAF6-40B5-874B-1AD7C47F6D08}
2013-07-23 07:18 - 2013-07-23 07:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{FEA40E68-13ED-490E-A178-20037CBE3A80}
2013-07-22 19:17 - 2013-07-22 19:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A04983-2E26-456B-AF20-58C6DDB7C8C3}
2013-07-22 07:17 - 2013-07-22 07:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{CC3EB6C8-D255-455C-B99E-634030F68F24}
2013-07-21 14:19 - 2013-07-21 14:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple Computer
2013-07-21 08:37 - 2013-07-21 08:38 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE532573-C781-4F73-8358-D206AD9E2072}
2013-07-20 20:37 - 2013-07-20 20:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{B80F034F-F2B0-49FA-AD06-02C79E45AD94}
2013-07-20 08:37 - 2013-07-20 08:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{5BE57808-389B-4140-8000-9A281E051C02}
2013-07-19 20:36 - 2013-07-19 20:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{60EE698A-C1F4-4E29-AE2A-9252F810BC59}
2013-07-19 08:36 - 2013-07-19 08:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{A91D07E2-5AFA-47E1-A517-83EF20A78EA9}
2013-07-18 20:35 - 2013-07-18 20:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{656ED131-4487-4316-B2B6-257BEB865FD6}
2013-07-18 08:35 - 2013-07-18 08:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{A17F901D-8D5D-40C5-8377-F34361C66BEF}
2013-07-17 20:34 - 2013-07-17 20:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{B99A64F4-3DB9-4950-89C0-37DD6DDC17DE}
2013-07-17 19:53 - 2013-07-17 19:53 - 00000000 ____D C:\Users\Steve\Documents\hatcher house
2013-07-17 19:26 - 2013-07-17 19:26 - 01369088 _____ C:\Users\Steve\Downloads\Spirituality (1).ppt
2013-07-17 19:13 - 2013-07-17 19:14 - 01368576 _____ C:\Users\Steve\Downloads\Spirituality.ppt
2013-07-17 08:34 - 2013-07-17 08:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{94F2B160-2511-41ED-97B5-641F7E0A8E5D}
2013-07-16 20:34 - 2013-07-16 20:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B77292AA-3EA3-4C4F-A9BD-00CE924DC626}
2013-07-16 08:33 - 2013-07-16 08:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{12615699-9150-48C3-8428-5218B5F2BE71}
2013-07-15 20:33 - 2013-07-15 20:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{03B01BD3-4A5C-497A-AFF5-8EAA72F60510}
2013-07-15 08:32 - 2013-07-15 08:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{958A0B8F-B47E-458A-84FD-309BAF221B0C}
2013-07-14 20:32 - 2013-07-14 20:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{F31145E4-48EA-4B01-AF78-4E95B86713E2}
2013-07-14 08:32 - 2013-07-14 08:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{C46E2F39-F643-4D9A-996D-E38C54819A99}
2013-07-13 20:31 - 2013-07-13 20:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{D73F9E9E-0986-4F64-B181-5A5C1C58AF6E}
2013-07-13 08:31 - 2013-07-13 08:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D1ABB175-A755-4001-9A1B-B11AD6E8C5C9}
2013-07-12 20:31 - 2013-07-12 20:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{745A0322-67D6-444A-BD3E-658DC8E5FF10}
2013-07-12 14:25 - 2013-07-12 14:50 - 00000000 ____D C:\Users\Steve\Desktop\Lsiting
2013-07-12 08:30 - 2013-07-12 08:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{5FE7C14F-50B2-4691-971D-942858810C10}
2013-07-11 20:30 - 2013-07-11 20:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{28B2B5ED-1363-4A72-ACAE-1B3C75BED29D}
2013-07-11 08:29 - 2013-07-11 08:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{FCBE5E3A-3A12-4B23-9BD2-DA0D40539779}
2013-07-10 20:29 - 2013-07-10 20:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{62DFD0C7-E09B-42DF-9EF5-A940F0A27CE8}
2013-07-10 08:28 - 2013-07-10 08:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{FADCC702-FAFE-4F56-85FF-833617B35732}
2013-07-09 20:28 - 2013-07-09 20:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{25243505-EE55-480F-B180-0EB2844D13C7}
2013-07-09 08:27 - 2013-07-09 08:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{F6DAE8B1-138C-476E-A094-A9BC6AA4E273}

==================== One Month Modified Files and Folders =======

2013-08-08 22:54 - 2013-08-08 22:54 - 00000000 ____D C:\FRST
2013-08-08 21:49 - 2013-08-08 21:49 - 00000075 _____ C:\Users\Steve\Desktop\bill2.txt
2013-08-08 21:45 - 2013-08-08 21:45 - 01790169 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2013-08-08 14:31 - 2009-07-13 21:13 - 00780592 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-08 08:27 - 2013-08-08 08:26 - 00000575 _____ C:\Users\Steve\Desktop\kayspaidfromdad.CSV
2013-08-08 08:19 - 2013-08-08 08:19 - 00055512 _____ C:\Users\Steve\Desktop\Chase Online - Search Results_aspx.htm
2013-08-07 14:44 - 2013-08-07 14:43 - 00010320 _____ C:\Users\Steve\Desktop\Result.txt
2013-08-07 14:16 - 2013-08-07 11:59 - 00001740 _____ C:\Windows\WindowsUpdate.log
2013-08-07 14:12 - 2013-08-07 09:06 - 00004892 _____ C:\Windows\PFRO.log
2013-08-07 13:21 - 2012-07-16 16:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-08-07 13:21 - 2012-07-16 16:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-07 13:20 - 2013-08-07 13:20 - 00000779 _____ C:\Windows\setupact.log
2013-08-07 13:20 - 2013-08-07 13:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 13:14 - 2013-08-07 13:14 - 00032000 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-08-07 12:37 - 2013-08-07 12:37 - 00002248 _____ C:\Windows\System32\.crusader
2013-08-07 12:37 - 2013-08-07 12:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 12:37 - 2011-01-08 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 12:13 - 2013-08-07 12:13 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Steve\Desktop\mbam-setup.exe
2013-08-07 12:13 - 2013-08-07 12:11 - 00002892 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-07 12:11 - 2013-08-07 12:11 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\iExplore.exe
2013-08-07 11:32 - 2012-11-07 20:10 - 00000000 ____D C:\Windows\erdnt
2013-08-07 11:28 - 2013-05-16 11:08 - 00000000 ____D C:\Users\Steve\Desktop\Refinance
2013-08-07 11:27 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-08-07 00:02 - 2013-08-07 00:02 - 00000000 __SHD C:\$$PendingFiles
2013-08-06 22:44 - 2011-01-08 18:12 - 00000177 ____H C:\dvmexp.idx
2013-08-06 22:29 - 2011-04-13 15:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job
2013-08-06 22:28 - 2013-08-06 22:28 - 00002975 _____ C:\Users\Steve\Desktop\HiJackThis.lnk
2013-08-06 22:28 - 2013-08-06 22:28 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-06 22:26 - 2013-04-01 11:11 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2013-08-06 22:26 - 2013-02-05 18:31 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2013-08-06 22:26 - 2011-04-09 21:27 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-06 22:23 - 2013-08-06 22:23 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-08-06 22:06 - 2011-05-24 13:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 22:06 - 2011-04-13 15:50 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2013-08-06 21:55 - 2011-11-10 18:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job
2013-08-06 21:50 - 2011-05-24 13:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 18:06 - 2011-08-26 07:44 - 00875930 _____ C:\Windows\SysWOW64\TVersityMediaServer.log
2013-08-06 15:54 - 2011-08-26 07:44 - 01024100 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.1
2013-08-06 15:29 - 2011-04-13 15:50 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job
2013-08-06 15:16 - 2011-05-06 22:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2013-08-06 14:57 - 2011-08-26 07:44 - 01024100 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.2
2013-08-06 14:50 - 2011-05-24 13:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 13:15 - 2013-08-06 13:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{586B4989-3565-49CE-AFAE-10F5E2DBD0E9}
2013-08-06 12:55 - 2011-11-10 18:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job
2013-08-06 01:15 - 2013-08-06 01:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{8C604964-BD86-42D1-89B1-D8F67C13EF01}
2013-08-05 13:14 - 2013-08-05 13:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{7B9BF5AE-9081-4F3A-ACBE-743E0AA9511F}
2013-08-04 19:18 - 2013-03-27 19:15 - 00000000 ____D C:\Users\Steve\Desktop\logo mocks
2013-08-04 19:13 - 2011-01-17 10:07 - 00014639 _____ C:\Users\Steve\Documents\Bill Management.xlsx
2013-08-04 17:50 - 2012-08-19 19:57 - 00000000 ____D C:\Users\Steve\Documents\Grand Canyon University
2013-08-04 08:08 - 2013-08-04 08:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{DF88B297-AC4F-4102-B99E-0CE2B0F48580}
2013-08-03 20:08 - 2013-08-03 20:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{877A4DD0-069F-4D4F-811B-D7148AE943CB}
2013-08-03 08:07 - 2013-08-03 08:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{78E1A6A7-D8AD-4226-B6EA-685724F87C83}
2013-08-02 20:07 - 2013-08-02 20:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{75663571-D114-41CE-B07C-168BBADD6700}
2013-08-02 08:06 - 2013-08-02 08:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{6FC2CA7D-080E-4794-AF26-E53FA52E436C}
2013-08-02 06:23 - 2013-08-02 06:23 - 00000000 ____D C:\Users\Steve\AppData\Local\{74A1C4E3-7DFD-46F4-A888-8B7DAE764705}
2013-08-01 11:01 - 2013-08-01 11:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{98314A99-D32E-4094-95B7-0FAD64A200DB}
2013-07-31 23:00 - 2013-07-31 23:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{A686F9C3-386F-47E1-9E48-9AF5C6C0E04C}
2013-07-31 13:09 - 2013-07-31 13:09 - 00333112 _____ C:\Users\Steve\Downloads\wallpapers-mobile.zip
2013-07-31 11:00 - 2013-07-31 11:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{27561130-27E6-4796-80B0-41FD2DEB6B02}
2013-07-30 22:59 - 2013-07-30 22:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{209ABDD6-5B3F-4696-91FD-16B4282373DB}
2013-07-30 10:59 - 2013-07-30 10:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{39159F1B-EAC0-4E3D-990F-0A0357E19A89}
2013-07-29 22:59 - 2013-07-29 22:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{60395F9B-7002-45AF-ACFA-2485FBAF1607}
2013-07-29 10:58 - 2013-07-29 10:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{817F2AEA-211F-4C39-99E0-E5FA0EF0A84E}
2013-07-28 22:58 - 2013-07-28 22:57 - 00000000 ____D C:\Users\Steve\AppData\Local\{CE9F13D7-8EB1-4E68-BBDF-00F224867D73}
2013-07-28 09:50 - 2013-07-28 09:50 - 00000000 ____D C:\Users\Steve\AppData\Local\{5F8DB5EA-F7E4-4196-BFA9-E0A6B3435E12}
2013-07-27 19:30 - 2013-07-27 19:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{F4D8B3C6-9746-4369-9DA8-0CDB78E37487}
2013-07-27 07:29 - 2013-07-27 07:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{E59DC75F-68D1-4255-98D8-EA9B60C00472}
2013-07-26 19:29 - 2013-07-26 19:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{78648B04-A6EC-4936-B4AA-A7A4CA6E14CF}
2013-07-26 07:28 - 2013-07-26 07:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{69E466FF-4430-428E-AB65-9DA0DB972082}
2013-07-25 11:22 - 2011-01-17 09:01 - 00014588 _____ C:\Users\Steve\Documents\BILLS.xlsx
2013-07-25 11:06 - 2013-07-25 11:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{4BE5D56A-4159-4E43-91B4-A6F1526AD7A1}
2013-07-24 21:20 - 2013-07-24 21:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{71B2E4DC-AEF0-4198-A403-53CA14A3C250}
2013-07-24 09:19 - 2013-07-24 09:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{E6E927A1-78E1-4DED-AAF9-9117211118BA}
2013-07-23 21:18 - 2013-07-23 21:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE4B304F-FAF6-40B5-874B-1AD7C47F6D08}
2013-07-23 15:15 - 2013-06-19 07:05 - 00000000 ____D C:\Users\Steve\Documents\lissas phone 619
2013-07-23 07:18 - 2013-07-23 07:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{FEA40E68-13ED-490E-A178-20037CBE3A80}
2013-07-22 19:18 - 2013-07-22 19:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A04983-2E26-456B-AF20-58C6DDB7C8C3}
2013-07-22 18:19 - 2011-01-08 22:07 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-07-22 07:17 - 2013-07-22 07:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{CC3EB6C8-D255-455C-B99E-634030F68F24}
2013-07-21 14:19 - 2013-07-21 14:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple Computer
2013-07-21 08:38 - 2013-07-21 08:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE532573-C781-4F73-8358-D206AD9E2072}
2013-07-20 20:37 - 2013-07-20 20:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{B80F034F-F2B0-49FA-AD06-02C79E45AD94}
2013-07-20 08:37 - 2013-07-20 08:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{5BE57808-389B-4140-8000-9A281E051C02}
2013-07-19 20:36 - 2013-07-19 20:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{60EE698A-C1F4-4E29-AE2A-9252F810BC59}
2013-07-19 08:36 - 2013-07-19 08:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{A91D07E2-5AFA-47E1-A517-83EF20A78EA9}
2013-07-18 20:36 - 2013-07-18 20:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{656ED131-4487-4316-B2B6-257BEB865FD6}
2013-07-18 08:35 - 2013-07-18 08:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{A17F901D-8D5D-40C5-8377-F34361C66BEF}
2013-07-17 20:35 - 2013-07-17 20:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B99A64F4-3DB9-4950-89C0-37DD6DDC17DE}
2013-07-17 19:53 - 2013-07-17 19:53 - 00000000 ____D C:\Users\Steve\Documents\hatcher house
2013-07-17 19:26 - 2013-07-17 19:26 - 01369088 _____ C:\Users\Steve\Downloads\Spirituality (1).ppt
2013-07-17 19:24 - 2011-01-08 21:27 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2013-07-17 19:14 - 2013-07-17 19:13 - 01368576 _____ C:\Users\Steve\Downloads\Spirituality.ppt
2013-07-17 08:34 - 2013-07-17 08:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{94F2B160-2511-41ED-97B5-641F7E0A8E5D}
2013-07-16 20:34 - 2013-07-16 20:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B77292AA-3EA3-4C4F-A9BD-00CE924DC626}
2013-07-16 08:34 - 2013-07-16 08:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{12615699-9150-48C3-8428-5218B5F2BE71}
2013-07-16 08:11 - 2009-07-13 20:45 - 00029728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 08:11 - 2009-07-13 20:45 - 00029728 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 20:33 - 2013-07-15 20:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{03B01BD3-4A5C-497A-AFF5-8EAA72F60510}
2013-07-15 08:33 - 2013-07-15 08:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{958A0B8F-B47E-458A-84FD-309BAF221B0C}
2013-07-14 20:32 - 2013-07-14 20:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{F31145E4-48EA-4B01-AF78-4E95B86713E2}
2013-07-14 08:32 - 2013-07-14 08:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{C46E2F39-F643-4D9A-996D-E38C54819A99}
2013-07-13 20:32 - 2013-07-13 20:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D73F9E9E-0986-4F64-B181-5A5C1C58AF6E}
2013-07-13 08:31 - 2013-07-13 08:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D1ABB175-A755-4001-9A1B-B11AD6E8C5C9}
2013-07-12 20:34 - 2011-04-13 15:52 - 00002368 _____ C:\Users\Steve\Desktop\Google Chrome.lnk
2013-07-12 20:31 - 2013-07-12 20:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{745A0322-67D6-444A-BD3E-658DC8E5FF10}
2013-07-12 15:24 - 2011-04-13 15:50 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA
2013-07-12 15:24 - 2011-04-13 15:50 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core
2013-07-12 14:50 - 2013-07-12 14:25 - 00000000 ____D C:\Users\Steve\Desktop\Lsiting
2013-07-12 14:50 - 2011-01-10 14:01 - 00000000 ____D C:\Users\Steve\AppData\Roaming\XnView
2013-07-12 14:45 - 2011-05-24 13:33 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 14:45 - 2011-05-24 13:33 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 13:41 - 2013-03-01 12:03 - 00000000 ____D C:\Users\Steve\Desktop\iphone 51613
2013-07-12 08:30 - 2013-07-12 08:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{5FE7C14F-50B2-4691-971D-942858810C10}
2013-07-11 20:30 - 2013-07-11 20:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{28B2B5ED-1363-4A72-ACAE-1B3C75BED29D}
2013-07-11 08:29 - 2013-07-11 08:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{FCBE5E3A-3A12-4B23-9BD2-DA0D40539779}
2013-07-10 20:29 - 2013-07-10 20:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{62DFD0C7-E09B-42DF-9EF5-A940F0A27CE8}
2013-07-10 08:28 - 2013-07-10 08:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{FADCC702-FAFE-4F56-85FF-833617B35732}
2013-07-09 20:28 - 2013-07-09 20:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{25243505-EE55-480F-B180-0EB2844D13C7}
2013-07-09 14:44 - 2013-07-07 20:37 - 00000122 _____ C:\Users\Steve\Desktop\bill.txt
2013-07-09 08:28 - 2013-07-09 08:27 - 00000000 ____D C:\Users\Steve\AppData\Local\{F6DAE8B1-138C-476E-A094-A9BC6AA4E273}

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 7935.05 MB
Available physical RAM: 7124.57 MB
Total Pagefile: 7933.2 MB
Available Pagefile: 7122.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.64 GB) (Free:0.87 GB) NTFS (Disk=0 Partition=2)
Drive f: () (Removable) (Total:14.95 GB) (Free:11.49 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 140 GB) (Disk ID: 1E283E3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

LastRegBack: 2013-08-01 23:31

==================== End Of Log ============================



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:04 PM

Posted 09 August 2013 - 10:28 AM

The report shows no issues. Lets restore the registry with its backup.

 

Download the enclosed file. [attachment=140681:fixlist.txt]

 

Save it next to FRST64.

 

Run FRST64 as you did before, except this time around, click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Attempt to boot in Normal Mode, and let me know the outcome.

 

If unsuccessful, re-scan with  FRST64 once again and post its report.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 August 2013 - 01:21 AM

I did as you said, still unable to boot into normal mode, here is the log

-------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2013 02
Ran by SYSTEM at 2013-08-09 22:44:05 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====



#9 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 August 2013 - 01:26 AM

Here is the log in safe mode with networking after unsucessful boot attempt

-----------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Steve (administrator) on 09-08-2013 23:22:40
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex [686280 2012-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-06-14] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files\ASUS\Ai Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Steve\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Steve\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Steve\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Steve\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [falghbhpllkffjlfaoighejgnkkjcbgg] - C:\Users\Steve\AppData\Local\CRE\falghbhpllkffjlfaoighejgnkkjcbgg.crx

==================== Services (Whitelisted) =================

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-23] ()
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
S2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [89128 2012-06-27] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [116776 2012-06-27] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [113192 2012-06-27] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [33320 2012-06-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93224 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [68648 2012-06-27] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [116776 2012-06-27] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [304680 2012-06-27] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [109096 2012-06-27] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [112680 2012-06-27] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [219688 2012-07-12] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [105000 2012-06-27] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [167464 2012-07-13] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119336 2012-07-13] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205352 2012-07-13] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [123944 2012-07-13] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [130088 2012-07-13] (Panda Security, S.L.)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [28160 2011-10-04] ()
S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [21760 2011-10-04] (Via Telecom, Inc.)
S3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PSKMAD; System32\DRIVERS\PSKMAD.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-09 23:44 - 2013-08-09 23:44 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2013-08-08 23:54 - 2013-08-08 23:54 - 00000000 ____D C:\FRST
2013-08-08 22:49 - 2013-08-08 22:49 - 00000075 _____ C:\Users\Steve\Desktop\bill2.txt
2013-08-08 22:45 - 2013-08-08 22:45 - 01790169 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2013-08-08 09:26 - 2013-08-08 09:27 - 00000575 _____ C:\Users\Steve\Desktop\kayspaidfromdad.CSV
2013-08-08 09:19 - 2013-08-08 09:19 - 00055512 _____ C:\Users\Steve\Desktop\Chase Online - Search Results_aspx.htm
2013-08-07 15:43 - 2013-08-07 15:44 - 00010320 _____ C:\Users\Steve\Desktop\Result.txt
2013-08-07 14:20 - 2013-08-07 14:20 - 00000779 _____ C:\Windows\setupact.log
2013-08-07 14:20 - 2013-08-07 14:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 14:14 - 2013-08-07 14:14 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-07 13:37 - 2013-08-07 13:37 - 00002248 _____ C:\Windows\system32\.crusader
2013-08-07 13:31 - 2013-08-07 13:37 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 13:13 - 2013-08-07 13:13 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Steve\Desktop\mbam-setup.exe
2013-08-07 13:11 - 2013-08-07 13:13 - 00002892 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-07 13:11 - 2013-08-07 13:11 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\iExplore.exe
2013-08-07 12:59 - 2013-08-07 15:16 - 00001740 _____ C:\Windows\WindowsUpdate.log
2013-08-07 10:06 - 2013-08-09 23:17 - 00006596 _____ C:\Windows\PFRO.log
2013-08-07 01:02 - 2013-08-07 01:02 - 00000000 __SHD C:\$$PendingFiles
2013-08-06 23:28 - 2013-08-06 23:28 - 00002975 _____ C:\Users\Steve\Desktop\HiJackThis.lnk
2013-08-06 23:28 - 2013-08-06 23:28 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-08-06 23:28 - 2013-08-06 23:28 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-06 23:23 - 2013-08-06 23:23 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-06 23:12 - 2013-08-06 23:12 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Attentive Antivirus
2013-08-06 14:15 - 2013-08-06 14:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{586B4989-3565-49CE-AFAE-10F5E2DBD0E9}
2013-08-06 02:14 - 2013-08-06 02:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{8C604964-BD86-42D1-89B1-D8F67C13EF01}
2013-08-05 14:14 - 2013-08-05 14:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{7B9BF5AE-9081-4F3A-ACBE-743E0AA9511F}
2013-08-04 09:08 - 2013-08-04 09:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{DF88B297-AC4F-4102-B99E-0CE2B0F48580}
2013-08-03 21:07 - 2013-08-03 21:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{877A4DD0-069F-4D4F-811B-D7148AE943CB}
2013-08-03 09:07 - 2013-08-03 09:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{78E1A6A7-D8AD-4226-B6EA-685724F87C83}
2013-08-02 21:06 - 2013-08-02 21:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{75663571-D114-41CE-B07C-168BBADD6700}
2013-08-02 09:06 - 2013-08-02 09:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{6FC2CA7D-080E-4794-AF26-E53FA52E436C}
2013-08-02 07:23 - 2013-08-02 07:23 - 00000000 ____D C:\Users\Steve\AppData\Local\{74A1C4E3-7DFD-46F4-A888-8B7DAE764705}
2013-08-01 12:00 - 2013-08-01 12:01 - 00000000 ____D C:\Users\Steve\AppData\Local\{98314A99-D32E-4094-95B7-0FAD64A200DB}
2013-08-01 00:00 - 2013-08-01 00:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{A686F9C3-386F-47E1-9E48-9AF5C6C0E04C}
2013-07-31 14:09 - 2013-07-31 14:09 - 00333112 _____ C:\Users\Steve\Downloads\wallpapers-mobile.zip
2013-07-31 12:00 - 2013-07-31 12:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{27561130-27E6-4796-80B0-41FD2DEB6B02}
2013-07-30 23:59 - 2013-07-30 23:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{209ABDD6-5B3F-4696-91FD-16B4282373DB}
2013-07-30 11:59 - 2013-07-30 11:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{39159F1B-EAC0-4E3D-990F-0A0357E19A89}
2013-07-29 23:58 - 2013-07-29 23:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{60395F9B-7002-45AF-ACFA-2485FBAF1607}
2013-07-29 11:58 - 2013-07-29 11:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{817F2AEA-211F-4C39-99E0-E5FA0EF0A84E}
2013-07-28 23:57 - 2013-07-28 23:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{CE9F13D7-8EB1-4E68-BBDF-00F224867D73}
2013-07-28 10:50 - 2013-07-28 10:50 - 00000000 ____D C:\Users\Steve\AppData\Local\{5F8DB5EA-F7E4-4196-BFA9-E0A6B3435E12}
2013-07-27 20:29 - 2013-07-27 20:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{F4D8B3C6-9746-4369-9DA8-0CDB78E37487}
2013-07-27 08:29 - 2013-07-27 08:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{E59DC75F-68D1-4255-98D8-EA9B60C00472}
2013-07-26 20:28 - 2013-07-26 20:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{78648B04-A6EC-4936-B4AA-A7A4CA6E14CF}
2013-07-26 08:28 - 2013-07-26 08:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{69E466FF-4430-428E-AB65-9DA0DB972082}
2013-07-25 12:06 - 2013-07-25 12:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{4BE5D56A-4159-4E43-91B4-A6F1526AD7A1}
2013-07-24 22:19 - 2013-07-24 22:20 - 00000000 ____D C:\Users\Steve\AppData\Local\{71B2E4DC-AEF0-4198-A403-53CA14A3C250}
2013-07-24 10:19 - 2013-07-24 10:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{E6E927A1-78E1-4DED-AAF9-9117211118BA}
2013-07-23 22:18 - 2013-07-23 22:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE4B304F-FAF6-40B5-874B-1AD7C47F6D08}
2013-07-23 08:18 - 2013-07-23 08:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{FEA40E68-13ED-490E-A178-20037CBE3A80}
2013-07-22 20:17 - 2013-07-22 20:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A04983-2E26-456B-AF20-58C6DDB7C8C3}
2013-07-22 08:17 - 2013-07-22 08:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{CC3EB6C8-D255-455C-B99E-634030F68F24}
2013-07-21 15:19 - 2013-07-21 15:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple Computer
2013-07-21 09:37 - 2013-07-21 09:38 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE532573-C781-4F73-8358-D206AD9E2072}
2013-07-20 21:37 - 2013-07-20 21:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{B80F034F-F2B0-49FA-AD06-02C79E45AD94}
2013-07-20 09:37 - 2013-07-20 09:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{5BE57808-389B-4140-8000-9A281E051C02}
2013-07-19 21:36 - 2013-07-19 21:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{60EE698A-C1F4-4E29-AE2A-9252F810BC59}
2013-07-19 09:36 - 2013-07-19 09:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{A91D07E2-5AFA-47E1-A517-83EF20A78EA9}
2013-07-18 21:35 - 2013-07-18 21:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{656ED131-4487-4316-B2B6-257BEB865FD6}
2013-07-18 09:35 - 2013-07-18 09:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{A17F901D-8D5D-40C5-8377-F34361C66BEF}
2013-07-17 21:34 - 2013-07-17 21:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{B99A64F4-3DB9-4950-89C0-37DD6DDC17DE}
2013-07-17 20:53 - 2013-07-17 20:53 - 00000000 ____D C:\Users\Steve\Documents\hatcher house
2013-07-17 20:26 - 2013-07-17 20:26 - 01369088 _____ C:\Users\Steve\Downloads\Spirituality (1).ppt
2013-07-17 20:13 - 2013-07-17 20:14 - 01368576 _____ C:\Users\Steve\Downloads\Spirituality.ppt
2013-07-17 09:34 - 2013-07-17 09:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{94F2B160-2511-41ED-97B5-641F7E0A8E5D}
2013-07-16 21:34 - 2013-07-16 21:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B77292AA-3EA3-4C4F-A9BD-00CE924DC626}
2013-07-16 09:33 - 2013-07-16 09:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{12615699-9150-48C3-8428-5218B5F2BE71}
2013-07-15 21:33 - 2013-07-15 21:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{03B01BD3-4A5C-497A-AFF5-8EAA72F60510}
2013-07-15 09:32 - 2013-07-15 09:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{958A0B8F-B47E-458A-84FD-309BAF221B0C}
2013-07-14 21:32 - 2013-07-14 21:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{F31145E4-48EA-4B01-AF78-4E95B86713E2}
2013-07-14 09:32 - 2013-07-14 09:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{C46E2F39-F643-4D9A-996D-E38C54819A99}
2013-07-13 21:31 - 2013-07-13 21:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{D73F9E9E-0986-4F64-B181-5A5C1C58AF6E}
2013-07-13 09:31 - 2013-07-13 09:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D1ABB175-A755-4001-9A1B-B11AD6E8C5C9}
2013-07-12 21:31 - 2013-07-12 21:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{745A0322-67D6-444A-BD3E-658DC8E5FF10}
2013-07-12 15:25 - 2013-07-12 15:50 - 00000000 ____D C:\Users\Steve\Desktop\Lsiting
2013-07-12 09:30 - 2013-07-12 09:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{5FE7C14F-50B2-4691-971D-942858810C10}
2013-07-11 21:30 - 2013-07-11 21:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{28B2B5ED-1363-4A72-ACAE-1B3C75BED29D}
2013-07-11 09:29 - 2013-07-11 09:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{FCBE5E3A-3A12-4B23-9BD2-DA0D40539779}
2013-07-10 21:29 - 2013-07-10 21:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{62DFD0C7-E09B-42DF-9EF5-A940F0A27CE8}
2013-07-10 09:28 - 2013-07-10 09:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{FADCC702-FAFE-4F56-85FF-833617B35732}

==================== One Month Modified Files and Folders =======

2013-08-09 23:44 - 2013-08-09 23:44 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2013-08-09 23:22 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-08-09 23:21 - 2009-07-13 22:13 - 00780592 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-09 23:17 - 2013-08-07 10:06 - 00006596 _____ C:\Windows\PFRO.log
2013-08-08 23:54 - 2013-08-08 23:54 - 00000000 ____D C:\FRST
2013-08-08 22:49 - 2013-08-08 22:49 - 00000075 _____ C:\Users\Steve\Desktop\bill2.txt
2013-08-08 22:45 - 2013-08-08 22:45 - 01790169 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2013-08-08 09:27 - 2013-08-08 09:26 - 00000575 _____ C:\Users\Steve\Desktop\kayspaidfromdad.CSV
2013-08-08 09:19 - 2013-08-08 09:19 - 00055512 _____ C:\Users\Steve\Desktop\Chase Online - Search Results_aspx.htm
2013-08-07 15:44 - 2013-08-07 15:43 - 00010320 _____ C:\Users\Steve\Desktop\Result.txt
2013-08-07 15:16 - 2013-08-07 12:59 - 00001740 _____ C:\Windows\WindowsUpdate.log
2013-08-07 14:21 - 2012-07-16 17:37 - 00001908 _____ C:\Windows\diagwrn.xml
2013-08-07 14:21 - 2012-07-16 17:37 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-07 14:20 - 2013-08-07 14:20 - 00000779 _____ C:\Windows\setupact.log
2013-08-07 14:20 - 2013-08-07 14:20 - 00000000 _____ C:\Windows\setuperr.log
2013-08-07 14:14 - 2013-08-07 14:14 - 00032000 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-08-07 13:37 - 2013-08-07 13:37 - 00002248 _____ C:\Windows\system32\.crusader
2013-08-07 13:37 - 2013-08-07 13:31 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 13:37 - 2011-01-08 23:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 13:13 - 2013-08-07 13:13 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Steve\Desktop\mbam-setup.exe
2013-08-07 13:13 - 2013-08-07 13:11 - 00002892 _____ C:\Users\Steve\Desktop\Rkill.txt
2013-08-07 13:11 - 2013-08-07 13:11 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Steve\Desktop\iExplore.exe
2013-08-07 12:32 - 2012-11-07 21:10 - 00000000 ____D C:\Windows\erdnt
2013-08-07 12:28 - 2013-05-16 12:08 - 00000000 ____D C:\Users\Steve\Desktop\Refinance
2013-08-07 12:27 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-08-07 01:02 - 2013-08-07 01:02 - 00000000 __SHD C:\$$PendingFiles
2013-08-06 23:44 - 2011-01-08 19:12 - 00000177 ____H C:\dvmexp.idx
2013-08-06 23:29 - 2011-04-13 16:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job
2013-08-06 23:28 - 2013-08-06 23:28 - 00002975 _____ C:\Users\Steve\Desktop\HiJackThis.lnk
2013-08-06 23:28 - 2013-08-06 23:28 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-08-06 23:28 - 2013-08-06 23:28 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-06 23:26 - 2013-04-01 12:11 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2013-08-06 23:26 - 2013-02-05 19:31 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2013-08-06 23:26 - 2011-04-09 22:27 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-06 23:23 - 2013-08-06 23:23 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-06 23:12 - 2013-08-06 23:12 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Attentive Antivirus
2013-08-06 23:06 - 2011-05-24 14:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 23:06 - 2011-04-13 16:50 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2013-08-06 22:55 - 2011-11-10 19:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job
2013-08-06 22:50 - 2011-05-24 14:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 19:06 - 2011-08-26 08:44 - 00875930 _____ C:\Windows\SysWOW64\TVersityMediaServer.log
2013-08-06 16:54 - 2011-08-26 08:44 - 01024100 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.1
2013-08-06 16:29 - 2011-04-13 16:50 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job
2013-08-06 16:16 - 2011-05-06 23:16 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2013-08-06 15:57 - 2011-08-26 08:44 - 01024100 _____ C:\Windows\SysWOW64\TVersityMediaServer.log.2
2013-08-06 15:50 - 2011-05-24 14:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 14:15 - 2013-08-06 14:15 - 00000000 ____D C:\Users\Steve\AppData\Local\{586B4989-3565-49CE-AFAE-10F5E2DBD0E9}
2013-08-06 13:55 - 2011-11-10 19:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job
2013-08-06 02:15 - 2013-08-06 02:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{8C604964-BD86-42D1-89B1-D8F67C13EF01}
2013-08-05 14:14 - 2013-08-05 14:14 - 00000000 ____D C:\Users\Steve\AppData\Local\{7B9BF5AE-9081-4F3A-ACBE-743E0AA9511F}
2013-08-04 20:18 - 2013-03-27 20:15 - 00000000 ____D C:\Users\Steve\Desktop\logo mocks
2013-08-04 20:13 - 2011-01-17 11:07 - 00014639 _____ C:\Users\Steve\Documents\Bill Management.xlsx
2013-08-04 18:50 - 2012-08-19 20:57 - 00000000 ____D C:\Users\Steve\Documents\Grand Canyon University
2013-08-04 09:08 - 2013-08-04 09:08 - 00000000 ____D C:\Users\Steve\AppData\Local\{DF88B297-AC4F-4102-B99E-0CE2B0F48580}
2013-08-03 21:08 - 2013-08-03 21:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{877A4DD0-069F-4D4F-811B-D7148AE943CB}
2013-08-03 09:07 - 2013-08-03 09:07 - 00000000 ____D C:\Users\Steve\AppData\Local\{78E1A6A7-D8AD-4226-B6EA-685724F87C83}
2013-08-02 21:07 - 2013-08-02 21:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{75663571-D114-41CE-B07C-168BBADD6700}
2013-08-02 09:06 - 2013-08-02 09:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{6FC2CA7D-080E-4794-AF26-E53FA52E436C}
2013-08-02 07:23 - 2013-08-02 07:23 - 00000000 ____D C:\Users\Steve\AppData\Local\{74A1C4E3-7DFD-46F4-A888-8B7DAE764705}
2013-08-01 12:01 - 2013-08-01 12:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{98314A99-D32E-4094-95B7-0FAD64A200DB}
2013-08-01 00:00 - 2013-08-01 00:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{A686F9C3-386F-47E1-9E48-9AF5C6C0E04C}
2013-07-31 14:09 - 2013-07-31 14:09 - 00333112 _____ C:\Users\Steve\Downloads\wallpapers-mobile.zip
2013-07-31 12:00 - 2013-07-31 12:00 - 00000000 ____D C:\Users\Steve\AppData\Local\{27561130-27E6-4796-80B0-41FD2DEB6B02}
2013-07-30 23:59 - 2013-07-30 23:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{209ABDD6-5B3F-4696-91FD-16B4282373DB}
2013-07-30 11:59 - 2013-07-30 11:59 - 00000000 ____D C:\Users\Steve\AppData\Local\{39159F1B-EAC0-4E3D-990F-0A0357E19A89}
2013-07-29 23:59 - 2013-07-29 23:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{60395F9B-7002-45AF-ACFA-2485FBAF1607}
2013-07-29 11:58 - 2013-07-29 11:58 - 00000000 ____D C:\Users\Steve\AppData\Local\{817F2AEA-211F-4C39-99E0-E5FA0EF0A84E}
2013-07-28 23:58 - 2013-07-28 23:57 - 00000000 ____D C:\Users\Steve\AppData\Local\{CE9F13D7-8EB1-4E68-BBDF-00F224867D73}
2013-07-28 10:50 - 2013-07-28 10:50 - 00000000 ____D C:\Users\Steve\AppData\Local\{5F8DB5EA-F7E4-4196-BFA9-E0A6B3435E12}
2013-07-27 20:30 - 2013-07-27 20:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{F4D8B3C6-9746-4369-9DA8-0CDB78E37487}
2013-07-27 08:29 - 2013-07-27 08:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{E59DC75F-68D1-4255-98D8-EA9B60C00472}
2013-07-26 20:29 - 2013-07-26 20:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{78648B04-A6EC-4936-B4AA-A7A4CA6E14CF}
2013-07-26 08:28 - 2013-07-26 08:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{69E466FF-4430-428E-AB65-9DA0DB972082}
2013-07-25 12:22 - 2011-01-17 10:01 - 00014588 _____ C:\Users\Steve\Documents\BILLS.xlsx
2013-07-25 12:06 - 2013-07-25 12:06 - 00000000 ____D C:\Users\Steve\AppData\Local\{4BE5D56A-4159-4E43-91B4-A6F1526AD7A1}
2013-07-24 22:20 - 2013-07-24 22:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{71B2E4DC-AEF0-4198-A403-53CA14A3C250}
2013-07-24 10:19 - 2013-07-24 10:19 - 00000000 ____D C:\Users\Steve\AppData\Local\{E6E927A1-78E1-4DED-AAF9-9117211118BA}
2013-07-23 22:18 - 2013-07-23 22:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE4B304F-FAF6-40B5-874B-1AD7C47F6D08}
2013-07-23 16:15 - 2013-06-19 08:05 - 00000000 ____D C:\Users\Steve\Documents\lissas phone 619
2013-07-23 08:18 - 2013-07-23 08:18 - 00000000 ____D C:\Users\Steve\AppData\Local\{FEA40E68-13ED-490E-A178-20037CBE3A80}
2013-07-22 20:18 - 2013-07-22 20:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{40A04983-2E26-456B-AF20-58C6DDB7C8C3}
2013-07-22 19:19 - 2011-01-08 23:07 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-07-22 08:17 - 2013-07-22 08:17 - 00000000 ____D C:\Users\Steve\AppData\Local\{CC3EB6C8-D255-455C-B99E-634030F68F24}
2013-07-21 15:19 - 2013-07-21 15:19 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple Computer
2013-07-21 09:38 - 2013-07-21 09:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{BE532573-C781-4F73-8358-D206AD9E2072}
2013-07-20 21:37 - 2013-07-20 21:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{B80F034F-F2B0-49FA-AD06-02C79E45AD94}
2013-07-20 09:37 - 2013-07-20 09:37 - 00000000 ____D C:\Users\Steve\AppData\Local\{5BE57808-389B-4140-8000-9A281E051C02}
2013-07-19 21:36 - 2013-07-19 21:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{60EE698A-C1F4-4E29-AE2A-9252F810BC59}
2013-07-19 09:36 - 2013-07-19 09:36 - 00000000 ____D C:\Users\Steve\AppData\Local\{A91D07E2-5AFA-47E1-A517-83EF20A78EA9}
2013-07-18 21:36 - 2013-07-18 21:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{656ED131-4487-4316-B2B6-257BEB865FD6}
2013-07-18 09:35 - 2013-07-18 09:35 - 00000000 ____D C:\Users\Steve\AppData\Local\{A17F901D-8D5D-40C5-8377-F34361C66BEF}
2013-07-17 21:35 - 2013-07-17 21:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B99A64F4-3DB9-4950-89C0-37DD6DDC17DE}
2013-07-17 20:53 - 2013-07-17 20:53 - 00000000 ____D C:\Users\Steve\Documents\hatcher house
2013-07-17 20:26 - 2013-07-17 20:26 - 01369088 _____ C:\Users\Steve\Downloads\Spirituality (1).ppt
2013-07-17 20:24 - 2011-01-08 22:27 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2013-07-17 20:14 - 2013-07-17 20:13 - 01368576 _____ C:\Users\Steve\Downloads\Spirituality.ppt
2013-07-17 09:34 - 2013-07-17 09:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{94F2B160-2511-41ED-97B5-641F7E0A8E5D}
2013-07-16 21:34 - 2013-07-16 21:34 - 00000000 ____D C:\Users\Steve\AppData\Local\{B77292AA-3EA3-4C4F-A9BD-00CE924DC626}
2013-07-16 09:34 - 2013-07-16 09:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{12615699-9150-48C3-8428-5218B5F2BE71}
2013-07-16 09:11 - 2009-07-13 21:45 - 00029728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 09:11 - 2009-07-13 21:45 - 00029728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 21:33 - 2013-07-15 21:33 - 00000000 ____D C:\Users\Steve\AppData\Local\{03B01BD3-4A5C-497A-AFF5-8EAA72F60510}
2013-07-15 09:33 - 2013-07-15 09:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{958A0B8F-B47E-458A-84FD-309BAF221B0C}
2013-07-14 21:32 - 2013-07-14 21:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{F31145E4-48EA-4B01-AF78-4E95B86713E2}
2013-07-14 09:32 - 2013-07-14 09:32 - 00000000 ____D C:\Users\Steve\AppData\Local\{C46E2F39-F643-4D9A-996D-E38C54819A99}
2013-07-13 21:32 - 2013-07-13 21:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D73F9E9E-0986-4F64-B181-5A5C1C58AF6E}
2013-07-13 09:31 - 2013-07-13 09:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{D1ABB175-A755-4001-9A1B-B11AD6E8C5C9}
2013-07-12 21:34 - 2011-04-13 16:52 - 00002368 _____ C:\Users\Steve\Desktop\Google Chrome.lnk
2013-07-12 21:31 - 2013-07-12 21:31 - 00000000 ____D C:\Users\Steve\AppData\Local\{745A0322-67D6-444A-BD3E-658DC8E5FF10}
2013-07-12 16:24 - 2011-04-13 16:50 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA
2013-07-12 16:24 - 2011-04-13 16:50 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core
2013-07-12 15:50 - 2013-07-12 15:25 - 00000000 ____D C:\Users\Steve\Desktop\Lsiting
2013-07-12 15:50 - 2011-01-10 15:01 - 00000000 ____D C:\Users\Steve\AppData\Roaming\XnView
2013-07-12 15:45 - 2011-05-24 14:33 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 15:45 - 2011-05-24 14:33 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 14:41 - 2013-03-01 13:03 - 00000000 ____D C:\Users\Steve\Desktop\iphone 51613
2013-07-12 09:30 - 2013-07-12 09:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{5FE7C14F-50B2-4691-971D-942858810C10}
2013-07-11 21:30 - 2013-07-11 21:30 - 00000000 ____D C:\Users\Steve\AppData\Local\{28B2B5ED-1363-4A72-ACAE-1B3C75BED29D}
2013-07-11 09:29 - 2013-07-11 09:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{FCBE5E3A-3A12-4B23-9BD2-DA0D40539779}
2013-07-10 21:29 - 2013-07-10 21:29 - 00000000 ____D C:\Users\Steve\AppData\Local\{62DFD0C7-E09B-42DF-9EF5-A940F0A27CE8}
2013-07-10 09:28 - 2013-07-10 09:28 - 00000000 ____D C:\Users\Steve\AppData\Local\{FADCC702-FAFE-4F56-85FF-833617B35732}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-02 00:31

==================== End Of Log ============================



There was also a notepad doc that said addition. here is its contents

---------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by Steve at 2013-08-09 23:23:20
Running from E:\
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

  
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-Zip 9.20 (x32)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (x32 Version: 10.3.181.34)
Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.257)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Advertising Center (x32 Version: 0.0.0.2)
AI Direct Link (x32 Version: 1.00.26)
AI Suite (x32 Version: 1.06.20)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AviSynth 2.5 (x32)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite FAX-2820 (x32 Version: 1.0.1.0)
CameraHelperMsi (x32 Version: 13.25.1010.0)
Catalyst Control Center Core Implementation (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (x32 Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (x32 Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (x32 Version: 2010.0210.2205.39615)
CCC Help Czech (x32 Version: 2010.0210.2205.39615)
CCC Help Danish (x32 Version: 2010.0210.2205.39615)
CCC Help Dutch (x32 Version: 2010.0210.2205.39615)
CCC Help English (x32 Version: 2010.0210.2205.39615)
CCC Help Finnish (x32 Version: 2010.0210.2205.39615)
CCC Help French (x32 Version: 2010.0210.2205.39615)
CCC Help German (x32 Version: 2010.0210.2205.39615)
CCC Help Greek (x32 Version: 2010.0210.2205.39615)
CCC Help Hungarian (x32 Version: 2010.0210.2205.39615)
CCC Help Italian (x32 Version: 2010.0210.2205.39615)
CCC Help Japanese (x32 Version: 2010.0210.2205.39615)
CCC Help Korean (x32 Version: 2010.0210.2205.39615)
CCC Help Norwegian (x32 Version: 2010.0210.2205.39615)
CCC Help Polish (x32 Version: 2010.0210.2205.39615)
CCC Help Portuguese (x32 Version: 2010.0210.2205.39615)
CCC Help Russian (x32 Version: 2010.0210.2205.39615)
CCC Help Spanish (x32 Version: 2010.0210.2205.39615)
CCC Help Swedish (x32 Version: 2010.0210.2205.39615)
CCC Help Thai (x32 Version: 2010.0210.2205.39615)
CCC Help Turkish (x32 Version: 2010.0210.2205.39615)
ccc-core-static (x32 Version: 2010.0210.2206.39615)
ccc-utility64 (Version: 2010.0210.2206.39615)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Cool & Quiet (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DIRECTV Player (x32 Version: 8.0)
eaner (Version: 3.09)
EaseUS Partition Master 9.1.1 Home Edition (x32)
EPU (x32 Version: 1.02.21)
erLT (x32 Version: 1.20.138.34)
Express Gate (x32 Version: 1.5.17.11)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
ffdshow v1.2.4422 [2012-04-09] (x32 Version: 1.2.4422.0)
ffdshow x64 v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Flickr Uploadr 3.2.1 (x32)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (HKCU Version: 28.0.1500.72)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GPU Boost Driver (x32 Version: 1.01.15)
HandBrake 0.9.8 (x32 Version: 0.9.8)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (x32 Version: 140.0.2.2)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
iCamSource (x32 Version: 2.6)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
iisnode for iis 7.x dev package (x32 Version: 0.1.21.0)
ImagXpress (x32 Version: 7.0.74.0)
ImgBurn (x32 Version: 2.5.7.0)
iSpy (64 bit) (Version: 5.1.3)
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 7.1.0 (x32 Version: 7.1.0)
KompoZer 0.8b3 (x32)
LightScribe System Software (x32 Version: 1.18.9.1)
Logitech Webcam Software (x32 Version: 2.0)
LWS Facebook (x32 Version: 13.20.1166.0)
LWS Gallery (x32 Version: 13.20.1166.0)
LWS Help_main (x32 Version: 13.25.1016.0)
LWS Launcher (x32 Version: 13.20.1166.0)
LWS Motion Detection (x32 Version: 13.20.1176.0)
LWS Pictures And Video (x32 Version: 13.25.1010.0)
LWS Twitter (x32 Version: 13.20.1166.0)
LWS Video Mask Maker (x32 Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (x32 Version: 13.20.1168.0)
LWS WLM Plugin (x32 Version: 1.20.1166.0)
LWS YouTube Plugin (x32 Version: 13.20.1166.0)
Magic ISO Maker v5.5 (build 0276) (x32)
MagicDisc 2.7.106 (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET Web Pages 2 (x32 Version: 2.0.20715.0)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20715.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework  (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Management Objects  (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (x32 Version: 4.0.8854.1)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (Version: 4.0.8854.1)
Microsoft SQL Server Compact 4.0 Web Tools ENU (x32 Version: 4.0.8482.1)
Microsoft SQL Server System CLR Types (x32 Version: 10.51.2500.0)
Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Platform Installer 4.5 (Version: 4.0.1863)
Microsoft WebMatrix 2 (x32 Version: 2.0.1692)
Microsoft Works (x32 Version: 9.7.0621)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MySQL Connector Net 6.5.4 (x32 Version: 6.5.4)
Nero 9 Essentials (x32)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero BurnRights Help (x32 Version: 3.4.4.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.4.12.100)
Nero CoverDesigner Help (x32 Version: 4.4.9.100)
Nero Disc Copy Gadget (x32 Version: 2.4.34.0)
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.33.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.33.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
node.js (x32 Version: 0.6.20)
Panda Cloud Antivirus (Version: 4.02.00.0000)
Panda Cloud Antivirus (x32 Version: 2.0.0)
PC Probe II (x32 Version: 1.04.86)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Photo Pos Pro (x32 Version: 1.87)
Picasa 3 (x32 Version: 3.9)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
QuickTime (x32 Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6151)
Recuva (Version: 1.42)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.6.0)
Shutterfly Express Uploader (x32 Version: 1.1.0)
Shutterfly Express Uploader (x32 Version: 1.1.0.0)
Skype™ 5.3 (x32 Version: 5.3.120)
Tango (HKCU Version: 1.6.12955)
TeamViewer 7 (x32 Version: 7.0.13989)
TurboV EVO (x32 Version: 1.02.32)
TVersity Codec Pack 1.7 (x32 Version: 1.7)
TVersity Media Server 1.9.7 (x32 Version: 1.9.7)
Type light 3.2.018 (x32 Version: 018)
UNetbootin (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
WBFS Manager 3.0 (x32 Version: 3.0)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Azure Authoring Tools - October 2012 Release (Version: 1.8.31351.1533)
Windows Azure Command Line Tools (x32 Version: 0.6.13)
Windows Azure Libraries for .NET – October 2012 (Version: 1.8)
Windows Installer Clean Up (x32 Version: 3.00.00.0000)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver (x32)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
XnView 1.96 (x32 Version: 1.96)
Yawcam 0.3.6 (x32)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-08-07 10:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1E82D128-9142-4691-85EF-A9DD995790FC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA => C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {2ECD659E-CDBD-42C5-BA75-D2FD3BBFA67E} - System32\Tasks\ASUS\Gpu Boost Driver => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [2010-03-27] (
ASUSTeK Computer Inc.)
Task: {38565E91-BE48-4E0A-B0E0-909FBF6123F1} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-02-05] ()
Task: {3BE48A13-F375-4994-84CA-3B001ED5B88E} - System32\Tasks\{AD24087A-7E1E-47AF-881C-4EABA98D74A8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-06-15] (Skype Technologies S.A.)
Task: {4DA11496-05F0-425B-9E26-6935C63CF0DF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-02-05] ()
Task: {74F2609E-BA5F-401F-A59D-16F4CD1BE099} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7969F0B6-32AB-4D36-B219-A28BA92082A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {8805925A-7E04-496B-AF78-0BB2CD9CD5DE} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {8D68C236-7980-4501-B401-04E910A8E920} - System32\Tasks\{A90E56FF-9398-49E0-818B-28ADBE021DB2} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-02-01] (Microsoft Corporation)
Task: {91F367A4-7728-4C94-92AC-E4B146B3E78D} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.05\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {9B750B96-77E2-4C73-B786-A548708A3A2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-13] (Google Inc.)
Task: {9F49304D-44B4-4B70-95F5-1E1C0FC8038A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {A4041CD5-95B8-46E0-A4EC-5A2B8CB0CA52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24] (Google Inc.)
Task: {C5AC8756-5FB9-412F-A095-703701054EA4} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File
Task: {CFCB24BD-1E95-4A10-8319-602F9CD2ED62} - System32\Tasks\ASUS\Launch AI Direct Link => C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [2008-06-17] ()
Task: {D53B2830-C7E0-4F82-9091-9D6A775FEE81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core => C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DE510F33-6BA9-4C63-858F-D94DD94ACC1C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job => C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job => C:\Users\Steve\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3240809344-1886934652-2886331259-1000UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 05:26:31 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/09/2013 07:07:22 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/09/2013 07:04:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/08/2013 11:29:02 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/08/2013 11:28:06 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/08/2013 01:51:43 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/08/2013 10:32:01 AM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (08/08/2013 10:31:38 AM) (Source: SignInAssistant) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (08/08/2013 09:27:02 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (08/08/2013 07:40:33 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

System errors:
=============
Error: (08/09/2013 11:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:19:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:19:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:19:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:19:50 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/09/2013 11:18:22 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (08/09/2013 11:18:22 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (08/09/2013 11:18:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Microsoft Office Sessions:
=========================
Error: (08/09/2013 05:26:31 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/09/2013 07:07:22 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/09/2013 07:04:30 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/08/2013 11:29:02 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/08/2013 11:28:06 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/08/2013 01:51:43 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/08/2013 10:32:01 AM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c

Error: (08/08/2013 10:31:38 AM) (Source: SignInAssistant)(User: )
Description: StartService failed with hr = 0x8007043c

Error: (08/08/2013 09:27:02 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (08/08/2013 07:40:33 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

CodeIntegrity Errors:
===================================
  Date: 2013-08-07 10:01:34.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 10:01:34.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 10:01:34.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 10:01:34.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 09:00:44.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 09:00:43.972
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 09:00:43.925
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-07 09:00:43.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-06 23:42:38.703
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-06 23:42:38.532
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 7935.05 MB
Available physical RAM: 6979.22 MB
Total Pagefile: 13579.39 MB
Available Pagefile: 12660.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.64 GB) (Free:0.98 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Removable) (Total:14.95 GB) (Free:11.49 GB) NTFS (Disk=6 Partition=1)
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 140 GB) (Disk ID: 1E283E3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:04 PM

Posted 10 August 2013 - 11:45 AM

Run FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

spldr.sys

It then should look like:

Search: spldr.sys

Click Search button and post the log (Search.txt) it makes next to FRST in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 11 August 2013 - 12:24 AM

Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by Steve at 2013-08-10 22:21:27
Running from E:\
Boot Mode: Safe Mode (with Networking)

================== Search: "spldr.sys" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
[2009-07-13 13:27] - [2009-07-13 18:45] - 0019008 ____A (Microsoft Corporation) B9E31E5CACDFE584F34F730A677803F9

C:\Windows\System32\drivers\spldr.sys
[2009-07-13 13:27] - [2009-07-13 18:45] - 0019008 ____A (Microsoft Corporation) B9E31E5CACDFE584F34F730A677803F9

====== End Of Search ======



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:04 PM

Posted 11 August 2013 - 11:46 AM

No issue with that file.

 

Lets try a clean boot to troubleshoot Windows.

 

Here are the instructions.

 

Let me know the item, if any, is causing this issue.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 11 August 2013 - 02:56 PM

Okay performed the clean boot disabling all services including microsoft services and disabled startup options, rebooted, stuck on glowing windows 7 logo for 30 minutes, it rebooted itself into windows recovery and tried to fix windows and didnt work. Back in safe mode with networking. clean boot unsuccessful....



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:04 PM

Posted 11 August 2013 - 06:01 PM

Lets check the files' Integrity.

Open an Administrator Command prompt (Open the Start Menu, type cmd in the search box, and press CTRL+SHIFT+ENTER.) At the command prompt copy and paste the following and pres Enter.

SFC /ScanNow

After finished, if files were found corrupted and not repaired, at the prompt copy and paste the following and press Enter:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

That should produce a report on your desktop, sfcdetails.txt. Attempt to attach that report on your reply.

Type Exit and press Enter to return to Windows.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 sbeard24

sbeard24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 11 August 2013 - 06:35 PM

No integrity Issues found.  

2013-08-11 16:26:10, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:10, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:11, Info                  CSI    0000000c [SR] Verify complete
2013-08-11 16:26:12, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:12, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:13, Info                  CSI    00000010 [SR] Verify complete
2013-08-11 16:26:13, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:13, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:16, Info                  CSI    00000014 [SR] Verify complete
2013-08-11 16:26:16, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:16, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:18, Info                  CSI    00000018 [SR] Verify complete
2013-08-11 16:26:18, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:18, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:20, Info                  CSI    0000001c [SR] Verify complete
2013-08-11 16:26:20, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:20, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:23, Info                  CSI    00000020 [SR] Verify complete
2013-08-11 16:26:23, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:23, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:24, Info                  CSI    00000024 [SR] Verify complete
2013-08-11 16:26:24, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:24, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:26, Info                  CSI    00000028 [SR] Verify complete
2013-08-11 16:26:26, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:26, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:30, Info                  CSI    0000002d [SR] Verify complete
2013-08-11 16:26:30, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:30, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:33, Info                  CSI    00000033 [SR] Verify complete
2013-08-11 16:26:33, Info                  CSI    00000034 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:33, Info                  CSI    00000035 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:36, Info                  CSI    00000038 [SR] Verify complete
2013-08-11 16:26:36, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:36, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:39, Info                  CSI    0000003d [SR] Verify complete
2013-08-11 16:26:39, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:39, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:43, Info                  CSI    00000041 [SR] Verify complete
2013-08-11 16:26:43, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:43, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:48, Info                  CSI    00000065 [SR] Verify complete
2013-08-11 16:26:48, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:48, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:52, Info                  CSI    0000006c [SR] Verify complete
2013-08-11 16:26:52, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:52, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:55, Info                  CSI    00000070 [SR] Verify complete
2013-08-11 16:26:55, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:55, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2013-08-11 16:26:58, Info                  CSI    00000074 [SR] Verify complete
2013-08-11 16:26:58, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:26:58, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:01, Info                  CSI    00000078 [SR] Verify complete
2013-08-11 16:27:01, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:01, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:05, Info                  CSI    0000007c [SR] Verify complete
2013-08-11 16:27:05, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:05, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:11, Info                  CSI    000000a1 [SR] Verify complete
2013-08-11 16:27:11, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:11, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:15, Info                  CSI    000000a5 [SR] Verify complete
2013-08-11 16:27:15, Info                  CSI    000000a6 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:15, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:22, Info                  CSI    000000a9 [SR] Verify complete
2013-08-11 16:27:22, Info                  CSI    000000aa [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:22, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:28, Info                  CSI    000000af [SR] Verify complete
2013-08-11 16:27:28, Info                  CSI    000000b0 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:28, Info                  CSI    000000b1 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:30, Info                  CSI    000000b3 [SR] Verify complete
2013-08-11 16:27:30, Info                  CSI    000000b4 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:30, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:31, Info                  CSI    000000b7 [SR] Verify complete
2013-08-11 16:27:31, Info                  CSI    000000b8 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:31, Info                  CSI    000000b9 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:32, Info                  CSI    000000bb [SR] Verify complete
2013-08-11 16:27:32, Info                  CSI    000000bc [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:32, Info                  CSI    000000bd [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:38, Info                  CSI    000000d0 [SR] Verify complete
2013-08-11 16:27:38, Info                  CSI    000000d1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:38, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:40, Info                  CSI    000000d4 [SR] Verify complete
2013-08-11 16:27:40, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:40, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:41, Info                  CSI    000000d8 [SR] Verify complete
2013-08-11 16:27:41, Info                  CSI    000000d9 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:41, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:44, Info                  CSI    000000dc [SR] Verify complete
2013-08-11 16:27:44, Info                  CSI    000000dd [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:44, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:47, Info                  CSI    000000e0 [SR] Verify complete
2013-08-11 16:27:47, Info                  CSI    000000e1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:47, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:52, Info                  CSI    000000e6 [SR] Verify complete
2013-08-11 16:27:52, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:52, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:55, Info                  CSI    000000ea [SR] Verify complete
2013-08-11 16:27:55, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:55, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2013-08-11 16:27:56, Info                  CSI    000000ee [SR] Verify complete
2013-08-11 16:27:56, Info                  CSI    000000ef [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:27:56, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:01, Info                  CSI    000000f2 [SR] Verify complete
2013-08-11 16:28:01, Info                  CSI    000000f3 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:01, Info                  CSI    000000f4 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:05, Info                  CSI    000000f6 [SR] Verify complete
2013-08-11 16:28:05, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:05, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:07, Info                  CSI    000000fa [SR] Verify complete
2013-08-11 16:28:08, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:08, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:14, Info                  CSI    000000ff [SR] Verify complete
2013-08-11 16:28:14, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:14, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:18, Info                  CSI    00000118 [SR] Verify complete
2013-08-11 16:28:19, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:19, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:22, Info                  CSI    0000011c [SR] Verify complete
2013-08-11 16:28:22, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:22, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:32, Info                  CSI    00000120 [SR] Verify complete
2013-08-11 16:28:32, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:32, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:38, Info                  CSI    00000125 [SR] Verify complete
2013-08-11 16:28:38, Info                  CSI    00000126 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:38, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:42, Info                  CSI    00000129 [SR] Verify complete
2013-08-11 16:28:43, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:43, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:45, Info                  CSI    0000012d [SR] Verify complete
2013-08-11 16:28:45, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:45, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:49, Info                  CSI    00000131 [SR] Verify complete
2013-08-11 16:28:49, Info                  CSI    00000132 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:49, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:51, Info                  CSI    00000135 [SR] Verify complete
2013-08-11 16:28:51, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:51, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2013-08-11 16:28:54, Info                  CSI    0000013b [SR] Verify complete
2013-08-11 16:28:54, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:28:54, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:01, Info                  CSI    0000013f [SR] Verify complete
2013-08-11 16:29:01, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:01, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:06, Info                  CSI    00000144 [SR] Verify complete
2013-08-11 16:29:06, Info                  CSI    00000145 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:06, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:10, Info                  CSI    00000148 [SR] Verify complete
2013-08-11 16:29:10, Info                  CSI    00000149 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:10, Info                  CSI    0000014a [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:13, Info                  CSI    0000014d [SR] Verify complete
2013-08-11 16:29:13, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:13, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:16, Info                  CSI    00000151 [SR] Verify complete
2013-08-11 16:29:16, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:16, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:21, Info                  CSI    00000156 [SR] Verify complete
2013-08-11 16:29:21, Info                  CSI    00000157 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:21, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:24, Info                  CSI    0000015a [SR] Verify complete
2013-08-11 16:29:24, Info                  CSI    0000015b [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:24, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:27, Info                  CSI    0000015e [SR] Verify complete
2013-08-11 16:29:27, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:27, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:30, Info                  CSI    00000162 [SR] Verify complete
2013-08-11 16:29:30, Info                  CSI    00000163 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:30, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:34, Info                  CSI    00000167 [SR] Verify complete
2013-08-11 16:29:34, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:34, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:37, Info                  CSI    0000016b [SR] Verify complete
2013-08-11 16:29:37, Info                  CSI    0000016c [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:37, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:40, Info                  CSI    00000170 [SR] Verify complete
2013-08-11 16:29:40, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:40, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:44, Info                  CSI    00000174 [SR] Verify complete
2013-08-11 16:29:45, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:45, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:48, Info                  CSI    0000017b [SR] Verify complete
2013-08-11 16:29:48, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:48, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:52, Info                  CSI    0000017f [SR] Verify complete
2013-08-11 16:29:52, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:52, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:55, Info                  CSI    00000184 [SR] Verify complete
2013-08-11 16:29:56, Info                  CSI    00000185 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:56, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2013-08-11 16:29:59, Info                  CSI    00000188 [SR] Verify complete
2013-08-11 16:29:59, Info                  CSI    00000189 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:29:59, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:01, Info                  CSI    0000018c [SR] Verify complete
2013-08-11 16:30:01, Info                  CSI    0000018d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:01, Info                  CSI    0000018e [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:03, Info                  CSI    00000190 [SR] Verify complete
2013-08-11 16:30:04, Info                  CSI    00000191 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:04, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:06, Info                  CSI    00000194 [SR] Verify complete
2013-08-11 16:30:06, Info                  CSI    00000195 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:06, Info                  CSI    00000196 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:09, Info                  CSI    00000198 [SR] Verify complete
2013-08-11 16:30:09, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:09, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:12, Info                  CSI    0000019c [SR] Verify complete
2013-08-11 16:30:12, Info                  CSI    0000019d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:12, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:13, Info                  CSI    000001a0 [SR] Verify complete
2013-08-11 16:30:14, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:14, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:17, Info                  CSI    000001a4 [SR] Verify complete
2013-08-11 16:30:17, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:17, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:28, Info                  CSI    000001a8 [SR] Verify complete
2013-08-11 16:30:28, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:28, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:38, Info                  CSI    000001ac [SR] Verify complete
2013-08-11 16:30:38, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:38, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:43, Info                  CSI    000001b0 [SR] Verify complete
2013-08-11 16:30:43, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:43, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:45, Info                  CSI    000001b4 [SR] Verify complete
2013-08-11 16:30:45, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:45, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:47, Info                  CSI    000001b8 [SR] Verify complete
2013-08-11 16:30:47, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:47, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:49, Info                  CSI    000001bc [SR] Verify complete
2013-08-11 16:30:49, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:49, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:52, Info                  CSI    000001c0 [SR] Verify complete
2013-08-11 16:30:52, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:52, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:57, Info                  CSI    000001ca [SR] Verify complete
2013-08-11 16:30:57, Info                  CSI    000001cb [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:57, Info                  CSI    000001cc [SR] Beginning Verify and Repair transaction
2013-08-11 16:30:59, Info                  CSI    000001ce [SR] Verify complete
2013-08-11 16:30:59, Info                  CSI    000001cf [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:30:59, Info                  CSI    000001d0 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:01, Info                  CSI    000001d2 [SR] Verify complete
2013-08-11 16:31:02, Info                  CSI    000001d3 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:02, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:04, Info                  CSI    000001d6 [SR] Verify complete
2013-08-11 16:31:04, Info                  CSI    000001d7 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:04, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:07, Info                  CSI    000001da [SR] Verify complete
2013-08-11 16:31:07, Info                  CSI    000001db [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:07, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:11, Info                  CSI    000001df [SR] Verify complete
2013-08-11 16:31:11, Info                  CSI    000001e0 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:11, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:14, Info                  CSI    000001e3 [SR] Verify complete
2013-08-11 16:31:14, Info                  CSI    000001e4 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:14, Info                  CSI    000001e5 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:16, Info                  CSI    000001e7 [SR] Verify complete
2013-08-11 16:31:16, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:16, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:20, Info                  CSI    000001eb [SR] Verify complete
2013-08-11 16:31:20, Info                  CSI    000001ec [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:20, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:26, Info                  CSI    000001f2 [SR] Verify complete
2013-08-11 16:31:26, Info                  CSI    000001f3 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:26, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:30, Info                  CSI    000001f9 [SR] Verify complete
2013-08-11 16:31:30, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:30, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:34, Info                  CSI    000001fe [SR] Verify complete
2013-08-11 16:31:34, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:34, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:38, Info                  CSI    0000020b [SR] Verify complete
2013-08-11 16:31:38, Info                  CSI    0000020c [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:38, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:42, Info                  CSI    00000213 [SR] Verify complete
2013-08-11 16:31:43, Info                  CSI    00000214 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:43, Info                  CSI    00000215 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:46, Info                  CSI    00000217 [SR] Verify complete
2013-08-11 16:31:46, Info                  CSI    00000218 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:46, Info                  CSI    00000219 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:48, Info                  CSI    0000021d [SR] Verify complete
2013-08-11 16:31:48, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:48, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:50, Info                  CSI    00000221 [SR] Verify complete
2013-08-11 16:31:50, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:50, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:54, Info                  CSI    00000248 [SR] Verify complete
2013-08-11 16:31:55, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:55, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
2013-08-11 16:31:57, Info                  CSI    0000024c [SR] Verify complete
2013-08-11 16:31:57, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:31:57, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:00, Info                  CSI    00000250 [SR] Verify complete
2013-08-11 16:32:00, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:00, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:03, Info                  CSI    0000025f [SR] Verify complete
2013-08-11 16:32:03, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:03, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:06, Info                  CSI    00000264 [SR] Verify complete
2013-08-11 16:32:06, Info                  CSI    00000265 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:06, Info                  CSI    00000266 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:10, Info                  CSI    00000269 [SR] Verify complete
2013-08-11 16:32:10, Info                  CSI    0000026a [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:10, Info                  CSI    0000026b [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:14, Info                  CSI    00000278 [SR] Verify complete
2013-08-11 16:32:14, Info                  CSI    00000279 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:14, Info                  CSI    0000027a [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:16, Info                  CSI    0000027c [SR] Verify complete
2013-08-11 16:32:16, Info                  CSI    0000027d [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:16, Info                  CSI    0000027e [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:19, Info                  CSI    00000281 [SR] Verify complete
2013-08-11 16:32:19, Info                  CSI    00000282 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:19, Info                  CSI    00000283 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:21, Info                  CSI    00000285 [SR] Verify complete
2013-08-11 16:32:21, Info                  CSI    00000286 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:21, Info                  CSI    00000287 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:25, Info                  CSI    00000289 [SR] Verify complete
2013-08-11 16:32:25, Info                  CSI    0000028a [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:25, Info                  CSI    0000028b [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:28, Info                  CSI    0000028d [SR] Verify complete
2013-08-11 16:32:28, Info                  CSI    0000028e [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:28, Info                  CSI    0000028f [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:31, Info                  CSI    00000291 [SR] Verify complete
2013-08-11 16:32:31, Info                  CSI    00000292 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:31, Info                  CSI    00000293 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:36, Info                  CSI    000002ad [SR] Verify complete
2013-08-11 16:32:36, Info                  CSI    000002ae [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:36, Info                  CSI    000002af [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:39, Info                  CSI    000002b1 [SR] Verify complete
2013-08-11 16:32:39, Info                  CSI    000002b2 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:39, Info                  CSI    000002b3 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:47, Info                  CSI    000002b5 [SR] Verify complete
2013-08-11 16:32:47, Info                  CSI    000002b6 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:47, Info                  CSI    000002b7 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:50, Info                  CSI    000002b9 [SR] Verify complete
2013-08-11 16:32:50, Info                  CSI    000002ba [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:50, Info                  CSI    000002bb [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:52, Info                  CSI    000002bf [SR] Verify complete
2013-08-11 16:32:52, Info                  CSI    000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:52, Info                  CSI    000002c1 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:53, Info                  CSI    000002c3 [SR] Verify complete
2013-08-11 16:32:54, Info                  CSI    000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:54, Info                  CSI    000002c5 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:56, Info                  CSI    000002c7 [SR] Verify complete
2013-08-11 16:32:56, Info                  CSI    000002c8 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:56, Info                  CSI    000002c9 [SR] Beginning Verify and Repair transaction
2013-08-11 16:32:59, Info                  CSI    000002cb [SR] Verify complete
2013-08-11 16:32:59, Info                  CSI    000002cc [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:32:59, Info                  CSI    000002cd [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:01, Info                  CSI    000002d0 [SR] Verify complete
2013-08-11 16:33:01, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:01, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:03, Info                  CSI    000002d4 [SR] Verify complete
2013-08-11 16:33:03, Info                  CSI    000002d5 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:03, Info                  CSI    000002d6 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:06, Info                  CSI    000002d9 [SR] Verify complete
2013-08-11 16:33:06, Info                  CSI    000002da [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:06, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:09, Info                  CSI    000002dd [SR] Verify complete
2013-08-11 16:33:09, Info                  CSI    000002de [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:09, Info                  CSI    000002df [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:11, Info                  CSI    000002e2 [SR] Verify complete
2013-08-11 16:33:12, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:12, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:14, Info                  CSI    000002e6 [SR] Verify complete
2013-08-11 16:33:14, Info                  CSI    000002e7 [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:14, Info                  CSI    000002e8 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:17, Info                  CSI    000002ea [SR] Verify complete
2013-08-11 16:33:17, Info                  CSI    000002eb [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:17, Info                  CSI    000002ec [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:19, Info                  CSI    000002ee [SR] Verify complete
2013-08-11 16:33:19, Info                  CSI    000002ef [SR] Verifying 100 (0x0000000000000064) components
2013-08-11 16:33:19, Info                  CSI    000002f0 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:22, Info                  CSI    000002f2 [SR] Verify complete
2013-08-11 16:33:22, Info                  CSI    000002f3 [SR] Verifying 51 (0x0000000000000033) components
2013-08-11 16:33:22, Info                  CSI    000002f4 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:23, Info                  CSI    000002f6 [SR] Verify complete
2013-08-11 16:33:23, Info                  CSI    000002f7 [SR] Repairing 0 components
2013-08-11 16:33:23, Info                  CSI    000002f8 [SR] Beginning Verify and Repair transaction
2013-08-11 16:33:23, Info                  CSI    000002fa [SR] Repair complete
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users